EU AI Act 2024/1689 — Arts. 12–15 Compliant

AI compliance
infrastructure for developers

The only motor built from scratch for EU AI Act compliance. Deterministic verification, SHA-256 audit chains, and mandatory human oversight — architected in, not bolted on.

Request API Access View API Docs
SHA-256
Immutable audit chain
Art. 14
Human gate enforced
Ed25519
Cryptographic certificates
5 fases
Deterministic pipeline
VAAR
Epistemic protocol
1 instância
= 1 client, always
UNIVERSAL KERNEL
EU AI ACT — CLASSIFY YOUR SYSTEM
GRATUITO

3 minutos · Gratuito · Certificado Ed25519 · 6 idiomas

Architecture
Built different.
By design.
01
Motor stays with us. Always.
Your code never leaves our server. You get an API key. You build your product. Your clients never see the engine — only the results. No source code distribution, no reverse engineering risk.
B2D MODEL
02
One instance. One client. Non-negotiable.
Each instance is cryptographically bound to one client reference. The database enforces this at constraint level — not application logic. Sharing an instance between clients is architecturally impossible.
ISOLATED BY DESIGN
03
You write the domain rules.
The motor starts completely clean. No pre-loaded knowledge. You define the approaches, the authority sources, the confidence thresholds, the delegation protocol. Different clients, different rules — all isolated.
DOMAIN AGNOSTIC
04
Your LLM. Your key. Your cost.
Connect your own Anthropic, OpenAI, or Ollama instance. The motor orchestrates — it never pays for your LLM calls. When we exhaust classical approaches, we call your LLM, log the result, and chain the SHA-256 hash.
BYOLLM
Compliance
EU AI Act
native compliance.
Art. 12
Record keeping
Every event logged with SHA-256 hash chained to the previous. Immutable audit trail from session creation to human approval. Export-ready for regulatory submission.
Art. 13
Transparency
VAAR protocol classifies every claim: VERIFIED, VERIFIABLE, INFERRED, or BLOCKED. No result reaches the human gate without source traceability documented.
Art. 14
Human oversight
Human gate is inviolable and architecturally enforced. No knowledge base update happens without documented human approval. Delegation protocol configurable per domain with quorum support.
Art. 15
Accuracy and robustness
INDETERMINATE is a first-class output — not a failure. When 24 classical variations are exhausted without resolution, the motor declares a knowledge frontier. No fabrication. Ever.
Any domain. Any risk level. One API.
Your domain.
In compliance.

Most platforms tell you what the law says. The EU AI Act requires something different: proof that the process happened — cryptographically signed, session by session, verifiable by any auditor without trusting the vendor's word.

You define the domain. You designate the human reviewer — the qualified person your organisation is responsible for under Art.14. We run the 5-phase pipeline, generate the SHA-256 audit chain, and deliver an AI Card with Ed25519 signatures ready for regulators. The human gate is architecturally inviolable: no output enters your knowledge base without a decision from your reviewer. Your infrastructure. Your reviewer. Your knowledge base. Your compliance. The evidence is yours.

What the market delivers
"The AI said so."
Governance reports. Policy assessments. Risk scores. Useful for strategy — but not what Art.12–15 demand when an auditor asks for evidence of a specific decision.
What EU AI Act Art.12–15 requires
"Here is the mathematical proof."
SHA-256 blockchain-linear chain · Ed25519 signed decisions · HumanGate inviolable · exportable AI Card per session — independently verifiable without the vendor.
How your session runs — 5-phase pipeline
1
Gap exploration — ExplorationAgent
The LLM analyses the submitted problem against your domain knowledge structure. It maps what is known and isolates genuine gaps at the frontier — not what is already answered, only what genuinely remains open.
Art.13 — explainability · reasoning documented per gap
2
Safety gate — AiActPolicy pre-check
Deterministic verification — no LLM, no subjectivity, instant. Checks against domain blacklist and universal prohibited list. Detects prompt injection in 3 layers before any proposal is generated.
Art.12 · BL-001 blacklist · 3-layer injection detection
3
VAAR-annotated proposal — ProposalAgent
A new knowledge primitive is proposed and every claim classified: VERIFIED (source-backed) · VERIFIABLE (checkable) · INFERRED (LLM deduction) · BLOCKED (unacceptable). Cosine similarity check against your KB ensures genuine novelty.
Art.13 — claim-level transparency · Protocol VAAR v3 · DOI 10.5281/zenodo.19266537
4
Adversarial falsification — FalsificationAgent
The system actively tries to destroy its own proposal — circular reasoning, prior art, logical inconsistencies, empirical counter-examples. Minimum 3 adversarial attempts. The near-miss delta shows how close the proposal came to automatic rejection.
Art.15 — robustness · ≥ 3 attempts · near_miss_delta · score 0–1
5
Human gate — Art.14 · architecturally inviolable
No output enters your knowledge base without explicit human approval from the reviewer your organisation designates. That decision is signed with Ed25519 — permanent cryptographic proof of who decided, when, and why. The infrastructure enforces the gate; the responsibility is yours.
Art.14 · Ed25519 · delegation level 1–3 · reviewer reasoning min. 30 chars
EU AI Act risk levels — what the Universal Kernel covers

The developer configures their domain; the infrastructure enforces the obligations required for that risk level. Prohibited systems (Art.5) are blocked at entry — BL-001 universal blacklist.

High risk — critical (Annex III)Full obligations
Art.9 · 10 · 11 · 12 · 13 · 14 · 15 · 43 · 49
Biometrics · critical infrastructure · law enforcement · migration · judicial AI
High risk (Annex III)Full obligations
Art.9 · 11 · 12 · 13 · 14 · 15 · 43 · 49
Credit scoring · employment · education · medical devices · essential services
Limited risk (Art.50)Transparency obligations
Art.12 · 13 · 50
Chatbots · emotion recognition · GPAI systems · AI-generated content
Minimal / no riskRecommended practice
Art.12 · 13 recommended
Internal research tools · scientific discovery · regulatory gap analysis · AI-assisted documentation
Example AI Card — output for a credit assessment domain · all data fictitious
Universal Kernel genesis-kernel-v5
Art.12-15 Compliant Awaiting human decision Annex IV
EU AI Act compliance - Reg. (UE) 2024/1689
Art.12 - Audit chain Art.13 - VAAR Art.14 - Human gate (pending) Art.15 - Robustness Art.11 - Annex IV
SHA-256 blockchain-linear chain
Valid - intact and verifiable
universal-kernel v5.0.0
Session identification - Art.12(3)
Session ID
GE-F4A92C
Domain
credit_assessment_v1
LLM provider / model
your-provider / your-model
Risk level
High risk - Annex III.5.b
AuditChain tip hash
b9e4f2a7c3d8b1e6f4a7c2d9e3b8f1a4c7d2e9b6f3a8c1d4...
Problem submitted
What is the compliance gap between Art.25(4) EU AI Act cooperation obligations and the minimum content of a written agreement between an AI infrastructure provider and a credit assessment deployer under Annex III.5.b?
Pipeline execution - 7 phases
0
Submission
Session created - job enqueued - Redis
Art.12
1
ExplorationAgent
2 gaps found - frontier_reached: true
Art.13
2
AiActPolicy pre
BL-001: clear - injection: none - PASS
Art.12
3
ProposalAgent
3 VAAR annotations - genuinely_novel: true
Art.13
4
FalsificationAgent
3 adversarial attempts - REVISE - score 0.41
Art.15
4b
AiActPolicy full
UC-001 to 004: PASS - 4/4 rules compliant
Art.14
5
HumanGate
rev_example - level 2 - awaiting decision
Art.14
Art.12 - Immutable audit chain
Events
9 recorded
Chain
SHA-256 valid
Actor types
user / llm_ext / system
SESSION CREATED
f3a9c2b8d4e1f7a2c9b5d8...
09:00 UTC
EXPLORATION COMPLETED
d9a2c7b4e1f8d3a6c9b2...
09:02 UTC
PROPOSAL GENERATED
e7f3b9c2d8a4e1f6b3c9...
09:18 UTC
FALSIFICATION COMPLETED
a2d8c4f7b9e3a6d1c8f4...
09:23 UTC
HUMAN GATE SUBMITTED
b6d2a9f4c8e3b1d7a2f9...
09:23 UTC
Art.13 - Transparency - VAAR protocol
VAAR annotations
3
Reasoning
52 chars
BLOCKED
0
Falsification
48 chars
VERIFIED
Art.25(4) imposes cooperation obligations between AI infrastructure provider and high-risk deployer. Source: Reg. (EU) 2024/1689, Art.25(4)
VERIFIABLE
No Annex equivalent to Annex IV exists defining minimum B2B agreement content for Art.25(4) - gap confirmed.
INFERRED
Analogy with Art.28 GDPR processor agreement suggests equivalent minimum fields for Art.25(4). Inference by analogy - not confirmed by EU AI Office.
Art.14 - Human oversight
HumanGate
Architecturally inviolable
Delegation level
Level 2 - domain specialist
Near miss delta
22% above rejection threshold
Decision
Awaiting reviewer decision
Art.15 - Adversarial robustness
Falsification attempts
3 (min. 3 - Art.15)
Recommendation
REVISE
Verification score
0.410 (0=rejected 1=robust)
Injection detection
3 layers - BL-001 - server - Agent
Art.11 + Annex IV - System documentation
1(a)Universal Kernel v5.0.0 - EU AI Act Arts.12-15 compliance infrastructure - Ref: UK-v5.0-2026
1(b)External LLM: your-provider / your-model - API key client-owned, never stored - LLMAdapter interface
1(c-e)Node.js 20 - TypeScript - PostgreSQL - Redis - BullMQ - VPS EU
2-35-phase LLM pipeline - SHA-256 blockchain-linear - Ed25519 - VAAR v3 - no model training
4-8AUDIT-GK-001 v1.2 - DOC-UK-002 (Art.47) - AuditChain continuous - Retention 10 years (Art.18)
Domain articles - credit_assessment_v1
Annex III.5.bCredit assessment - high risk: full obligations Art.9, 10, 11, 12, 13, 14, 15 applicable to the developer system
Art.25(4)Infrastructure provider cooperation obligation - written agreement defining compliance responsibilities. Universal Kernel Art.11 does not substitute developer Art.11 obligations (Art.3(4)).
Universal Kernel v5.0.0 - genesis-engine.tech - All data in this example is fictitious
VAAR Protocol DOI 10.5281/zenodo.19266537 v3 - Reg. (EU) 2024/1689 - Your instance - Your domain - Your reviewer
JSON HTML CSV PDF Annex IV
Pricing
Pay per instance.
Scale without limits.
Starter
€800 /inst
per active instance · per month · 1–10 instances · €500 activation (per instance/client)
  • Full ExplorationAgent access
  • SHA-256 audit chain
  • Human Gate (Art. 14)
  • Export JSON / CSV / HTML
  • BYO LLM (any provider)
  • Webhook notifications
Get Started
MOST POPULAR
Growth
€500 /inst
per active instance · per month · 11–50 instances · €500 activation (per instance/client)
  • Everything in Starter
  • Priority support
  • Volume discount 24%
  • Custom domain rules
  • Multi-domain per instance
  • Compliance reports (AI Act)
Get Started
Scale
€300 /inst
per active instance · per month · 51+ instances · €500 activation (per instance/client)
  • Everything in Growth
  • Volume discount 45%
  • Dedicated support
  • SLA guarantee
  • Custom billing cycles
  • 201+ instances: contact us
Get Started
Platform & Enterprise — For volume deployment
Building on top of Universal Kernel?
If your platform serves multiple clients and you need to deploy Universal Kernel as white-label infrastructure — with volume pricing, dedicated SLA, and contractual API access at scale — the per-instance model above does not apply. Platform licensing is negotiated separately based on volume, integration requirements, and data residency needs.
Contact for volume pricing →
Deployment model
White-label · your brand
Pricing model
Platform licence · negotiated
Data residency
EU · sovereign hosting
Request API Access

Fill in your details. You'll receive your API key within 24 hours.

What domain will your clients use the motor for?
Live Demo
See the motor work.
Select a domain.

Each domain is configured by the developer. The motor starts clean — 5 phases, EU AI Act compliant, cryptographic audit chain, human gate inviolable.

Select domain