Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
EU AI Act
Overview
The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive legal framework for artificial intelligence. It takes a risk-based approach, imposing stricter requirements on AI systems that pose higher risks to health, safety, and fundamental rights. The regulation was published on July 12, 2024 and enters into force in stages, with key compliance deadlines through 2027.Who It Applies To
- Providers of AI systems placed on the EU market or put into service in the EU (regardless of where they are established)
- Deployers of AI systems within the EU
- Importers and distributors of AI systems in the EU
- Product manufacturers placing products with integrated AI on the EU market
Risk Classification
The EU AI Act classifies AI systems into four risk levels:Unacceptable Risk (Prohibited)
AI systems that pose a clear threat to safety, livelihoods, or rights are banned entirely:- Social scoring by governments
- Real-time remote biometric identification in public spaces (with limited exceptions for law enforcement)
- Manipulation techniques that exploit vulnerabilities
- Emotion recognition in workplaces and educational institutions (with exceptions)
- Untargeted scraping of facial images from the internet or CCTV for facial recognition databases
High Risk
AI systems that significantly affect health, safety, or fundamental rights. These face the most extensive requirements:- Biometric identification and categorization (not real-time in public spaces)
- Critical infrastructure management (energy, water, transport)
- Education and vocational training (admissions, assessments, proctoring)
- Employment (recruitment, promotion, task allocation, performance monitoring)
- Essential services (credit scoring, insurance pricing, emergency services)
- Law enforcement (risk assessment, evidence analysis, crime prediction)
- Migration and border control (visa processing, risk assessment)
- Justice and democracy (legal research, judicial decisions)
Limited Risk
AI systems with specific transparency obligations:- Chatbots and conversational AI (must disclose they are AI)
- AI-generated content (deepfakes must be labeled)
- Emotion recognition systems (must inform users)
- Biometric categorization systems (must inform users)
Minimal Risk
All other AI systems - free to develop and use without specific AI Act obligations. This includes most current business applications like spam filters, AI-powered search, and recommendation systems.Requirements for High-Risk AI Systems
| Requirement | Description |
|---|---|
| Risk management system | Continuous risk identification, analysis, and mitigation throughout the AI system lifecycle |
| Data governance | Training, validation, and testing datasets must be relevant, representative, and free of errors |
| Technical documentation | Comprehensive documentation of the system before it is placed on the market |
| Record-keeping | Automatic logging of events during operation for traceability |
| Transparency | Clear instructions for deployers including intended purpose, capabilities, and limitations |
| Human oversight | Design must allow effective oversight by natural persons |
| Accuracy, robustness, cybersecurity | Systems must achieve appropriate levels throughout their lifecycle |
| Quality management system | Providers must implement a QMS covering all the above |
Key Compliance Dates
| Date | What Applies |
|---|---|
| August 1, 2024 | Entry into force |
| February 2, 2025 | Prohibitions on unacceptable risk AI apply |
| August 2, 2025 | Obligations for general-purpose AI models apply |
| August 2, 2026 | Main body applies - including high-risk AI system requirements |
| August 2, 2027 | Obligations for high-risk AI in Annex I (product safety legislation) apply |
How Matproof Helps
Matproof ships a complete EU AI Act module with 98 requirements, control templates, policy templates, task templates, and dedicated tooling for the parts of the regulation that don’t fit a generic compliance UI.AI System Inventory
A first-class AI Systems section tracks every AI system in your organization with the metadata the regulation requires:- Unique identifier, version, intended purpose, and target market
- Provider vs. deployer role per system
- Risk classification (unacceptable / high / limited / minimal)
- Annex III category if applicable
- Lifecycle stage (development / testing / production / decommissioned)
- Data sources, model dependencies, and downstream integrations
Risk Classification
- Guided assessment to classify each AI system by risk level
- Decision tree based on the AI Act’s Annex III categories
- Auto-risk: Matproof analyzes the system’s intended purpose and suggests a likely classification
- Re-assessment workflows when systems change purpose or capability
Foundation Model Cards (GPAI)
For General-Purpose AI Models (GPAI) and foundation models you deploy or fine-tune, Matproof provides structured Model Cards documenting:- Model architecture, parameters, and provenance
- Training data summary (Article 53(1)(d) requirement)
- Capabilities and limitations
- Energy consumption and compute estimates
- Acceptable use policy
- Copyright compliance attestations
- Systemic risk assessment for models above the FLOP threshold (Article 51)
High-Risk Compliance
- Control framework covering all Article 9–15 requirements (98 requirements seeded)
- Risk management system templates aligned with Article 9
- Data governance checklists for training data quality (Article 10)
- Technical documentation templates matching Annex IV
- Human oversight procedure templates (Article 14)
- Accuracy, robustness, and cybersecurity evidence collection (Article 15)
- Conformity assessment preparation per Article 43
Post-Market Monitoring
The Post-Market Monitoring (PMM) module covers Article 72:- PMM plan templates per system
- Performance metric tracking (accuracy drift, fairness drift, error rates)
- Anomaly and incident detection workflows
- Serious incident reporting per Article 73 — auto-generated reports for the relevant national authority
- Scheduled PMM reviews with audit trail
Quality Management System (QMS)
For providers, Matproof generates the QMS documentation Article 17 requires:- Strategy for regulatory compliance
- Examination, test, and validation procedures
- Technical specifications and standards applied
- Data management procedures
- Risk management system reference
- Post-market monitoring system reference
- Incident reporting procedures
- Records of communication with national authorities
Policy Templates
- AI use policy for organizations deploying AI systems
- Responsible AI development guidelines
- Data governance policies for AI training data
- Transparency and disclosure templates
- Human oversight procedures
- AI literacy training plan (Article 4)
Evidence Automation
- Model documentation and version tracking
- Training data provenance records
- Testing and validation evidence
- Deployment monitoring dashboards
- Audit trail for AI system changes
- Logged events per Article 12 record-keeping requirements
Regulatory Monitoring
- Updates on EU AI Act implementing acts and guidance
- National transposition tracking across EU member states
- Harmonized standards development monitoring
- AI Office publications and guidance notes
- Code of Practice for GPAI updates
Getting Started
- Select EU AI Act as a framework during onboarding
- Inventory your AI systems using Matproof’s guided workflow
- Classify each system by risk level
- For high-risk systems, work through the Article 9–15 compliance requirements
- For GPAI models, generate Foundation Model Cards
- Set up Post-Market Monitoring plans for production systems
AI Policy Editor
Generate AI governance policies
ISO 42001
The companion AI management system standard — pairs well with the EU AI Act