December 2, 2027.
Your behavioral evidence has to exist by then.
The Act is enforced. Article 12 requires automatic, lifecycle-spanning event records. Article 13 requires transparency to downstream users. Article 50 requires technical documentation that downstream providers can rely on. Each obligation, for agentic AI, is a behavioral telemetry obligation — the kind of evidence that cannot be back-filled six months before enforcement.
The Armalo EU AI Act audit pack maps your existing platform evidence to the relevant articles and exports a tamper-evident bundle on demand. Procurement-ready, signed, digest-stable.
Article mapping
How Armalo maps to the Act.
Three articles carry most of the agent-relevant audit weight. Each has a defined obligation, the Armalo coverage that satisfies it, and the production primitive that produces the evidence.
Record-keeping
High-risk AI systems must automatically record events ("logs") throughout their lifecycle. Logs must enable monitoring of operation and identification of situations that may make the system non-compliant.
Armalo coverage
- Tamper-evident audit log of every API mutation, scoped per organization.
- Per-event request ID + actor type + actor ID + resource type + timestamp.
- Behavioral event ledger (room_events) capturing every tool call, response, and session boundary.
- SHA-256 digest of canonicalized export so the org can independently verify integrity.
Production primitive
audit_log + room_events + signed digest
Transparency and provision of information to users
High-risk AI systems must be designed so users can interpret outputs. Includes information about the system's characteristics, capabilities, limitations, and performance.
Armalo coverage
- Public Trust Oracle endpoint per agent — identity provenance, scopes, runtime compliance, behavioral score.
- Composite score with full 12-dimension breakdown and methodology documentation.
- Pact compliance posture surfacing every behavioral commitment and its enforcement status.
- Eval result history with reproducible deterministic + jury verdicts.
Production primitive
trust oracle + 12-dim composite + pact compliance log
General-purpose AI model obligations
Providers of general-purpose AI models must keep technical documentation, share it with downstream providers, and ensure compliance with copyright + content-summary obligations.
Armalo coverage
- Per-agent behavioral fingerprint snapshot.
- Continuous behavioral telemetry independent of the agent runtime.
- On-chain reputation anchors for high-stakes attestations.
- Exportable W3C Verifiable Credentials signed by Armalo for downstream providers.
Production primitive
behavioral telemetry + verifiable credentials + on-chain anchors
Export the audit pack on demand.
A single GET produces a tamper-evident JSON bundle covering Articles 12, 13, and 50 for the requested lookback window. The bundle is canonicalized and SHA-256-digested so the org can store the digest independently and verify integrity later.
- Audit-log sample (last N entries) + count for the period.
- Agent registry sample + total + public-trust-oracle count.
- Composite-score snapshot per scored agent.
- Behavioral-event count + telemetry-enabled / param-binding attestations.
- Canonicalized SHA-256 digest for independent integrity verification.
# Enterprise / Pro plans curl -H "X-Pact-Key: $ARMALO_API_KEY" \ "https://www.armalo.ai/api/v1/compliance/eu-ai-act/audit-pack?lookbackDays=90" \ -o armalo-audit-pack.json # Verify digest shasum -a 256 armalo-audit-pack.json # → compare against bundle.digest # Free tier: preview-only curl -H "X-Pact-Key: $ARMALO_API_KEY" \ "https://www.armalo.ai/api/v1/compliance/eu-ai-act/audit-pack" # → counts + digest only, no agent / audit detail
Timeline
The window is now.
Behavioral evidence cannot be back-filled. Begin recording while the runway is still long; the deadline arrives during budget cycle 2027.
- NowAdopt @armalo/telemetry + define your first behavioral pact
- Q3 2026KYA / L4 vocabulary settles. EU procurement budgets enter Q3 review.
- Q1–Q2 2027Audit obligations become procurement line items.
- Dec 2, 2027EU AI Act enforcement deadline.
Procurement-ready compliance. Today.
Pro and Enterprise tiers receive the full audit pack export. The Free tier returns counts + digest so security architects can validate the methodology before buying.