Skip to content
Skip to content
ewpirecom

EU AI Act Compliance Map

Regulation (EU) 2024/1689 · Operative for deployer obligations from 2 August 2026

Status & scope of this document

This is ewpire's internal compliance map ahead of the 2 August 2026 deployer-obligation deadline under Regulation (EU) 2024/1689 (the “AI Act”). External AI-Act-fluent practitioner sign-off is scheduled Q2 2026. The text below is informational; it is not legal advice for our customers and does not waive a customer's own obligation to assess their specific deployment.

Why this matters now

The AI Act applies extraterritorially: any AI provider whose output is used in the EU falls in scope (Art. 2). ewpire's nine AI Employees are sold to EU and non-EU businesses, and several touch use cases the regulation classifies as either prohibited (Art. 5) or high-risk (Art. 6 + Annex III). Compliance posture matters from 2 August 2026, when deployer obligations under Art. 26 become operative.

§5 – Prohibited practices we do not engage in

Article 5 prohibits eight categories of AI use. None of ewpire's nine AI Employees implements any of them, by design:

  • No subliminal or manipulative techniques that materially distort behaviour and cause harm.
  • No exploitation of vulnerabilities tied to age, disability, or socio-economic situation.
  • No social scoring of natural persons by public authorities or on their behalf.
  • No predictive policing based solely on profiling.
  • No untargeted scraping of facial images for biometric databases.
  • No emotion-recognition systems in workplaces or educational institutions.
  • No biometric categorisation systems inferring race, political opinion, or sexual orientation.
  • No real-time remote biometric identification in public spaces.

Customer use that drifts into any prohibited category (e.g., feeding workplace emotion data into ewpire's Support Agent for evaluation purposes) is a Terms §20 violation and grounds for immediate termination.

§6 – High-risk classification

Article 6 plus Annex III define the high-risk perimeter. ewpire's position per AI Employee:

AI EmployeeAnnex III §Position
HR Screener§4(a–b) employmentHigh-risk if used as decision-maker. Designed as scorecard tool with mandatory human review. Annex required for non-scorecard use →
Lead QualificationNot high-risk. Scoring is for our customer's sales team, not access to essential services or employment.
SalesNot high-risk. B2B outbound communication only.
Support AgentNot high-risk by default. Becomes regulated if customer routes essential-services decisions through it (rare; flagged in onboarding).
Research, Growth, Document Processing, Tender, ConciergeNot high-risk. Information-retrieval and content-generation tools.

Customers deploying the HR Screener as a decision-maker (rather than a scorecard tool with human review) must execute the HR Screener High-Risk Deployment Annex, which establishes the joint controller arrangement, fundamental-rights impact assessment, post-market monitoring, and Art. 26 deployer logging requirements.

Twelve control areas operative from 2 August 2026

Where a deployment falls in high-risk scope, ewpire's compliance file covers the twelve control areas mandated by Art. 8–22 (provider) and Art. 26–29 (deployer):

  1. Risk-management system (Art. 9) – continuous, lifecycle-wide.
  2. Data governance (Art. 10) – training-data quality, bias mitigation.
  3. Technical documentation (Art. 11 + Annex IV).
  4. Record-keeping & logs (Art. 12).
  5. Transparency & instructions for use (Art. 13).
  6. Human oversight by design (Art. 14).
  7. Accuracy, robustness, cybersecurity (Art. 15).
  8. Quality-management system (Art. 17).
  9. Conformity assessment & CE marking (Art. 43–48).
  10. Post-market monitoring (Art. 72).
  11. Serious-incident reporting (Art. 73).
  12. Deployer obligations: human oversight, log retention, fundamental-rights impact assessment (Art. 26–27).

Operative dates

  • 2 February 2025 – Art. 5 prohibited practices in force.
  • 2 August 2025 – General-purpose AI model obligations (Art. 53–55).
  • 2 August 2026 – High-risk system provider & deployer obligations (Art. 16–28).
  • 2 August 2027 – Full application of remaining provisions.

Questions or need the annex?

Contact [email protected] with subject line “AI Act – [your company name]”. For HR Screener high-risk deployments, request the annex via the same address. Our practitioner review is scheduled Q2 2026; once countersigned, this page will publish the full 48-page compliance dossier.