EU AI Act High-Risk Readiness

Audience

Outcome

After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim.

Source Truth

• Public route: product/eu-ai-act-high-risk
• Source document: helm-ai-enterprise/docs/public/product/eu-ai-act-high-risk.md
• Public manifest: helm-ai-enterprise/docs/public-docs.manifest.json
• Source inventory: helm-ai-enterprise/docs/source-inventory.manifest.json
• Validation: corepack pnpm run docs:coverage, corepack pnpm run docs:truth, and npm run coverage:inventory from docs-platform

Do not expand this page with unsupported product, SDK, deployment, compliance, or integration claims unless the inventory manifest points to code, schemas, tests, examples, or an owner doc that proves the claim.

Troubleshooting

HELM AI Enterprise should lead compliance positioning with the EU AI Act high-risk timeline. The current European Commission Service Desk timeline lists 2026-08-02 for Annex III high-risk rules and Article 50 transparency rules to enter into application, with 2027-08-02 for high-risk systems embedded in regulated products. The Commission has proposed timeline adjustments tied to support tools and standards, so customer-facing copy should describe the 2026 date as the current application trajectory.

Sales Message

HELM gives regulated AI operators a runtime receipt for every governed action:

• Article 9 risk management: policies encode action ceilings, escalation rules, and fail-closed controls before execution.
• Article 11 technical documentation: evidence exports describe which policy, principal, model, tool, and state snapshot governed an action.
• Article 12 record keeping: ProofGraph records the causal chain and receipt hash for agent decisions.
• Article 14 human oversight: approval ceremonies, override paths, and autonomy levels make human control visible.
• Article 50 transparency support: source and generation context can be attached to receipts when basic use HELM-proxied workflows.

Discovery Questions

• Which AI workflows make or materially influence decisions in employment, credit, education, health, public services, migration, law enforcement, or critical infrastructure?
• Which actions can create external side effects, irreversible changes, or regulated communications?
• Where is human review required today, and where is it informal or undocumented?
• Which logs would an auditor need to replay a decision six months later?
• Which model, tool, connector, or policy changes should trigger a new approval route?

Evidence HELM Can Produce

HELM AI Kernel Evidence Pack Dependency

This HCOM guide depends on the HELM AI Kernel EU AI Act reference pack and MCP governance implementation. The paired HELM AI Kernel lane verified the high-risk evidence pack shape and added MCP OAuth resource/scope enforcement so tool execution can be tied to a specific resource audience and required scopes before Guardian receives the decision request.

Sales use:

• Use the reference pack as the artifact checklist for regulated workflow discovery.
• Use MCP resource and scope enforcement as the technical proof point for action-level access control.
• Use ProofGraph and receipt exports as the customer-facing audit record.

Do not represent the pack as legal advice or as a complete conformity assessment. It is an evidence scaffold for counsel, compliance basic, and auditors.

Colorado Positioning

Colorado remains worth monitoring, but it should not lead the HCOM urgency story. SB25B-004 moved SB24-205 requirements to 2026-06-30, and a March 2026 workgroup proposal would replace the law with an ADMT-focused framework effective 2027-01-01 if enacted. Use Colorado as a state-profile example for runtime records, human review, and ADMT audit support. Do not present the proposed ADMT framework as final law.

Source Notes

• European Commission AI Act Service Desk timeline: https://ai-act-service-desk.ec.europa.eu/en/ai-act/timeline/timeline-implementation-eu-ai-act
• European Commission AI Act policy page: https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
• Colorado General Assembly SB25B-004: https://leg.colorado.gov/bills/sb25b-004
• Cooley state AI laws update, 2026-04-24: https://www.cooley.com/news/insight/2026/2026-04-24-state-ai-laws-where-are-they-now
• HELM AI Kernel reference pack: reference_packs/eu_ai_act_high_risk.v1.json

Diagram

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        usecase["High-risk use case"]
        control["Control mapping"]
        approval["Human oversight"]
        pack["Compliance pack"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        policy["Policy bundle"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        receipt["Receipt evidence"]
    end

    %% Operational Flow Edges
    usecase --> control
    control --> policy
    control --> approval
    control --> receipt
    receipt --> pack
    approval --> pack
    policy --> pack

    %% Premium Styling Rules
    style policy fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style receipt fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        usecase["High-risk use case"]
        control["Control mapping"]
        approval["Human oversight"]
        pack["Compliance pack"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        policy["Policy bundle"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        receipt["Receipt evidence"]
    end

    %% Operational Flow Edges
    usecase --> control
    control --> policy
    control --> approval
    control --> receipt
    receipt --> pack
    approval --> pack
    policy --> pack

    %% Premium Styling Rules
    style policy fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style receipt fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff