I've been shipping AI agents since 2023. First ones were simple — call an LLM, maybe hit an API, return a result. Nobody cared what they did internally.
That's over.
The EU AI Act enforcement date is August 2, 2026. If your agents process data belonging to EU residents, execute transactions, make recommendations that affect people's lives — you're in scope. The fines are real: up to 7% of global revenue or €35M, whichever is higher.
I spent three weeks going through the actual regulation text, talking to a few GRC leads at companies deploying agents, and building the compliance layer for my own SDK (MnemoPay). This is what I found and what I actually built.
What the EU AI Act actually requires for AI agents
Article 12 is the one that catches most developers off guard. It mandates "logging capabilities" that:
- Record inputs and outputs at each step
- Be tamper-resistant
- Allow reconstruction of the agent's decision path after the fact
- Include timestamps and unique identifiers per interaction
Article 13 requires "transparency" — that the agent's behavior be explainable to a human operator on request.
Article 9 requires a "risk management system" — which for software means documented anomaly detection and incident response.
This isn't optional for developers deploying "high-risk" AI systems. The Act classifies agents operating in areas like recruitment, credit assessment, healthcare, and "critical infrastructure management" as high-risk. The definition of critical infrastructure is broad enough to include fintech agents, healthcare billing agents, and procurement agents.
If you're unsure whether your agent is in scope: it probably is. The safer assumption is yes.
What "tamper-resistant logs" actually means in practice
This is where most compliance guides wave their hands and say "use structured logging." That's not enough.
Tamper-resistant means that if someone modifies the log after the fact, you can prove it. Standard log files — even immutable cloud logging — don't satisfy this because they can be deleted or overwritten at the storage layer.
What actually works is a Merkle tree structure. Each log entry is hashed. Each hash is chained to the previous one. You can export a root hash at any point in time, and any auditor can verify that no entry was altered without detection.
import { MnemoPay } from '@mnemopay/sdk';
const mp = MnemoPay.quick('my-agent-id');
// Every charge creates a tamper-resistant log entry
const tx = await mp.charge(50, 'processed invoice INV-2024-0051 for customer EU-4421');
// Verify the entire audit trail hasn't been tampered with
const integrity = await mp.memoryIntegrityCheck();
console.log(integrity.valid); // true
console.log(integrity.merkleRoot); // export this to your auditor
The memoryIntegrityCheck() call traverses the Merkle tree of all logged transactions and memory events, returning a root hash and a valid: true/false. If anyone modified a log entry, the hash chain breaks and valid returns false.
That's what Article 12 is looking for.
The behavioral consistency requirement
Article 9's risk management system goes beyond logging. You need to detect when your agent starts behaving abnormally and flag it.
For financial agents, this means tracking spending patterns over time. An agent that normally spends $50–200 per transaction suddenly running $5,000 transactions is an anomaly. The regulation requires you to have a documented process for detecting and responding to this.
I implemented this using EWMA (exponentially weighted moving average) on transaction amounts. The algorithm maintains a rolling baseline and fires when current behavior deviates beyond a configurable threshold.
// Anomaly check — fires if agent behavior deviates from baseline
const anomaly = await mp.anomalyCheck();
if (anomaly.detected) {
console.log(anomaly.reason);
// "Transaction amount 10x above 30-day baseline"
// Pause agent, alert human operator
}
This gives you the documented anomaly detection process Article 9 asks for.
Identity stability — proving the agent hasn't been hijacked
This one trips up developers who haven't thought about prompt injection or agent swapping.
If an adversary can replace your agent's system prompt, or swap out the model mid-session, the logs become meaningless — they might accurately record what a different agent did. The regulation requires your risk management system to address identity integrity.
Cryptographic identity solves this. Each agent gets an Ed25519 keypair at initialization. Every session is signed. If the agent's identity changes between sessions — key mismatch, behavioral fingerprint drift, or session ID anomaly — the system flags it.
const fico = await mp.agentFicoScore();
// {
// score: 742,
// components: {
// transactionHistory: 0.88, // 35% weight
// memoryIntegrity: 0.95, // 20% weight
// behavioralConsistency: 0.71, // 15% weight
// identityStability: 0.94, // 15% weight
// contextReliability: 0.82 // 15% weight
// }
// }
The Agent FICO score (300–850, modeled on consumer credit scoring) gives you a single number that summarizes compliance health. Low identity stability score → investigate. Low behavioral consistency → something changed. High transaction history + high integrity → clean audit trail.
When an EU regulator asks "how do you know this agent was behaving correctly?" you hand them the score breakdown and the Merkle root.
What to do right now if you're deploying agents before August
Audit which agents are in scope. If they process EU resident data, make decisions with real consequences, or execute financial transactions — they're in scope. List them.
Add structured logging today. At minimum: timestamp, agent ID, input summary, output summary, action taken, amount (if financial). Don't wait for the Merkle implementation.
Add anomaly detection. EWMA is simple to implement. Track your agent's normal behavior baseline over 30 days and alert when it deviates 3x.
Document your risk management process. This can be a one-page internal doc: "How we detect agent anomalies, how we respond, who is responsible." That document is what regulators want to see first.
Export your compliance evidence. Whatever logging you have, make sure you can export it as a PDF or CSV for an auditor. Not just "it's in our logs" but "here is the file."
The August 2 deadline is real
A lot of developers are treating this like GDPR — "we'll deal with it when enforcement actually happens." That's a mistake. GDPR had a 2-year ramp before enforcement. The EU AI Act had a 2-year ramp that started in August 2024. That ramp ends in 5 months.
More practically: your enterprise customers are going to ask you for a compliance attestation before August. If you're selling to European companies, or companies with European customers, expect procurement to add this to their vendor questionnaire by Q2 2026. Being able to say "we have tamper-proof audit trails and behavioral monitoring built in" is a sales accelerator, not just a compliance checkbox.
I built MnemoPay specifically to solve this — it's open source (Apache 2.0), the audit trail and behavioral monitoring are built in, and it takes about 5 lines to integrate. But even if you don't use it, the concepts above apply to any stack.
The regulation is clear enough that the compliance work is predictable. Do it now while you have time to get it right, not in July when you're rushing.
If you have questions about the specific requirements for your use case, drop them below. I've been through the regulation text and the EU AI Act Service Desk FAQs pretty thoroughly and happy to share what I found.