Attestly
Home/Docs

Documentation

EU AI Act

How Attestly maps your code to Annex III risk classes.

Last updated May 6, 2026

The EU AI Act is the world's first comprehensive AI regulation. Most of its obligations apply to high-risk AI systems — listed in Annex III — and the bulk of those obligations come into force on August 2, 2026. This page explains what Attestly does to help you comply.

What Attestly does

  1. Classification. For each AI system in your codebase, Attestly assigns a default risk class (minimal, limited, high, unacceptable) based on what the system does and what data it touches. Reviewers can override per system.
  2. Annex IV technical documentation. When any of your AI systems is classified high-risk, Attestly produces a draft Annex IV file covering:
    • System purpose and intended use.
    • Datasets used (where applicable; we surface what we can detect from code — training data outside the repo is something only you can declare).
    • Risk-management measures.
    • Human-oversight measures.
  3. Conformity declarations. A conformity-assessment template is included in your AI Trust Center.
  4. Logging. Every model invocation surfaced through your code is logged to your audit trail with the citation that produced it. This makes "Article 12 record-keeping" defensible.

What Attestly does not do

  • We do not certify your conformity. That's the job of a notified body.
  • We do not perform fundamental-rights impact assessments. We help you prepare them.
  • We do not file with regulators. We give you the documents to file.
  • Now (May 2026): generate your AI Trust Center, fix any "blocking review" items, and publish.
  • Before August 2, 2026: for any high-risk system, complete the Annex IV draft Attestly produces, run a fundamental-rights impact assessment, and appoint a notified body if your system is in the safety-component category.
  • Ongoing: the drift bot will surface anything new. Annex IV documentation updates automatically.

Plain-language summary

The EU AI Act is more about process than outcome — it's not impossible to comply, but it requires you to prove that your AI systems are well-documented and monitored. Attestly's job is to do as much of that documentation work as possible from your code.