Compliance positioning · EU AI Act
Does Runtime Governance make me EU AI Act compliant?
No.Runtime Governance is not a legal certification, and the EU AI Act does not certify a company, website, or tool as “compliant.” What Runtime Governance does provide is a set of technical controls, enforcement mechanisms, and audit evidence that help organisations meet key obligations for agentic AI systems.
Built for AI deployers, not just AI providers. Most AI-Act tooling targets provider obligations; Runtime Governance also provides the enforcement and evidence controls that support deployer obligations (Article 26) — where most enterprises actually sit.
Primary alignment
- Article 9Risk Management
- Article 12Record-Keeping, Logging & Traceability
- Article 14Human Oversight
- Article 15Accuracy, Robustness & Cybersecurity
Strong additional alignment
- Article 26Deployer Obligations
- Article 19Automatically Generated Logs
How Runtime Governance supports Article 26 (Deployer Obligations)
Article 26 places operational duties on the organisations that deploy high-risk AI systems — human oversight, monitoring, acting on risk, and keeping logs. Runtime Governance provides enforcement and evidence controls that support those duties:
Supporting alignment
- Article 72Post-Market Monitoring
- Article 13Transparency
- Article 21Cooperation with Authorities
- Article 17Quality Management (support)
Runtime Governance provides
- Pre-execution risk controls
- Deterministic ALLOW / BLOCK enforcement
- Replayable audit trails
- Trajectory-level traceability
- Human-review visibility
- Verifiable governance evidence
What it does not provide
- Legal classification of your AI system
- Conformity assessments
- Quality management systems (QMS)
- Regulatory registration
- Legal advice
“Runtime Governance provides the enforcement and audit-trail controls that help organisations demonstrate compliance with EU AI Act Articles 9, 12, 14 and 15 for agentic AI systems — with replayable evidence for every governed decision.”
Compliance is ultimately a legal determination based on a specific AI system and deployment context. Runtime Governance acts as a technical control and evidence layer within a broader compliance programme.
At a glance
| Capability | Runtime Governance |
|---|---|
| Pre-execution controls | ✓ |
| Audit evidence | ✓ |
| Traceability | ✓ |
| Human oversight support | ✓ |
| Risk management support | ✓ |
| Legal certification | ✗ |
| Conformity assessment | ✗ |
| Legal advice | ✗ |
Related Governance & Risk Framework Alignment
Runtime Governance provides enforcement, evidence, traceability and audit-trail controls that may support organisations operating under broader governance, risk and compliance frameworks. Runtime Governance is not a certification and does not claim compliance with any of these frameworks.
Governance & compliance frameworks
For risk, audit & compliance teams
Strong alignment
Supporting alignment
Threat & security frameworks
For security & AI red-team teams
Supporting alignment
Not claimed
- Certification or conformity assessment under any framework (e.g. ISO 42001 / ISO 27001 certificates, SOC 2 report issuance, CE marking)
- Training-data governance, dataset bias, or model-provider obligations
- Regulatory registration or legal classification of your AI system
- Domain certifications we do not hold (e.g. HIPAA, PCI-DSS, FedRAMP)
Runtime Governance is a technical control and evidence layer. Regulatory compliance remains dependent on the organisation, deployment context, legal obligations, and broader governance programme.
Want to see which obligations apply to your agent? Run the free assessment — it maps your tools to the live Ω catalog and shows the trajectories Runtime Governance would block before execution, with replayable evidence.