AI
AgentFacts
Universal KYA Standard
Try Generator
EU Regulation 2024/1689

EU AI Act Compliance Technical Documentation Guide

The European Union's Artificial Intelligence Act establishes comprehensive requirements for AI system documentation and transparency. AgentFacts provides complete coverage through its universal metadata framework.

Overview

The EU AI Act (Regulation 2024/1689) requires AI system providers and deployers to maintain comprehensive metadata documentation across multiple dimensions: technical specifications, risk management, training data provenance, performance monitoring, and regulatory compliance.

AgentFacts was designed with regulatory compliance as a core requirement. The 10-category universal metadata framework provides 100% coverage of EU AI Act documentation obligations without requiring additional systems or schemas.

Key Insight

Every EU AI Act metadata requirement maps directly to existing AgentFacts categories. Organizations implementing AgentFacts for general purposes automatically establish the foundation for regulatory compliance.

Regulatory Framework

The EU AI Act employs a risk-based classification system determining applicable requirements:

Unacceptable Risk

Prohibited AI practices including certain forms of social scoring, subliminal manipulation, and real-time biometric identification in public spaces.

AgentFacts Mapping: Category 3 (Classification) with risk_category: "unacceptable"

High Risk

Systems in critical infrastructure, employment, education, law enforcement, migration management, and administration of justice requiring comprehensive documentation and conformity assessment.

AgentFacts Mapping: All 10 categories with enhanced compliance metadata

Limited Risk

Systems requiring transparency obligations including chatbots, emotion recognition, and AI-generated content.

AgentFacts Mapping: Category 6 (Compliance) transparency_obligations

General-Purpose AI (GPAI)

Foundation models with additional transparency requirements for training data, capabilities documentation, and systemic risk assessment for high-capability models.

AgentFacts Mapping: Category 2 (Baseline Model) + Category 8 (Supply Chain)

Documentation Requirements

The EU AI Act mandates 11 distinct categories of documentation and transparency metadata. The following table demonstrates complete mapping to AgentFacts categories:

EU AI Act Requirement AgentFacts Category Primary Fields
System Classification Category 3: Classification risk_category, deployment_scope
Technical Documentation Category 2: Baseline Model
Category 4: Capabilities		 architecture, performance_metrics, limitations
Logging & Traceability Category 5: Authentication & Permissions audit_trail, logging_events
Training Data Metadata Category 8: Supply Chain training_data_sources, data_provenance
User Transparency Category 6: Compliance transparency_obligations, user_disclosure
Risk Management Category 6: Compliance risk_management_file, mitigation_measures
Post-Market Monitoring Category 7: Performance real_world_perf, drift_detected
Incident Reporting Category 6: Compliance
Category 7: Performance		 incident_reports, severity
GPAI Transparency Category 2: Baseline Model
Category 8: Supply Chain		 training_data_summary, benchmark_results
Supply Chain Documentation Category 8: Supply Chain component_dependencies, sbom
Regulatory Actions Category 6: Compliance regulatory_actions, certificates

Implementation Timeline

The EU AI Act follows a phased implementation schedule:

August 1, 2024

Complete

Regulation enters into force

February 2, 2025

Phase 1

Prohibited practices and AI literacy requirements effective

August 2, 2025

Phase 2

GPAI provider obligations begin, including training data transparency and benchmark disclosure

August 2, 2026

Phase 3

High-risk system requirements fully applicable, including mandatory conformity assessment

August 2, 2027

Phase 4

High-risk AI systems in regulated products (Annex I) fully compliant

Complete Mapping

AgentFacts provides comprehensive coverage of all EU AI Act documentation requirements through its 10-category universal framework. No additional metadata systems or schemas are required.

100% Coverage Verification

Each of the 11 EU AI Act metadata requirements maps to one or more AgentFacts categories. Organizations implementing the standard AgentFacts schema automatically establish compliance infrastructure.

High-Risk Systems

High-risk AI systems require the most comprehensive documentation. AgentFacts Category 6 (Compliance & Regulatory) provides the primary structure for high-risk metadata:

JSON Schema Example 
{
  "category_6_compliance_regulatory": {
    "eu_ai_act": {
      "version": "2024/1689",
      "risk_classification": {
        "tier": "high-risk",
        "annex_reference": "Annex III, Section 5(b)",
        "classification_rationale": "Employment decision system",
        "classification_authority": "National Competent Authority"
      },
      "conformity_assessment": {
        "assessment_type": "third_party",
        "notified_body": {
          "name": "Certification Authority Name",
          "id": "NB-XXXX",
          "certificate_number": "EU-CERT-YYYY-ZZZZ"
        }
      },
      "risk_management_system": {
        "framework_version": "2.1",
        "identified_risks": [...],
        "mitigation_measures": [...],
        "residual_risk": "low"
      },
      "technical_documentation": {
        "document_version": "3.2",
        "sections": {
          "system_description": "URL",
          "architecture": "URL",
          "performance_metrics": "URL"
        }
      }
    }
  }
}

Required Documentation Elements

System Classification

Risk tier, annex reference, classification rationale

Conformity Assessment

Third-party validation, notified body certificates

Risk Management File

Identified hazards, mitigation measures, residual risk evaluation

Technical Documentation

Architecture, training methodology, performance benchmarks

Logging & Traceability

Tamper-resistant audit trails with 10-year retention

Post-Market Monitoring

Real-world performance tracking, drift detection

GPAI Providers

General-Purpose AI providers face additional transparency obligations effective August 2, 2025. AgentFacts addresses these requirements through Category 2 (Baseline Model) and Category 8 (Supply Chain):

Training Data Transparency

Article 53 requires GPAI providers to publish detailed information about training data, including copyright status. AgentFacts Category 8 provides comprehensive structure:

GPAI Training Data Schema 
{
  "category_8_supply_chain": {
    "training_data_metadata": [
      {
        "source_id": "dataset_001",
        "data_type": "text_corpus",
        "collection_method": "web_crawling",
        "data_sources": ["public_web", "licensed_content"],
        "license_info": "CC-BY-4.0, proprietary_licenses",
        "is_copyrighted": true,
        "copyright_disclosure": "Includes copyrighted material",
        "preprocessing_steps": "deduplication, filtering",
        "bias_mitigation": "demographic_balancing"
      }
    ],
    "training_data_summary": {
      "total_volume": "10TB",
      "primary_languages": ["en", "es", "fr", "de"],
      "temporal_coverage": "2015-2024",
      "quality_assessment": "automated_filtering"
    }
  },
  "category_2_baseline_model": {
    "benchmark_results": {
      "mmlu": 0.89,
      "hellaswag": 0.92,
      "truthfulqa": 0.87
    },
    "safety_evaluations": {
      "red_teaming": "completed",
      "adversarial_testing": "completed",
      "evaluation_date": "2024-11-15"
    }
  }
}

Systemic Risk Models

GPAI models with systemic risk (defined by computational threshold or significant impact) face heightened requirements:

Adversarial Testing

Mandatory red-teaming and robustness evaluation

Serious Incident Reporting

Mandatory reporting to EU AI Office within defined timeframes

Cybersecurity Standards

Enhanced security measures and model protection

Structured Risk Evaluation

Periodic assessment of systemic risks and capabilities

Limited-Risk Systems

Limited-risk systems primarily require transparency obligations—informing users they are interacting with AI and labeling AI-generated content. AgentFacts Category 6 addresses these requirements:

Limited-Risk Schema 
{
  "category_6_compliance_regulatory": {
    "eu_ai_act": {
      "risk_classification": {
        "tier": "limited-risk"
      },
      "transparency_obligations": {
        "user_disclosure": true,
        "disclosure_mechanism": "in_application_notice",
        "content_labeling": true,
        "labeling_format": "watermark_and_metadata"
      }
    }
  }
}

Schema Extensions

Organizations can extend the base AgentFacts schema with EU AI Act-specific fields while maintaining full compatibility with the universal standard. The recommended approach uses Category 6 extensions:

Extension Pattern

EU AI Act compliance metadata extends existing categories rather than creating parallel structures. This ensures that AgentFacts metadata remains universally compatible while accommodating jurisdiction-specific requirements.

Compliance Validation

AgentFacts provides validation tools to verify EU AI Act compliance status. The validation framework checks for required fields, appropriate documentation, and conformity with risk tier obligations.

Validation Workflow

1
Schema Validation

Verify AgentFacts metadata conforms to universal schema

2
Risk Tier Assessment

Determine applicable EU AI Act risk category

3
Required Fields Check

Validate presence of mandatory documentation elements

4
Documentation Review

Assess completeness and quality of technical documentation

5
Compliance Report

Generate detailed compliance status and gap analysis

Tools & Resources

AgentFacts Generator

Create EU AI Act-compliant metadata through guided workflow

Open Generator →

Compliance Validator

Validate existing AgentFacts metadata against EU AI Act requirements

Validate Metadata →

Schema Templates

Pre-configured templates for high-risk, GPAI, and limited-risk systems

View on GitHub →

Technical Specification

Complete AgentFacts specification with EU AI Act extensions

Read ArXiv Paper →

Expert Implementation Services

Jared James Grogan, creator of the AgentFacts standard, provides specialized consulting for EU AI Act compliance implementation, conformity assessment preparation, and regulatory documentation.

• EU AI Act compliance roadmap development

• High-risk system conformity assessment preparation

• GPAI training data transparency automation

• Notified body coordination and liaison

• Multi-jurisdiction compliance strategy

Contact: jared.grogan@post.harvard.edu

Additional Resources

EU AI Act Official Text

Regulation (EU) 2024/1689 – Official Journal of the European Union

View Regulation →

AgentFacts Research Paper

Complete technical specification published in ArXiv cs.MA

Read Paper →

GitHub Repository

Open-source implementation, tools, and examples

View Repository →

Apache 2.0 Licensed | Open Standard Infrastructure

Copyright 2022-2025 Jared James Grogan