Acme BV has foundational AI governance in place but has material gaps in audit logging, formal risk assessment, and documented human oversight procedures. Remediation recommended before Q3 2026 EU AI Act enforcement date.
| Framework | Requirement | Status | Notes |
|---|---|---|---|
| EU AI Act | Human oversight (Art. 14) | Partial | Oversight policy exists but not systematically enforced |
| EU AI Act | Audit trail & logging (Art. 12) | Gap | No structured action-level logging in place |
| EU AI Act | Conformity assessment | Gap | No formal assessment conducted |
| ISO 42001 | AI risk assessment | Partial | Informal review in 2025, not documented |
| ISO 42001 | Incident management | Compliant | General IT incident process covers AI agents |
| GDPR / AVG | Data minimisation in AI outputs | Partial | DPIA updated, output filtering not implemented |
| SOC 2 | Change management | Compliant | All agent changes tracked in version control |
This agent is classified as high-risk under EU AI Act Annex III. Immediate implementation of human approval step required for transactions above €500. Estimated remediation: 2 days.
Legal hold and incident investigation capability is unavailable. Implement action-level logging with 90-day retention before Q2 2026. AgentLedger can automate this in under 1 hour.
Informal 2025 review meets the spirit but not the letter of ISO 42001. Document findings and obtain management sign-off. Template available in AgentLedger dashboard.
All agent deployments tracked in version control with clear ownership. Maintain current practice; add automatic notification to compliance team on production deployments.
Connect your AI agents to AgentLedger and get a live, exportable PDF report like this — with your actual data, auto-updated monthly.
Start free trial → Take the Risk Scanner