14 — Compliance
EU AI Act obligations, infrastructure standards compliance, and documentation audit status. The primary deadline is 2026-08-02 — Annex III high-risk obligations come into force.
EU AI Act
Deadline: 2026-08-02 — All Annex III high-risk AI systems must have completed Art. 9 risk management and Art. 10 data governance documentation before this date.
| Document | Description |
|---|---|
| eu-ai-act-compliance.md | AI system inventory, risk tiers, compliance checklist per system |
| ai-risk-data-governance.md | Data governance baseline and risk management framework |
High-Risk Trigger (Annex III.4)
The following changes immediately trigger Annex III.4(a) high-risk classification:
- AI that scores, ranks, or evaluates driver/worker performance
- AI that automatically allocates tasks or routes work to human workers
- AI that makes or recommends employment decisions
Do not deploy such systems without completing the full compliance checklist in eu-ai-act-compliance.md §5.
AI System Registry (Supabase)
All AI-powered features must be registered in dev_r_ai_systems:
service_name,system_name, risk tier, compliance checklist fields,last_reviewed- The
eu_ai_act_checkaudit action runs weekly (Monday 08:00 UTC) and fails on compliance gaps
Infrastructure Standard Compliance
| Document | Description |
|---|---|
| infrastructure-standard.md | Mandatory requirements — RLS, monitoring, element registration |
| 00-documentation-audit.md | Documentation coverage audit |
| rulebook.md | Infrastructure improvement rulebook |
Documentation Compliance Check
The infra_docs_check audit action runs daily and fails if any active element has compliance_workbook != 'yes' in dev_r_services. Every new element added must have:
- A row in
dev_r_serviceswithcompliance_workbook = 'yes'andworkbook_urlset - A corresponding ops doc in
docs/ - RLS enabled on any Supabase tables it owns