Skip to content
Learni
View all tutorials
Réglementation IA

How to Ensure EU AI Act Compliance for AI Systems in 2026

18 minINTERMEDIATE
ConformitéEU AI ActIA Responsable
Lire en français

Introduction

The EU AI Act imposes strict obligations based on the risk level of AI systems. Companies must classify their systems, document processes and ensure traceability. This tutorial guides you step by step to achieve technical compliance in 2026. We combine regulatory analysis with concrete tools: classification scripts, YAML configuration files and automated audits. Each section includes functional code you can deploy immediately.

Prerequisites

  • Python 3.11+ and Node.js 20+
  • Basic knowledge of TypeScript and YAML
  • Access to a Git repository to version documentation
  • Understanding of high / limited / minimal risk concepts

Automatic Risk Classification

classify_risk.py
from enum import Enum

class RiskLevel(str, Enum):
    MINIMAL = "minimal"
    LIMITED = "limited"
    HIGH = "high"
    UNACCEPTABLE = "unacceptable"

def classify_ai_system(purpose: str, data_sensitivity: int, autonomy: float) -> RiskLevel:
    if "biometric" in purpose.lower() or data_sensitivity >= 9:
        return RiskLevel.UNACCEPTABLE
    if autonomy > 0.8 and data_sensitivity >= 7:
        return RiskLevel.HIGH
    if data_sensitivity >= 5:
        return RiskLevel.LIMITED
    return RiskLevel.MINIMAL

# Example usage
result = classify_ai_system("facial recognition", 9, 0.95)
print(result.value)

This script automatically classifies an AI system according to EU AI Act criteria. It returns the risk level and triggers the corresponding obligations.

Generating the Technical File

ai-act-documentation.yml
system:
  name: "Système de scoring crédit"
  version: "2.3.1"
  risk_level: "high"
  provider: "VotreEntreprise"
  deploy_date: "2026-03-15"

transparency:
  purpose: "Évaluation du risque de crédit"
  data_sources: ["historique_bancaire", "données_publiques"]
  human_oversight: true

technical_documentation:
  model_architecture: "Gradient Boosting"
  training_dataset_size: 1250000
  bias_metrics:
    demographic_parity: 0.92
    equalized_odds: 0.89
  last_audit: "2026-01-10"

This YAML file centralizes all mandatory information required by Article 11 of the EU AI Act for high-risk systems.

Traceability Audit Script

audit-logger.ts
interface AIActLog {
  timestamp: string;
  systemId: string;
  inputHash: string;
  decision: string;
  humanReviewer?: string;
}

export class AIActAuditLogger {
  private logs: AIActLog[] = [];

  logDecision(systemId: string, input: object, decision: string, reviewer?: string): void {
    const entry: AIActLog = {
      timestamp: new Date().toISOString(),
      systemId,
      inputHash: Buffer.from(JSON.stringify(input)).toString('base64'),
      decision,
      humanReviewer: reviewer
    };
    this.logs.push(entry);
    console.log('EU AI Act log créé:', entry);
  }

  exportLogs(): AIActLog[] {
    return [...this.logs];
  }
}

This TypeScript logger ensures the traceability of decisions required for high-risk systems. Each entry is timestamped and hashed.

Human Oversight Measures Configuration

human-oversight.json
{
  "oversight": {
    "required": true,
    "reviewThreshold": 0.75,
    "reviewers": ["data-protection-officer", "risk-manager"],
    "escalationPath": "legal-team@company.com",
    "maxResponseTimeHours": 24
  },
  "logging": {
    "retentionDays": 2555,
    "encryption": "AES-256"
  }
}

JSON configuration file defining mandatory human supervision processes for high-risk systems according to Article 14.

Automated Compliance Verification

compliance-check.sh
#!/bin/bash
set -e

echo "Vérification EU AI Act..."

if [ ! -f "ai-act-documentation.yml" ]; then
  echo "ERREUR: Documentation manquante"
  exit 1
fi

if ! grep -q 'risk_level: "high"' ai-act-documentation.yml; then
  echo "Système à risque limité ou minimal - aucune action supplémentaire"
else
  echo "Système à haut risque détecté - audit requis"
  python3 classify_risk.py
fi

echo "Conformité vérifiée le $(date)"

Bash script that automates the initial compliance check and triggers audits for high-risk systems.

Best Practices

  • Always version all YAML and JSON documentation files in Git
  • Integrate audit scripts into your CI/CD pipeline
  • Train your legal and technical teams on classification criteria
  • Conduct an internal audit every 6 months
  • Retain logs for at least 7 years as required by the regulation

Common Mistakes to Avoid

  • Forgetting to update the risk level after modifying the model
  • Failing to document human oversight measures
  • Storing logs without encryption or retention policy
  • Manual classification without reproducible verification scripts

Further Reading

Deepen your skills with our certified training on AI governance and regulatory compliance. Discover our complete programs at https://learni-group.com/formations.