> ## Documentation Index > Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt > Use this file to discover all available pages before exploring further. # EU AI Act > 18 EU AI Act requirements mapped to Observatory controls, with scope by risk tier. Observatory ships with 18 EU AI Act requirements pre-mapped to operational controls. The scope of each requirement depends on the **risk tier** of the app (minimal / limited / high), set in the [AI Registry](../governance/ai-registry). *** ## Requirement scope by risk tier | Risk tier | Number of EU AI Act requirements in scope | | ---------------- | ----------------------------------------- | | **Minimal** | Transparency obligations only | | **Limited** | Transparency + user information | | **High** | All 18 requirements | | **Unacceptable** | Banned — flagged for removal | If an app's tier is set incorrectly, the wrong requirements light up. Confirm the tier before reading status. *** ## The 18 mapped requirements These are grouped roughly along the Act's structure. Observatory tracks them individually; the grouping is for readability. ### Risk management and quality (Articles 9, 17) | Requirement | Backing controls | | ------------------------- | ---------------------------- | | Risk management system | Risk Dashboard + Assessments | | Quality management system | Audit Trail + Evidence | ### Data and data governance (Article 10) | Requirement | Backing controls | | --------------------------- | ------------------------------------------------------- | | Training data governance | Manual evidence (data lineage docs) | | Validation and testing data | Datasets + Experiments | | Bias detection in training | Manual evidence + drift monitor on protected attributes | ### Technical documentation (Articles 11, 12, 13) | Requirement | Backing controls | | ------------------------ | ------------------------------------ | | Technical documentation | Manual evidence + registry metadata | | Record-keeping (logging) | Telemetry + 7-year retention setting | | Transparency to users | Manual evidence + UI screenshots | ### Human oversight (Article 14) | Requirement | Backing controls | | ------------------- | ---------------------------------- | | Human-in-the-loop | Manual evidence + tool definitions | | Override mechanisms | Manual evidence | ### Accuracy and robustness (Article 15) | Requirement | Backing controls | | -------------------- | ----------------------------------------- | | Accuracy levels | Evaluations + Experiments | | Cybersecurity | Policies (prompt-injection) + Audit Trail | | Robustness to errors | Alerts + Drift Monitor | ### Post-market monitoring (Article 61) | Requirement | Backing controls | | --------------------------- | ---------------------------------------- | | Post-market monitoring plan | Manual evidence (the plan document) | | Continuous monitoring data | Telemetry + Analytics | | Serious-incident reporting | Alerts with `incident` tag + Audit Trail | ### Notifications (Article 62) | Requirement | Backing controls | | --------------------------- | ------------------------------------------- | | Conformity assessment | Assessments template | | Registration in EU database | Manual evidence (registration confirmation) | *** ## Status semantics Each requirement evaluates to: * **Met** — all backing controls have approved, in-date evidence * **Partial** — some controls met, others have gaps * **Gap** — at least one control has no current evidence * **Out of scope** — risk tier doesn't trigger this requirement The Article-level roll-up is the worst status of its requirements (any Gap → Gap). *** ## Producing the audit pack The EU AI Act view supports a one-click export of the audit pack: * Per-requirement evidence list with timestamps * Backing telemetry summaries * Assessment results * Gap analysis with remediation plan ```http theme={"system"} POST /api/compliance/export?framework=eu-ai-act&app_id=... ``` Returns a ZIP with PDF and JSON outputs. *** ## Related resources Cross-framework view that includes EU AI Act. Many EU AI Act requirements overlap with NIST controls.