High-risk AI systems shall be designed and developed in such a way to ensure that their operation is sufficiently transparent to enable deployers to interpret the system's output and use it appropriately.
EU AI Act
Five articles, two chains, five clocks.
Articles 13, 14, 26, 27, 73 — answered with bytes the regulator replays, not estimates from a dashboard.
5 articles·2 chains·5 regulator clocks
Evidence pointers · per article
{
"audit_target": "EU AI Act 2024/1689",
"scope": {
"Article 13": "DecisionTrace.chainHash",
"Article 14": "ReviewItem (linked by traceId)",
"Article 26": "matchedPolicy.name + matchCount",
"Article 27": "FRIA.chainHash",
"Article 73": "IncidentClock × 5 regulators"
}
}Each pointer links to a backend artefact verified in §02 below. The Decision Hash Chain and the FRIA chain both replay independently; Articles 14, 26, and 73 link via traceId, matchedPolicy, and evidenceTraceId respectively.The table the auditor reads.
Five articles, five rows. Each row pairs the obligation in the regulator's words with the Adjudon artefact that satisfies it and the engine that produces the artefact. This is the deepest mapping on the site — the engine-detail pages cover Articles 13, 14, and 26 individually; here they sit beside Articles 27 and 73 in one place.
| Article | Obligation | Adjudon artefact | Engine |
|---|---|---|---|
| Article 13 | Deployer must be able to read how outputs are produced — input, decision, confidence score, policy outcome. | Per-trace inputContext + outputDecision + confidenceScore + tags + matchedPolicy persisted on DecisionTrace. The whole trace is chainHash-anchored on the Decision Hash Chain. | Confidence Engine + Policy Engine + Audit Trail |
| Article 14 | Human oversight on AI decisions must be feasible — flagged decisions reviewable, override possible. | suggestedStatus = 'flagged' | 'escalated' auto-routes the trace to the Review Queue. Reviewer decision (approve / reject / escalate) recorded on ReviewItem linked by traceId. Review action audit-logged on the Operations chain. | Confidence Engine + Operations Audit Log |
| Article 26 | Deployer must operate AI per the instructions of use, monitor operation, and keep logs. | matchedPolicy.name + policyResult.reason on each blocked trace. Per-policy matchCount + lastMatched persisted. Audit-log entry written before the response. | Policy Engine + Audit Trail |
| Article 27 | Fundamental Rights Impact Assessment for Annex III high-risk systems and public-body deployers. | FRIA model carries its own chainHash — every submission hashed and signed by reviewer. Status, evidence attachments, reviewer ObjectId all persisted. | FRIA Wizard · Governance+ |
| Article 73 | Notify market surveillance authority within 2 / 10 / 15 days depending on severity. | IncidentClock with regulator: 'aiact' + articleRef: 'Art. 73' + three staged checkpoints (2 d / 10 d / 15 d). Each checkpoint carries evidenceTraceId linking back to the trace-chain. | Multi-Clock Incident Hub · Governance+ |
Full per-article reference and the verify-replay algorithm live in docs.adjudon.com/compliance/eu-ai-act.
One incident. Five clocks. Parallel countdowns.
A single AI Act incident usually triggers four other regulators at the same time. Adjudon's Multi-Clock Incident Hub starts five IncidentClock records the moment an Incident is opened — one per regulator — each with its own staged checkpoints. The matrix below is the actual checkpoint schedule, in production today.
| Regulator | Article | Early checkpoint | Intermediate | Final |
|---|---|---|---|---|
| GDPR | Art. 33 | — | — | 72 h |
| EU AI Act | Art. 73 | 2 d | 10 d | 15 d |
| DORA | Art. 19 | 4 h | 72 h | 30 d |
| NIS2 | Art. 23 | 24 h | 72 h | 30 d |
| CRA | Art. 14 | 24 h | 72 h | 14 d |
Each IncidentClock carries its own checkpoints array. A checkpoint is marked complete with a completedAt timestamp and an evidenceTraceId linking back to the trace that supports the report. The clock's status is one of active · paused · completed · breached.
Why "trust signal" is not Article-13 evidence.
Probabilistic AI-governance tools produce reports that say the system "likely" complied. Article 13 does not accept "likely." It demands transparency about how the output was produced — input, decision, confidence, policy match. Adjudon's per-trace chainHash plus the matchedPolicy.name are not estimates; they are the bytes the regulator replays.
| Topic | Probabilistic AI-governance | Adjudon |
|---|---|---|
| The regulator's evidence | A report concluding "likely complied." | The actual bytes — chainHash + matchedPolicy.name per decision. |
| Article 13 fit | "Likely" doesn't satisfy "transparency about how outputs are produced." | Per-trace evidence anchored on the chain, replayable on demand. |
| Tamper detection | Trust the vendor's dashboard display. | SHA-256 chain breaks visibly; verify endpoint reports brokenAt: <sequence>. |
The auditor leaves with a hash. Not a screenshot.
You've seen five articles, five regulator clocks, and three rows of contrast. Next: wire one trace, watch the chain build, and hand your auditor the export bundle when they ask. The first call lands at the engineer who built the mapping — not at an SDR.
Primary sourcesEU AI ActArt. 13(1) EU AI ActArt. 14(1) EU AI ActArt. 73(1)
The text the regulator actually wrote.
High-risk AI systems shall be designed and developed in such a way that they can be effectively overseen by natural persons during the period in which they are in use.
Providers of high-risk AI systems placed on the Union market shall report any serious incident to the market surveillance authorities of the Member States.