惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
EU AI Act Goes Live in 90 Days: What Developers Building AI Agents Actually Need to Do
Ashutosh Ran · 2026-05-01 · via DEV Community

If you're building AI agents for anything enterprise — education platforms, HR tools, healthcare apps, financial services — August 2, 2026 is a date worth knowing.

That's when the EU AI Act's Annex III obligations kick in for high-risk AI systems. Not "start planning" — actual legal enforcement, with fines up to €30 million or 6% of global annual turnover for non-compliance.

Most developer guides on the EU AI Act read like they were written by lawyers for other lawyers. This one is for people who write code.


What Actually Applies to You

The first question is always: does this apply to me?

The EU AI Act uses a four-tier risk classification:

  • Prohibited (Article 5): Manipulation, social scoring, real-time biometric surveillance in public spaces. Most developers aren't building this.
  • High-risk (Article 6 + Annex III): This is where most enterprise AI agents land.
  • Limited-risk: Chatbots, AI-generated content — transparency obligations apply.
  • Minimal-risk: Spam filters, recommendation engines, game AI. Essentially unregulated.

You're in the high-risk category if your system is either a safety component in a regulated product (medical device, vehicle) or operates in one of the sectors listed in Annex III:

  • Education: AI that determines access to educational institutions, or evaluates students' learning outcomes
  • Employment: Recruitment tools, CV screening, performance monitoring, task allocation
  • Essential services: Credit scoring, insurance risk assessment, utility access
  • Law enforcement and migration/asylum management
  • Critical infrastructure management

If you're building an admissions AI, an HR screening tool, a financial risk model, or a medical triage agent — you're in Annex III territory.

The multi-agent problem

When you chain agents together, the compliance question compounds. Each agent in a pipeline that makes a decision affecting a person in a covered sector needs to comply. There's no "the LLM just made a suggestion" defense if its output directly influences a consequential decision.

Frameworks like Google ADK, CrewAI, LangGraph, and AutoGen are neutral infrastructure. They don't know whether you're building a compliance-sensitive admissions system or a low-risk content assistant. That means the compliance layer is entirely your responsibility to add.


The Five Things You Actually Have to Build

1. Audit Logging (Article 12)

Every action your agent takes on behalf of someone covered by Annex III needs to be logged with enough detail to reconstruct the decision after the fact. This isn't optional debugging output — it's a legal record that must be retained and producible for auditors.

A useful audit log event for an agent action looks like this:

import json
from datetime import datetime, timezone
from dataclasses import dataclass, asdict

@dataclass
class AgentAuditEvent:
    timestamp: str
    session_id: str
    agent_id: str
    action: str
    inputs: dict
    outputs: dict
    confidence_score: float
    decision_rationale: str
    human_override_available: bool

def log_agent_action(event: AgentAuditEvent):
    record = asdict(event)
    record["timestamp"] = datetime.now(timezone.utc).isoformat()
    # Write to your SIEM, append-only database, or structured log store
    print(json.dumps(record))

Enter fullscreen mode Exit fullscreen mode

Design this layer to be immutable and queryable from day one. Retrofitting audit logging into an existing agent pipeline is painful.

2. Human Oversight (Article 14)

Article 14 is the one that requires the most architectural thought. High-risk AI systems must be designed so that humans can:

  • Monitor the system during operation
  • Understand outputs well enough to exercise appropriate judgment
  • Override, interrupt, or stop the system at any point

That last requirement is the hard one for agentic systems. When you have a multi-agent pipeline running autonomously, you need a technical mechanism — not just a documented policy — that allows a human to halt execution.

Confidence-gated escalation is one pattern that satisfies Article 14 structurally. The agent monitors its own uncertainty and routes to a human when confidence drops below a defined threshold, rather than proceeding with an unreliable answer:

from confidence_escalation import ConfidenceEscalationMiddleware, ThresholdPolicy

policy = ThresholdPolicy(
    low_confidence_threshold=0.6,  # route to human review below this
    critical_threshold=0.3,        # hard stop below this
)

middleware = ConfidenceEscalationMiddleware(
    policy=policy,
    on_escalate=lambda ctx: human_review_queue.enqueue(ctx),
    on_critical=lambda ctx: session_halt(ctx),
)

Enter fullscreen mode Exit fullscreen mode

The confidence-escalation package implements this pattern across LangChain, CrewAI, AutoGen, and Google ADK. But the pattern itself doesn't require any specific library. The key is that your agent has a defined behavior when it's uncertain, and that behavior routes to a human rather than guessing.

3. Transparency (Article 13)

Users interacting with a high-risk AI system must be told:

  • That they're interacting with an AI
  • What the system's capabilities and limitations are
  • How to contact a human if they need to

For voice and chat interfaces, this means disclosure at the start of every session, not buried in terms of service. For backend decision systems — like a loan scoring model — it means the person affected by the decision receives a plain-language explanation.

Build disclosure into session initialization as a first-class feature, not as a one-time consent screen that users click past once.

4. Accuracy and Robustness (Article 15)

Your system must minimize errors, resist adversarial inputs, and degrade gracefully. For LLM-based agents, this maps to:

  • Hallucination mitigation: Don't let uncertain outputs reach consequential decisions without a confidence check
  • Adversarial input handling: The OWASP Top 10 for LLM Applications covers prompt injection, data poisoning, and the Agentic AI Top 10 in detail — worth reading directly
  • Graceful degradation: If the AI can't answer reliably, define the fallback path explicitly. "I'm not confident enough to answer this" is a valid agent output. A hallucinated answer is not.

5. Risk Management System (Article 9)

Article 9 requires an ongoing risk management process, not a one-time compliance review. For engineering teams, this means:

  • A documented process for identifying new risks when you update the model or change the agent's tool set
  • Regular testing against your accuracy and robustness baselines
  • An incident log when the system behaves unexpectedly

This doesn't have to be heavyweight. A written process, a structured incident log, and a quarterly review cadence is a defensible starting point.


Building the Compliance Stack for Multi-Agent Systems

Here's the architecture challenge: all the major agent frameworks are compliance-neutral. They don't know which sector your agent operates in. This means you need to add a policy enforcement layer that runs before each agent action.

The pattern that works is a pre-execution compliance gate — a check that validates any planned action against your regulatory rules before it executes. For Google ADK, this maps cleanly to a BeforeToolInvocationCallback:

from regulated_ai_governance.adapters.google_adk_adapter import create_compliant_agent
from regulated_ai_governance import PolicyStack, FERPAPolicy, EUAIActPolicy

policy_stack = PolicyStack([
    EUAIActPolicy(
        risk_tier="high_risk",
        human_oversight_required=True,
        transparency_required=True,
    ),
    FERPAPolicy(
        authorized_user_types=["student", "registrar"],
    ),
])

agent = create_compliant_agent(
    base_agent=my_adk_agent,
    policy_stack=policy_stack,
    audit_logger=my_audit_logger,
)

Enter fullscreen mode Exit fullscreen mode

The regulated-ai-governance package implements this gate across Google ADK, CrewAI, LangChain, AutoGen, and Semantic Kernel. The same architectural pattern applies regardless of which framework you're using — policy evaluation before the action, not after.

For RAG systems in regulated sectors, the compliance layer needs to operate at the retrieval layer too, not just at the agent action layer. A FERPA-covered education AI should filter documents before they enter the context window, not after the LLM has already processed unauthorized content. The enterprise-rag-patterns library handles this with pre-retrieval filtering that enforces access control based on user identity and regulatory scope.


The August 2 Deadline: What's Actually Enforceable When

A quick timeline clarification:

Date What Applies
February 2, 2025 Prohibited practices (Article 5) — already in force
August 2, 2025 GPAI model obligations (Article 51-56)
August 2, 2026 High-risk AI systems in Annex III — education, employment, essential services
August 2, 2027 Annex I safety component systems

Fines for Annex III non-compliance: up to €20 million or 4% of global annual turnover, whichever is higher. The full regulation text is publicly available on EUR-Lex — the recitals are worth reading because they explain the legislative intent behind specific articles in plain language.

The EU AI Act doesn't require pre-registration the way GDPR's Data Protection Impact Assessment does. But if an incident occurs or a regulator audits you, you need to demonstrate that Articles 9-15 were implemented. The burden of proof is on the system operator.


Where to Start

If you're building AI agents in any Annex III sector, here's a practical starting checklist:

  1. Classify your system honestly. "Educational AI" that influences student outcomes = high-risk. Don't minimize it.
  2. Add structured audit logging now. Every agent action, every tool call, every confidence score. Retrofit is painful.
  3. Design in a human override path. At minimum: a review queue where a human can halt any agent decision before it becomes final.
  4. Document your risk management process. A one-page document describing how you identify and address new risks is better than nothing — and it's evidence.
  5. Build AI disclosure into session init. Not a checkbox. An actual first-message disclosure at the start of every user session.
  6. Test for adversarial inputs. At least run prompt injection and data poisoning test cases against your agent before August.

The technical implementations here — audit logging, confidence checks, human escalation, policy gates — are engineering best practices that happen to also be legally required. The systems that handle these well tend to work better anyway: fewer silent failures, clearer failure modes, more trustworthy outputs.

The deadline is real. Three months is enough time to build this right.


If you want to dig into the implementation patterns, the repos I reference in this article all have working examples: regulated-ai-governance, confidence-escalation, enterprise-rag-patterns. The EU AI Act official consolidated text is on EUR-Lex.