a2a cloud
eu ai act · enforced 2 aug 2026

Compliance is a query, not a quarter.

Article 12 asks for automatic, lifetime event records. Article 19 asks you to keep them six months. This runtime already signs a receipt for every agent run and every authorization decision — compliance is querying records you already have, not instrumenting code you haven't written.

receipts for ai systems · explicit authority · no ambient trust

0
day retention floor
0
audit surfaces, one query
0%
runs signed
high-risk enforcement begins
2026-08-02T00:00:00Z
··days··hrs··min··sec

Records your agents write today are already admissible evidence. Retention starts counting the day you deploy — not the day the regulator asks.

what the act asks · what the runtime emits

Four articles. Four primitives. Zero instrumentation.

Article 12Record-keeping

asks · High-risk AI systems must technically allow automatic recording of events over their lifetime.

runtime · Every skill invocation seals an Ed25519-signed execution receipt: caller, grants, tool calls, file ops, timing, outcome. Recorded by the runtime, not by your app code.

Article 19Log retention

asks · Automatically generated logs are kept for at least six months.

runtime · Retention policy floored at 180 days while the EU AI Act framework is active — enforced at write time and re-checked inside the purge path. Legal hold blocks deletion outright.

Article 14Human oversight

asks · Systems are designed so natural persons can effectively oversee them.

runtime · Every authorization decision records who decided — auto, policy, or human. Human-in-the-loop approvals are distinguishable in the grant chain, not asserted after the fact.

Article 11Technical documentation

asks · Documentation is drawn up before market placement and kept current.

runtime · Agent card, version, image digest, risk tier, intended purpose, and oversight statement export as a per-system dossier inside the evidence pack.

decision records

One query across every decision your agents made.

Skill executions, authorization decisions, and administrative actions normalize into a single record shape. Filter by agent, outcome, kind, or date range. Open a record and the platform re-verifies its Ed25519 signature in front of you — proof, not a promise.

No second store to sync, no ETL to a compliance warehouse. The records the auditor reads are the records the runtime wrote.

See replay & receipts →
decision record
signature valid
{
  "record_id": "rcpt_9f2ce41b",
  "kind": "skill_execution",
  "agent_name": "invoice-triage",
  "actor": "user:finance-ops",
  "action": "skill:classify_invoice",
  "outcome": "ok",
  "occurred_at": "2026-07-05T09:14:22Z",
  "verifiable": true,
  "signature_status": "valid",
  "details": {
    "grant_ids": ["gr_71aa04"],
    "tool_calls": 3,
    "eval_score": 0.97
  }
}
one export · three frameworks

The evidence pack answers the questionnaire.

A single JSON export: decision records, agent dossiers, signature verification results, and the control mapping inlined — an auditor who has never seen this platform can read it cold.

EU AI Act

Articles 11, 12, 14, 19

Queryable decision records, 180-day floored retention, human-oversight attribution, per-system documentation. Enforcement for high-risk systems begins 2 August 2026.

NIST AI RMF 1.1

Govern · Map · Measure · Manage

Org policy with named owners, agent inventory with risk tiers, eval scores on receipts, scoped authority and budget caps — mapped function by function in the export.

ISO/IEC 42001

Procurement dossier

The evidence pack answers the AI-management-system questionnaire your buyer's procurement team sends: traceability, operational control, performance evaluation.

how it works

Governed agent execution is the compliance program.

01

Run

Agents execute under scoped, signed grants. No ambient trust — every action already carries its authority.

02

Record

The runtime seals each run into a signed receipt and each authorization into the grant chain. Zero instrumentation in your agent code.

03

Query

Decision records are one API: filter by agent, outcome, kind, date range. Signature re-verified when you open a record.

04

Export

One click produces a self-describing evidence pack — records, agent dossiers, control mapping — ready for auditors and procurement.

before 2 august

Deploy governed. Query compliant.

Retention windows only protect the records that exist. Every day agents run ungoverned is a day of evidence you can't produce later.