comply.businys.dev
EU AI ActDeadline: August 2, 2026

EU AI Act compliance for your agentic AI deployment.

Technical infrastructure ready before August 2, 2026. Audit logging, Agent Lineage, human oversight hooks, and data residency — extracted from a production MCP deployment and packaged as a single open-source library.

Read the Agentic Gap Guide →Article Mapping
The EU AI Act has 113 articles.
None of them mention AI agents.

The Act was drafted before agentic AI systems existed at scale. There is no definition of an AI agent. No provision for multi-agent chains. No guidance on dynamic tool discovery at runtime. The compliance gap is growing as deployments accelerate — and the August 2, 2026 deadline is fixed.

Technical coverage

Every obligation. One library.

Each EU AI Act obligation for AI systems has a technical implementation requirement. @businys/ops addresses each one.

Art. 13audit-log
Transparency & Audit Logging
Immutable per-call audit log with tool name, agent identity, inputs, outputs, duration, and error status. Exportable as JSON or PDF.
Art. 14confirmation
Human Oversight
Human override hooks satisfying Art. 14(3)(d–e). Interrupt any agent action before execution. Log every override event with reason and operator identity.
Art. 12lineage
Record-Keeping
Automatic retention of all tool call records with configurable retention periods. Cryptographically hashed lineage chains prevent retroactive alteration.
Art. 9reputation
Risk Management
Reputation scoring, loop detection, and burst protection. Automatic throttling and blocking of anomalous agent behaviour with full audit trail.
Art. 10data-residency
Data Governance
Data residency routing to ca-central-1, us-east-1, or eu-west-1. No PII in tool call records by default. Configurable field redaction.
Art. 16–17compliance-export
Provider Obligations & QMS
Structured compliance export packages for Article 13 documentation. Co-brandable reports for compliance consultants and legal teams.
View full article-by-article mapping →
Not legal advice
This is technical implementation guidance. Every compliance deployment requires review by qualified legal counsel. We tell you what to build — your legal team confirms it satisfies your obligations.
🔒
The defensible position
The EU AI Act provides no agentic systems guidance. The defensible position before guidance arrives: full observability, human override capability, immutable audit records, and documented risk controls.
📅
August 2, 2026
High-risk AI system obligations under Chapter III apply from August 2, 2026. Fines up to 3% of global annual turnover. The infrastructure takes hours to deploy — the audit record takes months to build.

🍁 Data residency

Canadian infrastructure. EU-adequate by default.

The EU AI Act's Article 10 requires AI providers to implement governance measures over the data used by their systems. If you serve EU users, that data governance story includes where your audit records, lineage chains, and compliance exports are stored.

Businys Dev runs on Canadian infrastructure — Supabase ca-west-1 (Calgary) and Vercel yul1 (Montréal). Canada holds an EU adequacy decision in force since 2002 — meaning personal data flows from the EU to Canadian servers without Standard Contractual Clauses or supplementary measures. That's one fewer compliance problem when you're already navigating the Act.

🇪🇺
GDPR adequacy
The European Commission formally recognises Canadian privacy protections as equivalent to GDPR. No SCCs required for EU → Canada data flows.
🇨🇦
PIPEDA
Canada's federal privacy law governs all data stored on Businys Dev. No cross-border US transfer — no CLOUD Act exposure.
EU AI Act Art. 10
Data governance obligations are easier to satisfy when your compliance data lives in an EU-adequate jurisdiction. Your regulator can follow the data.
🔒
No US exposure
Unlike US-hosted tooling, Businys Dev data is not subject to compelled disclosure under the US CLOUD Act.

Start with the Agentic Gap Guide

The document no compliance consultant has yet. The EU AI Act's agentic gap explained — and the technically defensible compliance position for MCP-based deployments.

Read the guide — freeCompliance onboarding