EU AI Act Compliance with Curate-Me
The EU AI Act (Regulation 2024/1689) takes full effect on August 2, 2026. Curate-Me provides the technical controls you need to meet key requirements for human oversight, transparency, data governance, and record-keeping.
EU AI Act Timeline
Aug 1, 2024
Act entered into force
Feb 2, 2025
Unacceptable-risk bans apply
Aug 2, 2025
General-purpose AI rules apply
Aug 2, 2026
High-risk AI rules apply
156 days until full enforcement (August 2, 2026)
High-risk AI system requirements, including human oversight, transparency, and record-keeping obligations, take effect on this date.
How Curate-Me Maps to the AI Act
Each requirement of the EU AI Act maps to specific Curate-Me features that provide technical compliance controls out of the box.
Human Oversight
Article 14
Regulatory Requirement
AI systems shall be designed to be effectively overseen by natural persons during their period of use.
Curate-Me Implementation
High-cost or sensitive AI operations are automatically routed to a human approval queue. Reviewers can approve, reject, or modify requests before they execute. Configurable thresholds let you define what requires human review.
Transparency
Article 13
Regulatory Requirement
High-risk AI systems shall be designed to ensure their operation is sufficiently transparent to enable users to interpret and use the output appropriately.
Curate-Me Implementation
Every gateway request, governance decision, cost calculation, and runner lifecycle event is recorded to an append-only audit log. 27 event types provide full traceability from request to response.
Data Governance
Article 10
Regulatory Requirement
Training, validation, and testing data sets shall be subject to appropriate data governance and management practices.
Curate-Me Implementation
Before any request reaches an LLM provider, the gateway scans for API keys, passwords, PII, and sensitive data using pattern matching. Matches are blocked automatically. Content is scanned in memory and never stored.
Risk Management
Article 9
Regulatory Requirement
A risk management system shall be established, implemented, documented, and maintained.
Curate-Me Implementation
Real-time cost tracking with per-request limits, daily budget caps, and organization-level spending controls. Rate limiting prevents runaway consumption. Budget alerts notify stakeholders before thresholds are hit.
Record-Keeping
Article 12
Regulatory Requirement
High-risk AI systems shall support automatic recording of events (logs) while the system is in operation.
Curate-Me Implementation
Every API call through the gateway generates structured log records including model, token counts, cost, latency, and governance policy results. Records are retained for 90 days (usage) and 1 year (audit events), exportable via API.
Proportionality
Article 5 & General Principles
Regulatory Requirement
AI systems should be proportionate to their intended purpose and not create unnecessary risks.
Curate-Me Implementation
Control exactly which AI models each team or API key can access. Rate limiting ensures proportional resource consumption. Combined with cost caps, this prevents over-deployment of powerful models where simpler ones suffice.
Frequently Asked Questions
Common questions about the EU AI Act and how Curate-Me can help.
What is the EU AI Act?
The EU AI Act (Regulation 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It establishes rules for AI systems based on their risk level, from minimal to unacceptable risk. It applies to any organization that deploys or develops AI systems affecting people in the EU.
When does the EU AI Act take effect?
The EU AI Act entered into force on August 1, 2024. Most provisions, including requirements for high-risk AI systems, apply from August 2, 2026. Some provisions (like bans on unacceptable-risk AI) applied earlier, from February 2, 2025.
Does the EU AI Act apply to me?
If your AI systems are used by or affect people in the EU, the Act likely applies to you regardless of where your company is based. This includes SaaS products with EU customers, AI-powered services accessible from the EU, and AI systems whose outputs are used in the EU.
Is Curate-Me itself an AI system under the Act?
Curate-Me is a governance and infrastructure layer, not an AI system that generates outputs. We provide the tools to help you comply with the Act for the AI systems you deploy through our gateway. The LLM providers (OpenAI, Anthropic, etc.) are the AI system providers.
Does using Curate-Me guarantee EU AI Act compliance?
No. Curate-Me provides technical controls that support compliance, but compliance is a holistic process that includes organizational measures, documentation, risk assessments, and legal review. We provide the technical infrastructure; you are responsible for the full compliance program.
Can I get a compliance report from Curate-Me?
Yes. The dashboard provides exportable audit reports covering governance decisions, cost records, HITL approval history, and PII scanning activity. Enterprise customers can receive customized compliance documentation. Contact enterprise@curate-me.ai for details.
Be Ready for August 2, 2026
Start building your compliance infrastructure today. Curate-Me provides the technical controls for human oversight, transparency, and record-keeping that the EU AI Act requires.