Governance

June 4, 2026

10 min read

EU AI Act for
Autonomous Agents

“The EU AI Act does not ask you to trust your agent. It asks you to prove what it did â€” and why it was allowed to do it.”

The Compliance Gap for Agentic AI

The EU AI Act (Regulation 2024/1689) places strict obligations on high-risk AI systems. But autonomous agents present a unique challenge: they make consequential decisions and take real actions without continuous human supervision. Traditional logging and documentation practices were designed for passive prediction systems, not for agents that modify files, send emails, or trigger financial transactions.

This article maps the EU AI Act's three most technically demanding articles â€” 13, 14, and 17 â€” to a concrete evidence architecture that autonomous AI teams can implement today. We show how VEX Protocol's Evidence Capsules provide the technical substrate for compliance without duplicate instrumentation.

Article 13: Transparency and Provision of Information

The requirement:High-risk AI systems must produce outputs that are interpretable by users and deployers. Users must be informed they are interacting with an AI system, and the system must provide “clear and meaningful information” about its capabilities and limitations.

The agentic challenge:An autonomous agent may take dozens of tool calls to complete a task. A single “success” response tells you nothing about what files were read, what APIs were called, or what parameters were passed. Transparency requires per-action attribution, not just task-level summaries.

The evidence architecture: Each governed action produces an Evidence Capsule containing:

The proposed action

What the agent requested â€” tool name, arguments, target system.

The authorization context

What policy authorized this action â€” role, scope, time-bound constraints.

The execution outcome

What actually happened â€” success, block, escalation, with timestamps.

The witness record

A tamper-evident log linking the capsule to a Merkle audit trail for post-hoc verification.

Article 14: Human Oversight

The requirement:High-risk AI systems must be designed to allow human operators to “intervene, override, or stop operation at any time.” Oversight must be technically enforceable â€” not just documented in a policy manual.

The agentic challenge: An agent with unconditional tool authority cannot be overridden in practice. By the time a human reviews the action, the file has been deleted, the email sent, or the database modified. Post-hoc review is not oversight; it is incident response.

The evidence architecture: VEX Protocol implements execution boundary governance:

Proposal phase

The agent proposes an action but cannot execute it. The proposal is logged and evaluated against policy.

Authorization gate

A policy engine evaluates the proposal against role, scope, and risk rules. High-risk actions require explicit human approval.

Execution with evidence

Only authorized actions cross the execution boundary. Each crossing produces an Evidence Capsule.

Emergency halt

A circuit-breaker mechanism stops all agent tool access within milliseconds, preserving forensic state.

This is not logging. This is governance at the execution boundary â€” the only place where human oversight can be technically enforced for autonomous systems.

Article 17: Quality Management System

The requirement: Providers must implement a quality management system covering risk management, data governance, technical documentation, and post-market monitoring. Records must be complete, accurate, and available for regulatory inspection.

The agentic challenge: Traditional audit trails can be modified, deleted, or truncated. A quality management system built on mutable logs cannot satisfy the integrity requirements of Article 17 â€” especially when the agent itself has write access to the log storage.

The evidence architecture: Cryptographic commitment ensures tamper-evidence:

Merkle-chain integrity

Each Evidence Capsule is hashed and linked into a Merkle tree. Modifying any historical capsule invalidates the chain, making tampering cryptographically detectable.

Merkle Audit Trail â€” ProvnAI Glossary

Separation of duties

The evidence system operates independently from the agent runtime. The agent cannot modify its own audit trail because the trail is produced by a separate, isolated governance component.

TEE Isolation â€” ProvnAI Glossary

Temporal attestation

Each capsule includes a timestamp from a trusted time source, preventing backdating or reordering of events after the fact.

Witness Log â€” ProvnAI Glossary

One Architecture, Multiple Frameworks

The same evidence architecture that satisfies EU AI Act Articles 13, 14, and 17 also supports:

DORA (Digital Operational Resilience Act)

ICT risk management and incident reporting â€” Evidence Capsules provide structured, attributable incident records.

SOC 2 Type II

System availability and processing integrity â€” tamper-evident logs support auditor review of control effectiveness.

NIS2 Directive

Cybersecurity risk management â€” execution boundary governance maps to 'appropriate technical measures' for critical entities.

ISO/IEC 42001 (AI Management Systems)

AI risk assessment and treatment â€” Evidence Capsules provide objective evidence of AI system behavior and controls.

Implementation: From Theory to Production

Teams do not need to rebuild their agent infrastructure to implement evidence-based governance. VEX Protocol integrates at the execution boundary â€” the narrowest possible integration point:

Define authority policies

Declare which tools, scopes, and parameters each agent role is permitted to use. Policies are expressed as structured rules, not natural-language guidelines.

Integrate the execution gate

Place the VEX governance component between the agent runtime and the tool execution layer. This is typically a single API call or middleware insertion.

Enable Evidence Capsule generation

Every authorized action produces a capsule. Every blocked action produces a capsule. Every escalation produces a capsule. Nothing executes without evidence.

Export audit trails

Capsules can be exported to SIEMs, compliance platforms, or long-term archival storage in standard formats (JSON, CEF, LEEF).

Design for compliance from the execution layer.

See how VEX Protocol maps to EU AI Act, DORA, and SOC 2 requirements with a single evidence architecture.

Explore VEX Protocol Compliance Overview Apply for Pilot

Security·June 4, 2026

What is an MCP Security Proxy? Real Attacks, Real Policies

How an MCP security proxy intercepts tool calls before execution, blocking prompt injection, SSRF, and path traversal.

Read Article

Security·May 20, 2026

MCP Security in Production: The Definitive 2026 Guide

A layer-by-layer guide to securing MCP deployments — attack surface, five-layer defense, and production checklist.

Read Article

Governance·May 14, 2026

EU AI Act for Agentic AI: Technical Compliance Requirements

High-risk classification, Articles 13/14/17, and the evidence architecture that supports compliance.

Read Article

Architecture·May 6, 2026

OWASP Top 10 for AI Agents: The 2026 Threat Model

The definitive vulnerability taxonomy for autonomous AI deployments — 10 risk categories with mitigations.

Read Article