8.1 EU AI Act Compliance

8.1.1 EU AI Act Overview

The EU AI Act, finalized in 2024, represents the world's first comprehensive legal framework for artificial intelligence. It classifies AI systems by risk level and imposes proportional obligations on providers and deployers. High-risk systems (defined in Annex III) must meet stringent technical documentation, transparency, and record-keeping requirements before market entry.

Key articles relevant to Origyn include:

• Article 11: Technical documentation requirements for high-risk AI systems

• Article 13: Transparency and provision of information to deployers

• Article 12: Record-keeping obligations (automatic logging of events)

• Article 9: Risk management system

• Article 63: Market surveillance and control of AI systems in the Union market

High-risk AI systems encompass healthcare diagnostic tools, credit scoring models, employment management systems, law enforcement applications, and critical infrastructure. A diagnostic AI for radiology, for instance, must document its training data, maintain logs of deployment events, and provide transparent information to hospitals deploying it.

Non-compliance carries severe penalties: up to €35 million or 7% of worldwide annual turnover for prohibited practices, €15 million or 3% for failure to meet AI Act requirements, and €7.5 million or 1% for supplying incorrect information. The financial stakes drive demand for streamlined compliance solutions.

8.1.2 Article-by-Article Mapping

Origyn's architecture addresses EU AI Act requirements systematically. The table below maps specific articles to protocol solutions:

EU AI Act Requirement	Article	Origyn Solution	Implementation
Technical Documentation	Art. 11	Full model card on IPFS, linked on-chain	Creator uploads model card during registration; CID stored immutably
Training Data Documentation	Art. 13(3)(b)	Dataset CID tracked in model metadata	Required field during registration; verifiable via IPFS
Model Lineage Tracking	Art. 11(1)	Full DAG ancestry graph	Parent models cryptographically linked; queryable via smart contract
Record-Keeping (Logging)	Art. 12	Immutable on-chain provenance records	All registrations, updates logged on-chain with timestamps
Transparency to Deployers	Art. 13	Public registry, queryable metadata	Anyone can query model lineage, training data, creator
Risk Management Documentation	Art. 9	Validator challenge mechanism flags risks	Community-driven risk identification via challenges
Market Surveillance	Art. 63	Regulators query registry for audits	Public API for regulatory bodies; transparent provenance

Article 11 (Technical Documentation): The AI Act requires a "detailed description of the elements of the AI system and of the process for its development." Origyn's model card structure (stored on IPFS) includes architecture details, parameter counts, training process descriptions, dataset provenance, hyperparameters, and evaluation metrics. Registration on Origyn automates this documentation, replacing manual PDF compilation.

Article 13 (Training Data): Providers must supply "information about the data used for training, testing and validation." Origyn stores dataset CIDs (IPFS hashes) on-chain, linking immutably to data cards. A regulator can verify the dataset without trusting the provider's self-reported claims.

Article 12 (Record-Keeping): High-risk AI systems must "technically allow for the automatic recording of events ('logs') over the lifetime of the system." Blockchain provides this natively. Every model registration, update, challenge, and royalty payment emits an on-chain event with a timestamp and immutable hash. Enterprises avoid building custom logging infrastructure.

Article 63 (Market Surveillance): National authorities "shall have the power to access the training, validation and testing datasets used by the provider." Origyn's public registry enables efficient surveillance. Regulators query by model type, creator, or deployment domain. ZK-proofs allow verification of compliance claims (e.g., "no PII in training data") without exposing proprietary datasets.

8.1.3 High-Risk AI Compliance Workflow

Origyn streamlines the compliance process for high-risk AI systems. The following workflow illustrates practical implementation:

Step 1: Determine Risk Level Assess whether the AI system falls under Annex III high-risk categories. A healthcare diagnostic model analyzing medical images qualifies under Annex III, point 5(a) (medical devices).

Step 2: Register Base Model on Origyn Upload a model card containing technical documentation (Article 11 requirement). Specify dataset CID (Article 13 requirement). Set creator address, timestamp, and license. The registration transaction stores these elements on-chain, with the full model card on IPFS.

Step 3: Register Fine-Tunes and Derivatives Link derivative models to their parents, establishing lineage. Document fine-tuning data, hyperparameter changes, and evaluation results. Origyn automatically tracks the full ancestry graph, satisfying Article 11's lineage requirements.

Step 4: Enable Logging (Article 12) All model updates log on-chain automatically. Deployment events can be logged via API integration (optional). Origyn provides an immutable audit trail with no custom infrastructure required.

Step 5: Generate Compliance Report Query Origyn's API for model provenance. Export compliance documentation in PDF or JSON format, including lineage graph, dataset provenance, technical docs, and event logs. This report becomes the "technical documentation" file for regulatory submission.

Step 6: Regulatory Audit Regulators query the Origyn registry to verify training data, lineage, and technical documentation. ZK-proofs can attest to privacy-sensitive compliance claims (e.g., "GDPR-compliant dataset") without revealing proprietary data.

Compliance Checklist (High-Risk AI):

• ✅ Risk management system documented

• ✅ Training data documented (dataset CID)

• ✅ Technical documentation (model card on IPFS)

• ✅ Record-keeping enabled (on-chain logs)

• ✅ Transparency to deployers (public registry)

• ✅ Human oversight (challenge mechanism)

• ✅ Market surveillance ready (regulatory API)

Time and Cost Savings: Traditional compliance requires 40-80 hours of manual documentation per model. Legal and compliance professionals typically charge $125-$200 per hour, yielding costs of $5,000-$16,000 per model. With Origyn, registration and model card upload take 1-2 hours, reducing costs by 90% or more. For enterprises managing dozens of models, savings compound rapidly.