Compliance Frameworks

EU AI Act: From Obligations to Operating Evidence

The EU AI Act sets binding obligations on high-risk AI - human oversight, record-keeping, risk management. Fintra supplies the operating layer that makes those obligations demonstrable.

Talk to usFree to start - no card required.

What the EU AI Act is

The EU AI Act is the first comprehensive law regulating AI. It classifies systems by risk - unacceptable (prohibited), high-risk (heavily regulated), limited-risk (transparency duties), and minimal-risk. High-risk systems carry obligations including a risk-management system, data governance, technical documentation, record-keeping (logging), human oversight, and post-market monitoring. Obligations phase in over time, and penalties are significant.

The risk tiers

TierExamplesObligation level
UnacceptableSocial scoring, manipulative systemsProhibited
High-riskAI in hiring, credit, medical, critical infrastructureFull obligations
Limited-riskChatbots, generative contentTransparency duties
Minimal-riskSpam filters, most softwareNo specific obligations
EU AI Act risk classification

High-risk obligations and how Fintra supports them

ObligationWhat it requiresSentriAI support
Risk management systemOngoing AI risk processRisk register + trust scoring
Record-keeping / loggingAutomatic event logsTamper-evident decision ledger
Human oversightPeople can interveneRequire-approval and escalate decisions
Technical documentationDocumented system & controlsPolicy + control documentation
Selected high-risk obligations vs. SentriAI capability

How Fintra helps you prepare

  • Inventory AI systems and classify by likely risk tier as a starting point
  • Provide the record-keeping the Act mandates via a verifiable decision ledger
  • Implement human oversight through require-approval gates on consequential actions
  • Reuse your ISO 42001 / NIST AI RMF work as the governance backbone

Frequently asked questions

Can Fintra make us EU AI Act compliant?

No single tool makes you compliant - the Act involves legal classification, conformity assessment, and in some cases external bodies. Fintra supports the operating obligations most teams struggle with: record-keeping, human oversight, and AI risk management, with evidence. Legal determinations remain with your counsel.

How does the record-keeping obligation map to Fintra?

The Act requires high-risk systems to automatically log events over their lifetime. Fintra’s tamper-evident decision ledger records every governed AI action with actor, policy, and reason - the kind of durable, verifiable log the record-keeping obligation contemplates.

Is this framework seeded?

No - the EU AI Act is a prepare-for framework in Fintra. We help you inventory systems, implement oversight and record-keeping, and evidence AI risk management; we do not seed a certifiable control set or perform conformity assessments.

Does Fintra replace my auditor or assessor?

No. Fintra is the control, policy, and evidence layer - it makes your program continuously audit-ready and cuts preparation from weeks to days. The audit, certification, or attestation itself is still performed by an independent, qualified auditor, assessor, or authorizing body.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

Make high-risk AI demonstrable

Record-keeping, human oversight, and AI risk - backed by runtime evidence.

Talk to us