EU regulation · AI risk

EU AI Act

The EU AI Act (Regulation 2024/1689) sets obligations by risk tier and is phasing in from 2025. High-risk systems carry the heaviest requirements, including robustness and cybersecurity.

Book a scoping call All frameworks

Who it applies to

▸Providers and deployers of AI systems used in the EU

▸Teams shipping high-risk AI (or unsure which tier they fall into)

▸Organizations adding AI features to regulated products

What it requires

The obligations, in plain terms.

Risk classification

Determine whether each system is prohibited, high-risk, limited, or minimal risk.

Risk and data governance

Risk management, data governance, and technical documentation for high-risk systems.

Human oversight

Meaningful human oversight and clear transparency to users.

Robustness and security

Accuracy, robustness, and cybersecurity appropriate to the system and its risk.

How Raptoric helps

We do the engineering work, not just the paperwork.

AI inventory and tiering

We map your AI systems and classify them against the Act.

AI red teaming

We test models, agents, and pipelines for the robustness and security the Act expects.

Guardrail design

We design and validate the controls that keep AI inside its intended bounds.

Governance docs

We produce documentation aligned to the EU AI Act and the NIST AI RMF.

We handle the testing, controls, and documentation. We do not act as your notified body or legal counsel.

Services that deliver it

AI Security→Security Program & Risk→Application & Cloud Security→

FAQ

Questions, answered

Does the EU AI Act apply to us?

If you build, deploy, or distribute AI systems in the EU, likely yes. Obligations scale with risk, and high-risk systems carry the heaviest requirements.

What does the AI Act require technically?

Risk management, data governance, logging, robustness, and security appropriate to the system's risk class. We translate those into concrete engineering work.

When do the obligations apply?

The Act phases in over time, with prohibited practices first and high-risk obligations following. Building now avoids a scramble later.

How does this connect to our AI security testing?

Directly. We red-team the system and align the testing and evidence to the Act's obligations, so security and compliance move together.

Need to be ready for EU AI Act?

A senior engineer will scope the work with you on a 30-minute call.

Book a scoping call or email contact@raptoric.com