EU Regulation · Artificial intelligence
EU AI Act compliance, continuously monitored
The EU AI Act applies in phases through to 2027, and much of the operational detail is still being written in standards and guidance. Kalipso tracks every change, maps it to your AI systems and their risk classification, and shows you exactly what still needs to be done.
What is EU AI Act?
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the world’s first comprehensive horizontal law for artificial intelligence. It takes a risk-based approach: it prohibits a defined set of unacceptable AI practices, imposes substantial obligations on “high-risk” AI systems, sets transparency duties for certain systems, and creates a distinct regime for general-purpose AI (GPAI) models.
The AI Act entered into force on 1 August 2024 and applies in phases: the prohibitions on unacceptable practices have applied since 2 February 2025, obligations for general-purpose AI models since 2 August 2025, and the bulk of the high-risk obligations phase in through 2026 and into 2027. It is not a one-off project: the Commission, the AI Office and the standardisation bodies continue to publish guidelines, harmonised standards and codes of practice that define what compliance means in practice. For financial firms, systems such as creditworthiness assessment and risk pricing in life and health insurance can fall within the high-risk category.
What EU AI Act requires
Prohibited-practice screening
Identify and stop any AI use that falls within the banned categories, such as certain manipulative, social-scoring or untargeted facial-recognition practices.
Risk classification of AI systems
Determine, and keep current, whether each AI system is high-risk, limited-risk or minimal-risk — and whether any GPAI obligations apply.
High-risk system requirements
For high-risk systems, operate risk and data-governance management, technical documentation, logging, human oversight, accuracy and robustness, and the required conformity assessment.
Transparency obligations
Inform people when they interact with an AI system or with AI-generated content, where the Act requires it.
Governance and registration
Assign accountability, register high-risk systems where required, and maintain post-market monitoring and serious-incident reporting.
How Kalipso helps with EU AI Act
Never miss a standard
Kalipso’s Regulatory Radar tracks the AI Act itself plus the delegated and implementing acts, harmonised standards, GPAI codes of practice and AI Office guidance — the moment they publish.
From text to obligation
Each update is parsed into the concrete obligations it creates or changes for your AI systems, ranked by how much it affects your firm — not a raw feed you have to read end to end.
Gap analysis against your controls
Map the Act’s requirements to your AI governance, model documentation and oversight controls, and surface exactly where documentation or controls fall short for each classified system.
Audit-ready evidence
Every decision, owner and remediation step is logged, so you can show regulators a defensible trail of how each system was classified and governed rather than reconstructing it under pressure.
EU AI Act by sector
“Kalipso replaced days of manual horizon scanning with a prioritised list of what actually affects us — and the evidence trail our auditors ask for.”
Frequently asked questions
When does the EU AI Act apply?
The AI Act entered into force on 1 August 2024 and applies in phases. The prohibitions on unacceptable practices have applied since 2 February 2025, general-purpose AI obligations since 2 August 2025, and the majority of high-risk obligations phase in through 2026 and into 2027.
Is AI used in financial services high-risk?
It can be. The Act treats certain financial use cases as high-risk — notably AI used to assess creditworthiness or credit scores, and AI used for risk assessment and pricing in life and health insurance. Classification is system-specific, so each AI system needs its own assessment against the Act’s criteria.
How does Kalipso keep AI Act compliance current?
Kalipso continuously monitors the regulation and all related delegated acts, standards, codes of practice and guidance, converts each change into the obligations it affects, and flags the gaps against your AI governance framework — so your programme stays current without manual horizon scanning.
See Kalipso on your obligations
Request a walkthrough and we will show you how Kalipso monitors regulatory change, maps it to your obligations and tracks every gap to closure — on your own regulatory scope.