Compliance

Getting EU AI Act-ready for autonomous agents

The EU AI Act's obligations for high-risk systems — human oversight, logging and traceability, access control — map cleanly onto runtime controls. Here is how to turn each obligation into an enforced, recorded gate.

The Cortex AI OS Team · March 18, 2026 · 8 min read

Autonomous agents are exactly the kind of system the EU AI Act was written to govern: software that makes or materially shapes decisions, often in high-risk domains, with limited human visibility into how it reached an outcome. The obligations are not abstract. For high-risk systems the Act asks for human oversight, for logging and traceability of operation, for access control, and for post-market monitoring. The good news is that each obligation reduces to a runtime control you can enforce and a record you can export.

A note on honesty before anything else: no software vendor can hand you a certification. Cortex is built for and aligned with the Act's obligations — it enforces the controls and generates the evidence — but the regulatory responsibility remains yours. Anything that claims otherwise should make you nervous.

Obligation to control, one mapping at a time

The trick to operational readiness is to stop treating the regulation as prose and start treating each obligation as a gate. Here is how the core high-risk obligations line up with the Cortex runtime:

  • Human oversight of high-risk decisions -> Oversight modes plus the approval gate. A high-risk action pends for a named approver instead of auto-executing; the decision and the approver are recorded.
  • Logging and traceability of operation -> the tamper-evident Trust Ledger. Every run and decision is hash-chained, and verifyChain proves the log was never altered.
  • Access limited to authorized roles -> Agent IAM plus ontology permissions. A restricted read returns 403; an expired identity cannot even mint a token.
  • Resource and spend limits -> cost governance hard caps. An over-budget run returns 402 rather than running unbounded.
  • Decisions grounded in real sources -> datapoint provenance. Every surfaced fact links back through a lineage chain to its source document, page, and bounding box.

Human oversight you can prove

"Human oversight" is the obligation teams most often hand-wave. The Act does not ask whether a human could in principle intervene; it asks whether oversight is real and effective. Cortex makes it concrete with a spectrum of oversight modes — from suggest_only, where the agent may only propose and every action pends, to autonomous, where only the action's own risk floor pends. The crucial property is that the action's high-risk floor is a floor: oversight can tighten it but never loosen it, so the riskiest decisions always keep a human in the loop.

When a person does intervene — including an emergency break-glass override — the decision carries a mandatory, audited reason and emits an event into the ledger. Oversight that leaves no trace is not oversight; oversight that proves itself is.

Traceability that survives an examiner

Logging is only as good as its integrity. A log that can be quietly edited is worse than no log, because it creates false confidence. Cortex seals every audit event into a hash-chained ledger and can verify integrity over any range — returning the exact sequence number where a chain was broken if anyone tampered with it:

http
GET /v1/audit/verify?fromSeq=1&toSeq=20000
  -> { "ok": true, "brokenAtSeq": null,
       "head": { "seq": 20000, "hash": "..." } }

# tamper with any record and the same call
# returns ok:false with the broken sequence number.

Map, enforce, prove

Getting ready is a three-step loop, not a one-time project. Map each obligation to the runtime gate that enforces it. Enforce it on every run, so a denied control returns a real code instead of a silent pass. Then prove it by exporting a Compliance Pack — the obligation-to-control mapping table plus the sealed ledger records that show each control fired, verifiable offline.

Done this way, the Act stops being a compliance burden bolted on at the end and becomes a description of how your runtime already behaves. The evidence is generated as a by-product of governed operation — never assembled by hand the week before an audit.

See the runtime behind the post.

Everything described here is enforced on the execution path and recorded in a tamper-evident ledger. Book a walkthrough and challenge it yourself.