NEW RESEARCH: Your Sandbox Is Made of Glass

Read

Trinitite

PricingResearchBlogPodcasts

EU AI Act Compliance

EU AI Act compliance, backed by signed evidence.

“We comply with the EU AI Act” isn’t an answer. “Here’s an Annex IV packet for this model, citing the signed model card, AIBOM, and replayable logs” is. Trinitite turns each obligation into a generated, verifiable artifact.

annex_iv_packet

CITES CHAIN

model_card

signed ✓

aibom / sbom

attached ✓

data_provenance

chained ✓

art.12_logs

replayable ✓

anchor

RFC 3161 + Rekor

generated in 2–5s

Article by article

What the Act asks. What Trinitite produces.

Each high-risk obligation maps to a platform capability that emits signed, verifiable evidence — not a prose assertion.

Article 12 — Record-keeping

Maintain logs that allow tracing the system’s functioning over its lifetime.

A unified Merkle ledger where every governed decision is replayable, and a DLIR receipt signs each call — logs you can reproduce, not just read.

Article 13 — Transparency

Provide the main choices regarding design and development, in an Annex IV technical file.

A generated Annex IV packet that cites the signed model card, the SBOM/AIBOM, training-data provenance, and the policy chain — built for any model, at any point in time.

Article 14 — Human oversight

Enable effective oversight by natural persons while the system is in use.

A HITL approval workflow and governance controls, with NHI federation binding each autonomous agent to an assigned Guardian and a human principal.

Articles 9–17 — Risk & bias

Risk management, data governance, and a bias/discrimination assessment.

A fairness service with zero-knowledge fairness claims — privacy-preserving disclosure to regulators without exposing protected-attribute distributions.

On day one

A coverage heatmap you can show the board the same week.

Point the platform at your telemetry and you get a live coverage heatmap — green / yellow / red per framework — per-control evidence mapping, one-click regulatory packets built in 2–5 seconds, and machine-readable OSCAL exports that drop straight into Drata, Vanta, Secureframe, AuditBoard, or ServiceNow GRC. The EU AI Act sits alongside ISO/IEC 42001, ISO/IEC 42005, and NIST AI RMF in the same crosswalk.

The same evidence base answers your financial regulators: see SR 11-7 model risk management, compliance & attestation, and the deterministic replay proof behind every record.

Not legal advice

This page describes Trinitite platform capabilities that support an EU AI Act compliance program. Article references are illustrative. Whether a system is “high-risk,” and how each obligation applies, is a legal determination for your counsel. Confirm all regulatory interpretations with qualified legal advisors before relying on them.

FAQ

EU AI Act compliance, answered

What does the EU AI Act require for high-risk AI systems?

For high-risk systems the EU AI Act sets obligations including a risk management system (Art. 9), data governance (Art. 10), technical documentation in the form of an Annex IV file (Art. 11/13), automatic record-keeping/logs (Art. 12), transparency to deployers (Art. 13), and human oversight (Art. 14). Trinitite maps platform capabilities to each of these and produces the underlying signed evidence. This is a capability description, not legal advice — confirm applicability with counsel.

What is an EU AI Act Annex IV packet and can Trinitite generate one?

Annex IV is the technical documentation a provider of a high-risk AI system must maintain. Trinitite generates an Annex IV packet on demand that cites the underlying receipt chain — the signed model card, SBOM/AIBOM, training-data provenance, and policy chain — so the documentation points back to verifiable evidence rather than prose.

How does Trinitite satisfy the Article 12 logging requirement?

Every governed decision is written to a unified, hash-chained Merkle ledger and signed with a DLIR receipt, and any decision can be re-run to reproduce the exact bytes via deterministic replay — so the logs that trace the system’s functioning are reproducible and tamper-evident, not just retained.

Does this replace legal counsel on the EU AI Act?

No. Trinitite provides the technical evidence and documentation surfaces that support an EU AI Act compliance program. Whether a given system is high-risk, and how each obligation applies to it, is a legal determination for your counsel.

See a real Annex IV packet, citing the chain.

Bring one high-risk model. We’ll generate the Annex IV technical file, show the replayable Article 12 logs underneath it, and let your auditor verify the chain in a browser.

Trinitite

AI governance that catches mistakes, proves compliance, and shows the board what it saved—in dollars.

Trinitite is built by Fiscus Flows, Inc.

Product

Guardian AIVector IntegrityTrustworthy KnowledgeReversible MaskingMCP GovernanceCLI FirewallSkill Vault
NHI ManagementSelf-Improving GovernanceRisk AnalyticsScenario AnalyticsComplianceConnectorsPricing

Solutions

For Risk & ComplianceFor Model Risk (SR 11-7)For General CounselFor EngineeringFor Finance & AuditFor CISOsFor InsurersFor AuditorsFor CPOs & Compliance

Resources

ResearchWebinars & VideosBlogPodcastsAGRC FrameworkFAQArchitecture

Developers

Documentation

Legal

SupportSecurityPrivacy PolicyTerms of Use

Connect

LinkedInYouTubeGitHubHugging FaceX

© 2026 Fiscus Flows, Inc. · All rights reserved

Accessibility

The Guardian Standard™