EU AI Act
Risk-based regulation of AI systems in the European Union — how Scrydon supports providers and deployers in meeting their obligations.
The EU Artificial Intelligence Act (Regulation 2024/1689) is the first comprehensive regulatory framework for AI in the European Union. It categorises AI systems by risk and imposes obligations on providers and deployers.
This page maps Scrydon's controls to the obligations most enterprise deployers face.
The EU AI Act is a legal framework. Conformance is a legal determination, not a technical one. Scrydon provides the platform-level controls and artefacts; your legal team makes the conformance determination.
Risk categories
| Category | Definition (summary) | Scrydon implication |
|---|---|---|
| Unacceptable risk (Art. 5) | Banned uses — social scoring, real-time biometric identification in public spaces, manipulative AI. | Out of scope; Scrydon does not provide these. |
| High risk (Art. 6 + Annex III) | AI in critical sectors — recruitment, credit, law enforcement, critical infrastructure. | Most controls on this page apply. |
| Limited risk (Art. 50) | AI requiring transparency obligations — chatbots, deepfakes, emotion recognition. | Transparency controls below. |
| Minimal risk | Spam filters, recommendation systems. | Voluntary best practices only. |
High-risk system obligations
For high-risk systems, the AI Act imposes a series of obligations. Scrydon's contributions:
Article 9 — Risk management system
| Requirement | Scrydon support |
|---|---|
| Identification + analysis of risks | Risk assessment template |
| Estimation + evaluation of risks | Workflow-level risk scoring |
| Adoption of risk-management measures | Policies, guardrails, evaluator gates |
Article 10 — Data and data governance
| Requirement | Scrydon support |
|---|---|
| Training, validation, testing data quality | Managed-table classifications + profiles. See Schema inference. |
| Bias mitigation | Bias-fairness evaluation. See AI governance. |
| Personal data minimisation | Column masking, row filters. See Classification & masking. |
Article 11 — Technical documentation
The platform generates Annex IV-style technical documentation per workflow:
- Intended purpose, system overview, deployment context.
- Component architecture, integration registry, data sources.
- Validation outcomes, mitigation measures.
- Logging configuration, monitoring posture.
Article 12 — Record-keeping
| Requirement | Scrydon support |
|---|---|
| Automatic logging | Audit log — every privileged operation. |
| Workflow run logs | Execution logs persisted per run. |
| Retention | Configurable; default 365 days; extendable for AI Act traceability needs. |
Article 13 — Transparency
| Requirement | Scrydon support |
|---|---|
| Instructions for use | This documentation site. |
| Information to deployers | Per-workflow metadata cards. |
| User-facing transparency notice (Art. 50) | Configurable disclosure banner on chat surfaces. |
Article 14 — Human oversight
| Requirement | Scrydon support |
|---|---|
| Oversight design | Approval gates in workflows, copilot confirmation defaults. |
| Stop / override | Workflow run cancellation; permission to revoke automation enable. |
| Outcomes interpretation | Per-result provenance from the ontology layer. See Bindings. |
Article 15 — Accuracy, robustness, cybersecurity
| Requirement | Scrydon support |
|---|---|
| Accuracy levels | Evaluator-block-based pre-deployment validation. |
| Robustness | Retry semantics, fallback paths, error-handling branches in workflows. |
| Cybersecurity | The entire Security section. |
General-purpose AI obligations
If your deployment uses a foundation model from a GPAI provider (OpenAI, Anthropic, Mistral, …), the GPAI provider has obligations under Article 53. Your platform is downstream, not the provider — but you may need to satisfy yourself that the GPAI provider has met theirs. Scrydon's integration registry surfaces provider-issued documentation links.
Article 50 transparency obligations
For chat and voice systems, Scrydon supports configurable disclosure that the user is interacting with an AI. The disclosure can be:
- A banner on the chat surface.
- A system-level message in the first agent response.
- A voice prompt at session start.
Related
- AI governance — lifecycle artefacts the AI Act expects.
- ISO 42001 — significant overlap on management-system requirements.
- GDPR — applies in parallel to the AI Act for personal-data systems.