Autonomous agents are exactly the kind of system the EU AI Act was written to govern: software that makes or materially shapes decisions, often in high-risk domains, with limited human visibility into how it reached an outcome. The obligations are not abstract. For high-risk systems the Act asks for human oversight, for logging and traceability of operation, for access control, and for post-market monitoring. The good news is that each obligation reduces to a runtime control you can enforce and a record you can export.
A note on honesty before anything else: no software vendor can hand you a certification. Cortex is built for and aligned with the Act's obligations — it enforces the controls and generates the evidence — but the regulatory responsibility remains yours. Anything that claims otherwise should make you nervous.
Obligation to control, one mapping at a time
The trick to operational readiness is to stop treating the regulation as prose and start treating each obligation as a gate. Here is how the core high-risk obligations line up with the Cortex runtime:
- Human oversight of high-risk decisions -> Oversight modes plus the approval gate. A high-risk action pends for a named approver instead of auto-executing; the decision and the approver are recorded.
- Logging and traceability of operation -> the tamper-evident Trust Ledger. Every run and decision is hash-chained, and verifyChain proves the log was never altered.
- Access limited to authorized roles -> Agent IAM plus ontology permissions. A restricted read returns 403; an expired identity cannot even mint a token.
- Resource and spend limits -> cost governance hard caps. An over-budget run returns 402 rather than running unbounded.
- Decisions grounded in real sources -> datapoint provenance. Every surfaced fact links back through a lineage chain to its source document, page, and bounding box.
Human oversight you can prove
"Human oversight" is the obligation teams most often hand-wave. The Act does not ask whether a human could in principle intervene; it asks whether oversight is real and effective. Cortex makes it concrete with a spectrum of oversight modes — from suggest_only, where the agent may only propose and every action pends, to autonomous, where only the action's own risk floor pends. The crucial property is that the action's high-risk floor is a floor: oversight can tighten it but never loosen it, so the riskiest decisions always keep a human in the loop.
When a person does intervene — including an emergency break-glass override — the decision carries a mandatory, audited reason and emits an event into the ledger. Oversight that leaves no trace is not oversight; oversight that proves itself is.
Traceability that survives an examiner
Logging is only as good as its integrity. A log that can be quietly edited is worse than no log, because it creates false confidence. Cortex seals every audit event into a hash-chained ledger and can verify integrity over any range — returning the exact sequence number where a chain was broken if anyone tampered with it:
Map, enforce, prove
Getting ready is a three-step loop, not a one-time project. Map each obligation to the runtime gate that enforces it. Enforce it on every run, so a denied control returns a real code instead of a silent pass. Then prove it by exporting a Compliance Pack — the obligation-to-control mapping table plus the sealed ledger records that show each control fired, verifiable offline.
Done this way, the Act stops being a compliance burden bolted on at the end and becomes a description of how your runtime already behaves. The evidence is generated as a by-product of governed operation — never assembled by hand the week before an audit.