EU AI Act: From Obligations to Operating Evidence
The EU AI Act sets binding obligations on high-risk AI - human oversight, record-keeping, risk management. Fintra supplies the operating layer that makes those obligations demonstrable.
What the EU AI Act is
The EU AI Act is the first comprehensive law regulating AI. It classifies systems by risk - unacceptable (prohibited), high-risk (heavily regulated), limited-risk (transparency duties), and minimal-risk. High-risk systems carry obligations including a risk-management system, data governance, technical documentation, record-keeping (logging), human oversight, and post-market monitoring. Obligations phase in over time, and penalties are significant.
The risk tiers
| Tier | Examples | Obligation level |
|---|---|---|
| Unacceptable | Social scoring, manipulative systems | Prohibited |
| High-risk | AI in hiring, credit, medical, critical infrastructure | Full obligations |
| Limited-risk | Chatbots, generative content | Transparency duties |
| Minimal-risk | Spam filters, most software | No specific obligations |
High-risk obligations and how Fintra supports them
| Obligation | What it requires | SentriAI support |
|---|---|---|
| Risk management system | Ongoing AI risk process | Risk register + trust scoring |
| Record-keeping / logging | Automatic event logs | Tamper-evident decision ledger |
| Human oversight | People can intervene | Require-approval and escalate decisions |
| Technical documentation | Documented system & controls | Policy + control documentation |
How Fintra helps you prepare
- Inventory AI systems and classify by likely risk tier as a starting point
- Provide the record-keeping the Act mandates via a verifiable decision ledger
- Implement human oversight through require-approval gates on consequential actions
- Reuse your ISO 42001 / NIST AI RMF work as the governance backbone
Frequently asked questions
Can Fintra make us EU AI Act compliant?
No single tool makes you compliant - the Act involves legal classification, conformity assessment, and in some cases external bodies. Fintra supports the operating obligations most teams struggle with: record-keeping, human oversight, and AI risk management, with evidence. Legal determinations remain with your counsel.
How does the record-keeping obligation map to Fintra?
The Act requires high-risk systems to automatically log events over their lifetime. Fintra’s tamper-evident decision ledger records every governed AI action with actor, policy, and reason - the kind of durable, verifiable log the record-keeping obligation contemplates.
Is this framework seeded?
No - the EU AI Act is a prepare-for framework in Fintra. We help you inventory systems, implement oversight and record-keeping, and evidence AI risk management; we do not seed a certifiable control set or perform conformity assessments.
Does Fintra replace my auditor or assessor?
No. Fintra is the control, policy, and evidence layer - it makes your program continuously audit-ready and cuts preparation from weeks to days. The audit, certification, or attestation itself is still performed by an independent, qualified auditor, assessor, or authorizing body.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Make high-risk AI demonstrable
Record-keeping, human oversight, and AI risk - backed by runtime evidence.
Talk to us