DocsLibrary
AI DEFENSE LIBRARY

🇪🇺 EU AI Act: What It Means for AI Systems and How to Prepare

The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive law on artificial intelligence, which entered into force on 1 August 2024. It introduces a risk-based approach: practices with unacceptable risk are prohibited, high-risk systems must meet strict requirements for risk management, data, logging, human oversight, and cybersecurity, and a separate regime is introduced for generative AI and general-purpose AI models (GPAI). This guide walks through the risk tiers, the application timeline, the penalties, and — most important for us — Article 15 (accuracy, robustness, cybersecurity) and Article 12 (logging), and shows what SYNTREX — the defense layer of the Spectorn platform — provides: attack detection, an immutable audit trail, and policy enforcement. At the same time we note the boundary honestly: compliance is an organizational task; SYNTREX closes its technical part.

Spectorn is a security and compliance-perimeter platform; SYNTREX is its AI-defense layer, deployed both inside Spectorn and standalone on internal perimeters. The EU AI Act imposes obligations; SYNTREX provides the technical controls and provability your compliance program relies on.

⚠️ Important on timelines (as of mid-2026): in May 2026 a preliminary political agreement was reached on the "Digital Omnibus on AI," postponing a number of deadlines (first and foremost, Annex III high-risk systems — from 2 August 2026 to 2 December 2027). At the time of writing, this agreement has not yet been published as law — until publication in the Official Journal, the original dates of Regulation 2024/1689 are legally in effect. Check against EUR-Lex.


The Risk-Based Approach: Four Tiers

The EU AI Act classifies AI systems by risk level and ties obligations to that level.

Unacceptable risk — prohibited practices (Article 5)

Applies from 2 February 2025. Fully prohibited, in particular:

  • Manipulative/subliminal techniques that distort behavior and cause significant harm;
  • Exploitation of vulnerabilities (age, disability, socio-economic situation);
  • Social scoring of citizens with disproportionate consequences;
  • Predicting the likelihood of crime based on profiling of an individual;
  • Untargeted scraping of faces for facial-recognition databases;
  • Emotion inference in the workplace and in education (except for medical/safety purposes);
  • Biometric categorization by sensitive attributes (race, political views, religion, sexual orientation);
  • Real-time remote biometric identification in public spaces for law enforcement (with narrow exceptions).

High risk (Annex III + Annex I)

Systems on the Annex III list (biometrics, critical infrastructure, education, employment, access to essential services and credit scoring, law enforcement, migration, justice) and systems embedded in regulated products (Annex I). The provider's key obligations (Articles 8–15):

  • Risk management system (Art. 9) — an iterative process across the whole lifecycle;
  • Data governance (Art. 10) — relevance, representativeness, bias control;
  • Technical documentation (Art. 11 + Annex IV);
  • Logging (Art. 12) — automatic recording of events throughout the entire service life;
  • Transparency for the deployer (Art. 13) — instructions, capabilities, limitations, metrics;
  • Human oversight (Art. 14) — the ability to monitor, intervene, stop;
  • Accuracy, robustness, and cybersecurity (Art. 15) — see the walkthrough below.

Limited risk — transparency obligations (Article 50)

Applies from 2 August 2026. Chatbots must disclose that the user is interacting with an AI; synthetic content (images, audio, video, text) must be machine-readably marked as AI-generated; deepfakes and AI text on matters of public interest must be disclosed by the deployer (watermark marking was postponed by the "Omnibus" to 2 December 2026).

Minimal risk

Everything else (spam filters, AI in games, warehouse management) — with no mandatory requirements; voluntary codes of conduct are encouraged.


General-Purpose AI Models (GPAI): Chapter V

Applies from 2 August 2025. The obligations of GPAI providers (Art. 53): technical documentation, information for downstream integrators, a copyright-compliance policy, a public summary of the training data. Open-source (FOSS) models are partially exempt — but not from the copyright policy and data summary, and not where systemic risk is present.

Systemic risk (Art. 51) is presumed when training compute exceeds 10²⁵ floating-point operations (FLOP). For such models, the following are added (Art. 55): model evaluation and documented adversarial testing, assessment and mitigation of EU-level systemic risks, reporting of serious incidents, and adequate cybersecurity of the model and infrastructure. GPAI enforcement is carried out by the European Commission itself; the penalty is up to €15 million or 3% of worldwide turnover (Art. 101).


Application Timeline

The original schedule of Regulation 2024/1689 (Article 113):

DateWhat takes effect
1 Aug 2024Entry into force
2 Feb 2025Prohibited practices (Art. 5) + AI-literacy obligations
2 Aug 2025GPAI rules (Chapter V) + governance structures + penalty provisions
2 Aug 2026Most Annex III high-risk systems + transparency (Art. 50)
2 Aug 2027High-risk systems embedded in products (Annex I)

The "Digital Omnibus on AI" (a preliminary agreement of May 2026, not yet law) postpones, in particular: standalone Annex III high-risk systems → 2 December 2027, those embedded in products under Annex I → 2 August 2028, synthetic-content marking → 2 December 2026. Until publication in the Official Journal, the original dates apply — track EUR-Lex.


Penalties (Article 99)

ViolationPenalty (the greater is taken)
Prohibited practices (Art. 5)up to €35 million or 7% of worldwide annual turnover
Other violations (high risk, transparency)up to €15 million or 3%
Incorrect/incomplete information to regulatorsup to €7.5 million or 1%

For GPAI models the European Commission applies a separate regime (Art. 101): up to €15 million or 3%. For SMEs the penalty is capped at the lower of the two amounts (the percentage or the absolute sum).


Extraterritoriality: It Affects Companies Outside the EU Too

The Regulation applies not only to providers and deployers in the EU. Under Article 2(1)(c), it extends to providers and deployers outside the EU if the output of their AI system is used in the Union. This is the key extraterritorial hook: a Russian, American, or any other company whose AI system produces a result that reaches users in the EU falls fully under the Regulation. Exempt: military/defense use, R&D prior to market placement, and partially open-source systems (except high-risk ones and those falling under Art. 5/50).


Article 15 and Article 12: The Direct Hook for AI Security

For a product in SYNTREX's class, two articles matter most — they are the ones that turn AI cybersecurity from "good practice" into a legal obligation.

Article 15 — accuracy, robustness, cybersecurity

High-risk systems must achieve an "appropriate level of accuracy, robustness, and cybersecurity" and maintain it across the whole lifecycle. The article explicitly names the classes of attack against which the provider is obligated to implement technical solutions:

  • Data poisoning (poisoning of training data);
  • Model poisoning (compromise of pre-trained components);
  • Adversarial examples (inputs that cause prediction errors — model evasion);
  • Confidentiality attacks;
  • Model flaws.

Each of these named attack types corresponds to a compliance obligation — and each is closed off by specific SYNTREX engines (see the map below).

Article 12 — logging (record-keeping)

High-risk systems must technically ensure the automatic recording of events (logs) throughout the entire service life, commensurate with the intended purpose. Logs must support risk identification, post-market monitoring, and operational control. For biometric-identification systems, minimum requirements are specified (periods of use, the reference database queried, the input data of matches, the identity of the operator who verified). Here SYNTREX's Decision Logger provides a ready-made immutable chain of decisions with SHA-256/HMAC hashes.


How SYNTREX Helps Meet the Technical Requirements

SYNTREX closes the technical part of the obligations of Article 15 and Article 12. A map of "EU AI Act requirement → SYNTREX engine/component":

EU AI Act requirementWhat SYNTREX providesEngines / components
Art. 15 — adversarial examples / model evasionDetection of injections, jailbreaks, bypassesinjection, jailbreak
Art. 15 — data/model poisoningDetection of dormant/trigger payloads at runtimedormant_payload
Art. 15 — confidentiality attacksMasking PII and secrets, exfiltration controlpii, secret_scanner, exfiltration
Art. 15 — robustness against agent abuseControl of tools and the "lethal trifecta"tool_abuse, cross_tool_guard, lethal_trifecta
Art. 12 — logging for the whole service lifeAn immutable chain of decisions (SHA-256/HMAC)Decision Logger
Art. 14 — supporting human oversightAlerts and escalation to the SOC for the operatorSOC Correlation Engine
Art. 50 — output transparencyScanning and sanitizing the model's outputoutput_scanner

syntrex.yaml configuration

A profile oriented toward the technical controls of Article 15 and the logging of Article 12:

YAML
# syntrex.yaml — profile for EU AI Act technical requirements (Art. 15 / Art. 12) version: "1.0" mode: ai_gateway engines: injection: # Art. 15: adversarial examples / model evasion action: block confidence_threshold: 0.7 jailbreak: # Art. 15: bypass of safety training action: block confidence_threshold: 0.85 dormant_payload: # Art. 15: data/model poisoning (trigger payloads) action: alert pii: # Art. 15: confidentiality attacks (PII) action: redact mask_character: "*" secret_scanner: always_on # Art. 15: secrets never leave the perimeter exfiltration: # Art. 15: confidentiality attacks (data exfiltration) action: block lethal_trifecta: # Art. 15: robustness of the agentic loop action: block tool_abuse: # Art. 15 action: block output_scanner: # Art. 50: output transparency/sanitization action: sanitize audit: decision_logger: true # Art. 12: automatic logging for the whole service life retention_policy: regulatory hash_chain: sha256_hmac

SOC correlation rule (supporting human oversight, Art. 14)

YAML
rules: - id: HIGHRISK_INCIDENT_ESCALATION name: "Escalate an incident to the operator (Art. 14)" description: "A critical detection on a high-risk system — immediate escalation to a human overseer" enabled: true conditions: - any: - category: injection min_confidence: 0.85 - category: lethal_trifecta min_confidence: 0.7 action: create_incident: true severity: CRITICAL notify: human_oversight metadata: eu_ai_act: ["Article 15", "Article 14", "Article 12"]

An honest boundary of responsibility. The EU AI Act is a law, and complying with it is an organizational and legal task: categorizing the system by risk level, conformity assessment, CE marking, appointing an authorized representative, the risk management system (Art. 9), data governance (Art. 10), human oversight (Art. 14). SYNTREX does not make you compliant and does not replace a legal assessment. It closes the technical part of Article 15 (detection of the named attack classes) and Article 12 (immutable logging), providing a provable audit trail your compliance program relies on. The conformity assessment, the documentation, and the management loop are provided by the organization.


Frequently Asked Questions (FAQ)

What is the EU AI Act in plain terms? It is the EU's first comprehensive law on artificial intelligence (Regulation 2024/1689), which entered into force on 1 August 2024. It divides AI systems by risk level: unacceptable practices are prohibited, high-risk ones must meet strict requirements (risk management, data, logging, oversight, cybersecurity), and a separate regime is introduced for generative AI and general-purpose models.

When do the EU AI Act requirements take effect? On the original schedule: prohibited practices — from 2 February 2025, GPAI rules — from 2 August 2025, most high-risk systems — from 2 August 2026. The "Digital Omnibus" (a preliminary agreement of May 2026) postpones Annex III high-risk systems to 2 December 2027 — but as of mid-2026 this is not yet published law, and the original dates are legally in effect.

Does the EU AI Act affect companies outside the EU? Yes. Under Article 2(1)(c), the Regulation applies to providers and deployers outside the EU if the output of their AI system is used in the Union. A company from Russia, the United States, or any other country whose AI results reach users in the EU falls under the Regulation and its penalties.

What are the penalties under the EU AI Act? Up to €35 million or 7% of worldwide annual turnover for prohibited practices (Art. 5); up to €15 million or 3% for other violations; up to €7.5 million or 1% for incorrect information to regulators. The greater of the amounts is taken. For GPAI the European Commission applies a regime of up to €15 million or 3%.

Does SYNTREX make my AI system compliant with the EU AI Act? No, and we note this boundary honestly. Compliance is an organizational and legal task (risk categorization, conformity assessment, CE marking, risk management, oversight). SYNTREX closes the technical part of Article 15 (detection of data/model poisoning, adversarial examples, confidentiality attacks) and Article 12 (immutable logging via the Decision Logger), providing a provable trail for your compliance program.

What exactly does Article 15 require on cybersecurity? High-risk systems must achieve an appropriate level of accuracy, robustness, and cybersecurity and implement technical solutions against explicitly named attacks: data poisoning, model poisoning, adversarial examples (model evasion), confidentiality attacks, and model flaws. This turns AI defense from a recommendation into an obligation — and each attack class is closed off by the corresponding SYNTREX engine.

How does the EU AI Act relate to NIST AI RMF? The EU AI Act imposes obligations (a law with extraterritorial reach), while the NIST AI RMF is a voluntary management framework. Organizations often use the AI RMF functions (especially MAP and GOVERN) as an operating model on top of which they prepare for the mandatory requirements of the EU AI Act. The certifiable bridge between them is ISO/IEC 42001.


Sources


Related guides: NIST AI RMF · MITRE ATLAS · OWASP Top 10 for LLMs · Government and CII · Industry Scenarios

EU AI Act: What It Means for AI Systems and How to Prepare | Spectorn | Spectorn