EU AI Act Compliance
Generate Annex IV technical documentation from ShieldAgent's audit trail, risk scoring, and evidence records — no manual process.
Compliance deadline: 2 August 2026
The EU AI Act applies fully from August 2026. Fines reach €35M or 7% of global turnover. ShieldAgent generates the technical documentation evidence required by Annex IV from your live proxy data — no manual process.
Enterprise & high-risk AI teams
Impact assessment required before August 2026. Conformity assessment, Annex IV documentation, and a registered notified body may be mandatory. Start your gap analysis now — complex systems take 6–12 months to bring into compliance.
Smaller teams & limited-risk systems
Start now — months to compliance. Even limited-risk obligations (transparency, user notification) require a documented inventory of AI systems. The earlier you instrument, the richer your audit trail will be by August 2026.
Annex IV Coverage
ShieldAgent maps its runtime data to the 8 mandatory Annex IV documentation sections:
§1 — General description
Agent registry, MCP server inventory, system purpose fields
§2 — Design & development process
Policy change audit log, version history, developer annotations
§3 — Monitoring & oversight
Risk score timelines, alert history, human review records
§4 — Risk management system
Risk tiers, anomaly detection, enforcement thresholds
§5 — Data governance
Audit trail with Merkle integrity proofs, data retention config
§6 — Technical robustness
Injection detection scores, tool drift events, security scan results
§7 — Accuracy & metrics
Policy decision rates, false positive/negative tracking via shadow mode
§8 — Cybersecurity
Pentest checklist, CVE scan reports, incident log exports
Generate an Annex IV PDF Report
ShieldAgent can generate a ready-to-submit Annex IV PDF from your live data:
# Generate Annex IV report for a tenant
curl -X POST https://api.shieldagent.io/compliance/annex-iv/report \
-H 'Authorization: Bearer <admin-key>' \
-H 'Content-Type: application/json' \
-d '{
"tenantId": "<tenant-id>",
"periodStart": "2026-01-01T00:00:00Z",
"periodEnd": "2026-04-16T23:59:59Z",
"format": "pdf"
}' \
-o annex-iv-report.pdfThe PDF is generated from the immutable audit trail. Each section includes the evidence data, timestamps, and a Merkle integrity proof hash.
Compliance Checklist API
Query your current compliance posture at any time:
curl "https://api.shieldagent.io/compliance/checklist?tenantId=<tenant-id>" \
-H 'Authorization: Bearer <admin-key>'{
"overallScore": 0.87,
"passedChecks": 34,
"totalChecks": 39,
"sections": [
{
"id": "annex-iv-1",
"title": "General Description",
"status": "compliant",
"evidence": ["agent-registry", "system-purpose"]
},
{
"id": "annex-iv-4",
"title": "Risk Management System",
"status": "partial",
"gaps": ["enforcement-thresholds-not-set-for-3-agents"]
}
]
}Risk Classification
The EU AI Act requires classifying your AI system by risk level. ShieldAgent's built-in risk tiers map directly to the Act's risk categories:
| ShieldAgent Tier | EU AI Act Category | Documentation Required |
|---|---|---|
| low | Minimal risk | Basic inventory + opt-in code of conduct |
| medium | Limited risk | Transparency obligations + user notification |
| high | High risk | Full Annex IV + conformity assessment |
| critical | Unacceptable / High risk | Full Annex IV + mandatory human oversight + notified body |
10-Year Audit Retention
The EU AI Act requires documentation retained for at least 10 years. Configure retention policy:
Configure these settings in Settings → Audit → Retention in the dashboard.