EU AI Act — capability crosswalk
If your AI program needs to evidence Article 12 record-keeping, Article 14 human oversight, or Article 72 incident reconstruction, here is how the obligation maps to the AGLedger record, the Signed Statement chain, and the audit-export surface.
The crosswalk below is a capability mapping, not a compliance certificate. AGLedger provides the evidence pattern; your program provides the policy, the methodology, and the decisions.
Last updated: 2026-05-26 · API v0.25.4
If your AI program needs to evidence Article 12 record-keeping, the crosswalk below applies. The same evidence pattern — signed records, hash-chained, append-only — also supports non-AI automated work under SOX, GLBA, HIPAA, and other control families that require tamper-evident audit trails for RPA, CI pipelines, and microservice handoffs. AGLedger is software you self-host; the regulations are AI-framed, the underlying evidence pattern is not.
Article-by-article mapping
| Article | Requires | AGLedger provides | Enterprise owns |
|---|---|---|---|
| Art. 9 | Risk classification | Field to record the classification (high, limited, minimal) and Annex III domain tag per record | The classification decision and methodology |
| Art. 12 | Event logging | Append-only audit vault — every state change, attestation, and tolerance check result recorded automatically | Determining which events are in scope |
| Art. 13 | Transparency | Full chain exportable and machine-readable (JSON, CSV, NDJSON) | Deciding what to disclose and to whom |
| Art. 14 | Human oversight | Structured record of the designated overseer — name, role, authority scope, designation date | Designating the overseer and defining their authority |
| Art. 15 | Accuracy and robustness | Tolerance bands enforce numeric bounds on record criteria | Defining the tolerance thresholds and acceptance criteria |
| Art. 17 | Quality management | Cross-record compliance attestation records, linked to audit chain | The quality management system and policies |
| Art. 18 | Technical documentation | Audit export formatted for regulatory submission and third-party audit | The documentation content and narrative |
| Art. 20 | Corrective actions | Dispute resolution (3-tier), remediation states, revision workflow | Deciding what corrective action to take |
| Art. 26 | Deployer obligations | 4 attestation record types: workplace notification, affected persons, input data quality, FRIA | Performing the attestation — we record it, you do it |
| Art. 27 | Fundamental rights impact assessment | Structured record per record with risk level, domain, mitigation measures | Conducting the assessment itself |
| Art. 49 | Registration | EU AI Act domain classification across 8 Annex III categories | The registration filing |
| Art. 72 | Incident reporting | The audit vault contains timestamped, hash-chained records of every agent action, record, completion, and verdict — export a complete incident reconstruction from a single signed source rather than correlating across multiple unsigned systems | Incident determination, authority notification, and the filing obligation |
These obligations exist because automated work needs structurally durable evidence. Whether or not your jurisdiction enforces them on schedule, the engineering requirement is real today. AGLedger provides the evidence pattern; your compliance program provides the policy and process around it.