Statutory deadline · 2 August 2026 · most EU AI Act Chapter III high-risk obligations apply

EU AI Act · Regulation 2024/1689

The evidence layer beneath conformity assessment.

The European Union has set the statutory date. On 2 August 2026, the bulk of Chapter III high-risk obligations apply. The notified body process for Article 43 conformity assessment is set. The Article 47 Declaration of Conformity is set. The Article 49 EU database registration is set.

What is not set is whether you can produce, on the day a regulator asks, signed evidence that your obligations under Articles 11, 12, 14, 15, 17, 72, 73 have been continuously met. ALEETH is the platform that produces that evidence. Continuously. Cryptographically. Offline-verifiable. Pre-built across all 26 modules of the EU AI Act.

Run Annex III Screener
EU AI Act
02
August 2026
Chapter III high-risk obligations apply. Article 99 fines tier in. Notified body assessments required.

Where ALEETH is the shield

Ten EU AI Act obligations, pre-built.

ALEETH produces the evidence the EU AI Act requires before, during, and after a notified body engagement. The Sentinel Pack covers all 26 modules of Regulation 2024/1689. The L7 receipt chain produces logs stronger than Article 12 requires. The Article 96 signed bundle is offline-verifiable by any regulator, any notified body, any deployer.

What ALEETH delivers
Continuous, signed, regulator-grade evidence
  • Article 11 · Annex IV Technical documentation structure as Sentinel Pack manifests, kept current by continuous monitoring
  • Article 12 Automated logging across lifecycle · L7 Ed25519 receipts, parent-hash chained, Bitcoin-anchored every 6 hours
  • Article 14 Human oversight enforced in software · drafter ≠ signer, rater ≠ reviewer, 24-hour cooling-off hardcoded
  • Article 15 Accuracy, robustness, cybersecurity · Red-Team Probe Engine runs versioned adversarial probes continuously
  • Article 17 Quality Management System · the continuous compliance loop IS the QMS, contradictions force remediation
  • Article 18 10-year retention · append-only DB triggers + L5 chain, immutable beyond statutory minimum
  • Article 72 Post-market monitoring · CCM scheduler running multiple times daily, drift detection wired to contradiction engine
  • Article 73 Serious incident reporting · incident timeline + 15-day / 2-day timer surfaces, L7 receipts on every transition
  • Article 96 Evidence bundle · Ed25519-signed ZIP, manifest + per-file hashes, offline-verifiable with openssl
  • Article 99 §5 Misleading-info penalty mitigation · 10-Phase Wizard sign-off captured, Adversarial Verification catches contradictions early
What ALEETH does not replace
Counsel, notified bodies, Commission filings
  • Article 43 Notified body conformity assessment for high-risk systems · only an EU-designated notified body can certify; ALEETH produces the evidence that makes the assessment fast and cheap
  • Article 47 EU Declaration of Conformity signing · provider's legal act; ALEETH pre-fills the document
  • Article 49 EU database registration · provider transacts with the Commission directly
  • Article 22 Authorized representative for non-EU providers · a legal mandate with an EU-established firm
  • Article 5, 27 Legal interpretation of prohibited practices, fundamental rights impact assessment · qualified counsel territory
  • Liability No software guarantees regulatory compliance · ALEETH reduces exposure by producing defensible evidence of continuous good-faith oversight

Annex III Quick Screen

Is your AI in scope of high-risk obligations?

Annex III enumerates eight categories of AI that the EU classifies as high-risk. If your AI falls into any of them, the full Chapter III stack applies on the statutory date. Tap every category that describes any of your AI systems. The screener returns an immediate posture indication. No data leaves the browser.

Annex III · 1
Biometrics
Remote biometric identification, biometric categorization, emotion recognition
Annex III · 2
Critical Infrastructure
Safety components in road traffic, water, gas, heating, electricity, digital infrastructure
Annex III · 3
Education and Vocational Training
Admission, assessment of learning outcomes, evaluation of cheating, education-track allocation
Annex III · 4
Employment and Worker Management
Recruitment, screening, promotion, termination decisions, task allocation, monitoring
Annex III · 5
Access to Essential Services
Public benefits eligibility, credit scoring, life or health insurance pricing, emergency dispatch
Annex III · 6
Law Enforcement
Risk assessment, polygraph, evidence reliability, profiling, crime analytics (where permitted)
Annex III · 7
Migration, Asylum, Border
Polygraph, risk assessment, application processing, border control authentication
Annex III · 8
Justice and Democratic Processes
Assistance to judicial authorities, influencing election outcomes, voter behavior
Posture

Article 96 · Evidence Bundle

One signed ZIP. Nine files. Verifiable offline.

The Article 96 conformity-assessment evidence bundle is the artifact a notified body, a market surveillance authority, or an enterprise customer's procurement team accepts as evidence of substantive compliance. ALEETH generates the bundle on demand. The bundle validates with openssl and unzip · no further contact with ALEETH required.

File
Size
Purpose
manifest.json
≈ 2 KB
Bundle format version, cert id, generated_at, files[] with sha256 per file
signature.json
≈ 1 KB
Ed25519 signature over manifest.json payload, algorithm + signature_base64 + signed_at
conformity-assessment.md
≈ 3 KB
Human-readable EU AI Act Article 96 report, seven required sections, regulator-facing prose
conformity-assessment.json
≈ 1 KB
Machine-readable equivalent, cert + bindings + contradictions + L5 anchor
l5-chain-anchor.json
< 1 KB
Snapshot of L5 seal_seq + seal_hash at bundle generation, Bitcoin-anchored via OpenTimestamps
contradiction-history.json
< 1 KB
Adversarial verification history · checks run, passed, resolved, open during window
post-market-monitoring.json
≈ 1 KB
Article 72 telemetry, system events, reconcile cadence, drift signals
pack-bindings.json
< 1 KB
Regulatory frameworks bound at issuance: EU AI Act, NIST AI RMF, ISO 42001
attestation-evidence.json
< 1 KB
Customer self-attestations against pack controls, claim → evidence → KPI value

Trust Architecture

Four independent verification sources.

Every ALEETH certification binds against four cryptographically distinct evidence classes. A source going dark immediately deducts twenty-five points from the verification depth score and surfaces a Doctrine action. No single compromise produces a clean cert. This is what regulator-grade looks like in software.

Source 1 · +25 pts
Customer Attestation
What you declare in your inventory. KPI evidence rows on file, signed by your compliance officer, hashed and chained.
Source 2 · +25 pts
Customer Telemetry
What your systems actually produce. Agent step rows from the last 30 days, streaming via TESSERA or direct ingest.
Source 3 · +25 pts
Provider Admin Truth
What the AI provider's own admin API says about your org. The unfakeable layer. Vault-encrypted read-only credential.
Source 4 · +25 pts
Discovered Surface
What sensors observe independently. Browser MV3 + in-VPC reverse proxy. Catches AI you did not declare.

Readiness Engagement

The statutory date is set.
Your evidence layer should be too.

ALEETH onboards EU-market-exposed providers and deployers into the full ICA platform · pack binding, ten-phase wizard run, customer attestation, sensor enrollment, signed Article 96 bundle generation. The output is a documentary posture you can put in front of a notified body, an enterprise customer's procurement team, or a regulator.

Run Annex III Screener First