EU AI Act · Article 113 · Enforcement begins August 2, 2026

74 days until every
high-risk AI system
needs a receipt.

Name: EMILIA Protocol
Availability: InStock
Author: EMILIA Protocol

On August 2, 2026, the EU AI Act's high-risk obligations turn on. Logging, human oversight, transparency, traceability — mandatory. Penalties up to €35M or 7% of global turnover, whichever is higher. EMILIA Protocol is the only formally verified, open-standard answer.

58

Days

22

Hours

30

Minutes

31

Seconds

Talk to a compliance engineer Read the spec

Scope

What "high-risk" covers

The EU AI Act defines high-risk systems by domain. If your AI agent touches any of these, Article 113 obligations apply on day one of enforcement — regardless of whether the agent is autonomous or human-assisted.

Biometric identification
Critical infrastructure
Education access and assessment
Employment and worker management
Essential services — banking, insurance, credit
Law enforcement
Migration, asylum, border control
Administration of justice and democracy

The mapping

How EP satisfies Articles 9 through 15

Each obligation maps to a specific phase of the EMILIA ceremony. The two articles most often cited in early enforcement guidance — Art. 12 (logging) and Art. 14 (human oversight) — are highlighted.

Art. 9

Risk management system

The obligation: Continuous risk identification, evaluation, and mitigation across the AI lifecycle.

How EP satisfies it: Every receipt carries the policy version that authorized it. Risk register and policy graph are queryable through the Trust Explorer.

Art. 10

Data governance and quality

The obligation: Training and operational data must be relevant, representative, and free of errors.

How EP satisfies it: Action context is bound to receipt at sign time; tampering invalidates the cryptographic chain.

Art. 11

Technical documentation

The obligation: Documentation kept current and available to authorities on request.

How EP satisfies it: TLA+ spec, Alloy facts, and 3,483 automated tests are public. Apache 2.0 — auditors read source, not vendor PDFs.

Art. 12

Automatic logging

Primary EP fit

The obligation: Logs must enable post-incident traceability for the full operational life of the system.

How EP satisfies it: Pre-execution receipt is the log. Cryptographically signed, replay-proof, queryable by actor/policy/time.

Art. 13

Transparency to users

The obligation: Users must be able to understand and use system outputs.

How EP satisfies it: Every receipt is human-inspectable JSON with the policy clause that fired. No black-box decisions.

Art. 14

Human oversight

Primary EP fit

The obligation: Natural-person oversight to prevent or minimize risks during operation.

How EP satisfies it: The Signoff phase is mandatory for high-risk actions. Cryptographically bound to a real human identity at decision time.

Art. 15

Accuracy, robustness, cybersecurity

The obligation: System must be resilient to errors, faults, and unauthorized third-party alteration.

How EP satisfies it: 26 TLA+ theorems and 35 Alloy facts prove the ceremony cannot be replayed, forged, or partially executed.

Penalties

What non-compliance costs

€35M

Maximum fine — flat ceiling

7%

Of global annual turnover — whichever is higher

Day 1

No grace period for high-risk systems

Beyond Brussels

Parallel forcing functions

Even if your AI never touches an EU user, the US Executive Order and three active state laws create the same pre-execution governance requirement on a similar timeline. EP's NIST AI RMF mapping covers the federal side directly.

United States

Executive Order 14110

Federal procurement requires NIST AI RMF alignment. EP maps 38 RMF subcategories.

California

SB 1047 successor (2026 session)

Audit logging requirements for frontier model deployments.

Colorado

Colorado AI Act

Effective Feb 2026. Impact assessments and consumer notification.

New York

AI Accountability Act

Algorithmic decision impact assessments for high-risk uses.

Next step

74 days is enough — if you start this week.

We integrate in under a day. Apache 2.0, no vendor lock-in. Reference deployments at federal and fintech pilots underway.

Schedule a compliance walkthrough Try the SDK

74 days until everyhigh-risk AI systemneeds a receipt.