ADIC and the EU AI Act: A Working Mapping of the "Evidence Chain" Missing in AI Governance
- kanna qed
- 4月21日
- 読了時間: 13分
Premise: Axis of Comparison and Competitive Structure
ADIC's strength lies not in the "optimization of individual articles," but in its integrative capacity to enclose the chain of evidence required for legal compliance within a single verification system. Important caveat: ADIC's distinctive value holds only when it is "explicitly incorporated into the system design as an enforcement point for governance boundaries." If used as an external audit wrapper, its contribution to each article will be fragmented.
▶ Click here for details on ADIC
A Practical 4-Layer Classification of Competitors
In this mapping, competitors are grouped into the following 4 practical layers. Since the granularity was mixed up in the previous version, it has been completely reorganized.
Layer | Category | Key Products/Tools |
L1 | Dedicated AI Governance & Lifecycle Management | ModelOp, Collibra AI Governance, Monitaur, Credo AI, Holistic AI, DataRobot AI Governance |
L2 | AI Security, Agent Governance & Observability | Protect AI, HiddenLayer, Lakera, F5 AI Guardrails, Arthur AI |
L3 | Data/AI Catalog, Lineage & GRC Integration | Databricks Unity Catalog, Microsoft Purview, IBM OpenPages, ServiceNow AI Governance, OneTrust |
L4 | Assurance, Certification Bodies & Management System Standards | ISO/IEC 42001, BSI, DNV, SGS, TÜV SÜD, Bureau Veritas |
Ref | XAI, Fairness, Formal Verification & MLOps (For comparison) | SHAP/LIME/InterpretML, IBM AIF360/Fairlearn, Gappa/FPTaylor/PRECiSA, MLflow/W&B/IBM FactSheets |
Repositioning of Arthur AI (Correction from the previous version): Placing Arthur on the "conformity assessment side" in the previous version was a mistake. In 2025, Arthur released the Agent Discovery and Governance (ADG) Platform, clearly shifting its focus to agent observability, policy enforcement, guardrails, and security. It is repositioned to L2.
A Working Mapping of Competitors by Article
Art. 9: Risk Management System
Core: Institutionalization of continuous risk identification, assessment, mitigation, and residual risk management throughout the lifecycle.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp | ◎ | Risk scoring linked with AI inventory; automation of risk management across the lifecycle. |
L1 | Collibra AI Governance | ◎ | Provides EU AI Act readiness assessment. Achieved ISO 42001 certification (announced Jan 2025). Risk assessment & continuous management. |
L1 | Monitaur | ◎ | For regulated industries like insurance/finance. Audit-ready governance, policy-to-proof management. |
L1 | Credo AI | ◎ | Continuous assessment via Policy Pack. Cross-regulatory compliance management. |
L3 | IBM OpenPages | ◎ | Institutionalizes the risk management cycle as a GRC integration platform. |
L3 | ServiceNow AI Gov | ◎ | Risk management workflow automation, escalation management. |
ADIC | △ Complement | Functions as a technical basis for mitigation measures, but the institutionalization and continuous operation of the risk management cycle are the domain of L1/L3 tools. Not a competitor but a complement. |
Art. 10: Data Governance
Core: Quality, representativeness, and bias management of training and validation data.
Layer | Products/Tools | Strength | Nature of Response |
L3 | Databricks Unity Catalog | ◎ | Integration of data+AI lineage, catalog, and data governance. High affinity with Art. 10, 11, and 12. |
L3 | Microsoft Purview | ◎ | Integration of data security, governance, and compliance. Main focus is data governance. |
L1 | Collibra AI Governance | ◎ | Integration of data catalog+AI governance. Unified management of data lineage, quality, and AI usage. |
Ref | IBM AI Fairness 360 | ◎ | Comprehensive library for bias detection and mitigation. |
Ref | Microsoft Fairlearn | ◎ | Fairness metrics and mitigation algorithms. |
Ref | Amazon SageMaker Clarify | ◎ | Detection of data bias and model bias. |
ADIC | — N/A | Data quality, representativeness, and bias are completely out of scope. It is a technology focused on computational safety on the primitive core. |
Art. 11: Technical Documentation
Core: Creation and maintenance of consistent technical documentation including design, algorithms, verification methods, and performance limits. Evidence consistency capable of withstanding third-party auditing.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp | ○ | Automated model card generation, metadata, evidence capture. Retrospective document generation. |
L1 | Collibra AI Governance | ○ | AI lineage, design documentation, compliance document management. |
L1 | Credo AI | ○ | Audit-ready artifacts for model cards, impact assessments, and vendor risk assessments. |
L3 | Databricks Unity Catalog | ○ | Lineage documentation of data and models. |
Ref | IBM FactSheets / watsonx | ○ | Structured documents of model facts, performance, and intent. Retrospective explanatory documents. |
Ref | Google Model Cards | ○ | Standardized document templates for model performance and limits. Retrospective explanatory documents. |
Ref | W&B / MLflow | ○ | Experiment/model versioning, reproducibility support. |
ADIC | ⭐ Strong fit | The certificate structure itself is the core of the technical documentation. While other tools "generate documentation after verification," in ADIC, "the verification process itself functions as documentation." The realized ledger, integer witnesses, and specification constraints simultaneously record the design, verification methods, and performance boundaries. It is not a system that "adds explanations later," but one where "the rationale for approval can be re-executed retrospectively." |
Decisive difference of ADIC: It is not about the means of generating a document, but the fact that the act of verification and the document itself are one and the same.
Art. 12: Record-Keeping / Traceability
Core: Automatic logging throughout the operation period and post-hoc traceability of decision-making rationales. Utilization for risk management, substantial modification, post-market monitoring, and deployer monitoring.
Layer | Products/Tools | Strength | Nature of Response |
L2 | Arthur AI | ○ | Agent observability, full trace visualization, tool selection evaluation. However, these are observability logs of "what happened." |
L2 | Fiddler AI | ○ | Model monitoring logs with explainability, guardrails. |
L1 | Monitaur | ○ | Audit trails, model traceability. |
L3 | Databricks Unity Catalog | ○ | Data lineage, logging of AI operations. |
Ref | Evidently AI / WhyLabs... | ○ | Automated monitoring logs, drift detection records. |
Ref | W&B / MLflow | △ | Experiment logs, artifact management. |
ADIC | ⭐ Strong fit | The realized ledger is not merely a log but a "record that allows a third party to re-execute the decision-making rationale." Logs of other tools are records of "what happened." ADIC's ledger is a "record that allows a third party to independently reproduce why it was ACCEPTED by running the same verifier." The quality of traceability required by Art. 12 is fundamentally different in structure. |
Decisive difference of ADIC: Re-executability via deterministic replay is the essential difference from mere records.
Art. 13: Transparency and Provision of Information to Deployers
Core: Provision of information enabling the deployer to understand the system's capabilities, limitations, and appropriate use for operation.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp / Credo AI | ○ | Provision of structured information on AI capabilities and limitations. |
L1 | Collibra AI Governance | ○ | Transparency and explanatory documents of AI usage. |
Ref | SHAP / LIME / InterpretML | ◎ | Visualization of individual prediction grounds for users. |
Ref | Google Vertex AI Explain | ◎ | Cloud-native explainability. |
Ref | IBM Watson OpenScale | ○ | Transparency dashboards for bias and accuracy. |
ADIC | △ Complement | The formal definition of operational boundaries (which input ranges satisfy which constraints) serves as the technical basis for providing information to deployers. The clear presentation of limitations, stating "this system is proven to satisfy this specification within this boundary," functions as the foundation for Art. 13 requirements. However, the user-facing UI and explanatory documents are outside of ADIC. |
Art. 14: Human Oversight
Core: Design allowing humans to properly interpret outputs, and to oversee, stop, or intervene. Effective oversight including human-machine interfaces.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp | ○ | Human approval and escalation within governance workflows. |
L1 | Credo AI / Monitaur | ○ | Human-in-the-loop policy management, approval gates. |
L3 | ServiceNow AI Gov | ○ | Institutionalization of human oversight workflows and stopping mechanisms. |
L2 | Arthur AI | △ | Anomaly detection via guardrails → human alerts. |
L2 | Lakera / Protect AI | △ | Runtime defense → intervention triggers. |
ADIC | 💪 Strong | The ACCEPT/REJECT structure technically defines intervention points. In a design where "only outputs that pass the boundary fixed by ADIC are adopted," a REJECT automatically becomes a human intervention trigger, making it possible to technically implement the effective oversight of Art. 14. While other tools provide "UIs and workflows enabling intervention," ADIC provides a foundation that "formally defines the timing when intervention is necessary." |
Art. 15: Accuracy, Robustness and Cybersecurity
Core: Achieving appropriate accuracy, error resilience, and cybersecurity throughout the lifecycle.
Layer | Products/Tools | Strength | Nature of Response |
L2 | Protect AI | ◎ | Security vulnerability scanning and attack simulation for AI models and pipelines. |
L2 | HiddenLayer | ◎ | Real-time detection of adversarial attacks, defense against model theft and data poisoning. |
L2 | Lakera | ◎ | Defense against prompt injection, data leakage, and jailbreaks for LLM apps. |
L2 | F5 AI Guardrails | ◎ | Runtime guardrails and security controls for AI applications. |
L2 | Arthur AI | ○ | Guardrails, adversarial detection, agent security. |
Ref | Gappa / FPTaylor | ◎ | Formal proof of floating-point errors (specialized in numerical accuracy). |
Ref | PRECiSA / VCFloat2 | ◎ | Formal floating-point program verification. |
Ref | Marabou / α-β-CROWN | ◎ | Formal verification of neural network properties. |
Ref | Evidently AI / Arize AI | ○ | Operational monitoring of performance degradation, drift, and robustness. |
ADIC | 🔧 Complement | Strong in evidencing numerical safety on fixed primitive cores. The difference from Gappa etc. is the lack of solver dependency, deterministic replay, and closure over ground integers. However, the actual performance (especially cybersecurity) required by Art. 15 throughout the lifecycle is handled by L2 tools. "Strong complement in evidencing" is the accurate positioning. |
Correction (Change from the previous version): Changed Art. 15 from "Strongest" to "Complement (Strong in evidencing)". Art. 15 is an actual performance requirement across the lifecycle and is not closed by ADIC's replay, ledger, and certificate alone.
Art. 17: Quality Management System (QMS)
Core: Maintenance of a documented QMS covering design to post-market.
Layer | Products/Tools | Strength | Nature of Response |
L4 | ISO/IEC 42001 (BSI, DNV, SGS, TÜV SÜD certification) | ◎ | The first global certifiable management-system standard for AI. EU AI Act is positioned as the "Rulebook," ISO 42001 as the "Operating System." Institutionalizes the entire QMS via PDCA structure. |
L1 | ModelOp | ◎ | Governance workflow automation across the lifecycle, QMS foundation. |
L3 | IBM OpenPages / ServiceNow | ○ | Automation of QMS workflows and change management. |
L3 | OneTrust | ○ | QMS documentation and compliance tracking. |
ADIC | △ Complement | Functions as a technical foundation for the verification regime, but the overall QMS (organizational structure, change management, training, continuous improvement cycle) is the domain of ISO 42001 and L1/L3 tools. |
Art. 18: Document Retention
Core: Retention of documents for an appropriate period for conformity assessment.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp / Collibra | ○ | Document retention and version control across the lifecycle. |
L3 | IBM OpenPages / Purview | ○ | Document lifecycle management and retention infrastructure. |
Ref | W&B / MLflow | ○ | Long-term retention of model artifacts and experiment logs. |
ADIC | △ Complement | The retention of the realized ledger functions directly as evidence, but the retention infrastructure and lifecycle management are outside of ADIC. |
Art. 19: Retention of Automatically Generated Logs
Core: Automatic logging function of high-risk AI and retention for an appropriate period.
Layer | Products/Tools | Strength | Nature of Response |
L2 | Arthur AI | ○ | Automatic logging and telemetry collection across the entire agent lifecycle. |
L1 | Monitaur / ModelOp | ○ | Automatic governance logs, audit trails. |
Ref | Evidently AI / WhyLabs... | ○ | Automatic observability logs and alerts. |
ADIC | 💪 Strong | By design, the realized ledger is an "automatically generated re-executable evidence record." It fulfills the requirement for automatic logs in Art. 19 not just as a record, but as "evidence that a third party can re-verify." |
Art. 20: Corrective Actions and Incident Reporting
Core: Detection, corrective actions, and reporting of serious incidents.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp / Credo AI | ○ | Incident management workflows, tracking of corrective actions. |
L3 | IBM OpenPages / ServiceNow | ○ | Incident management, escalation, and reporting workflows. |
L2 | Arthur AI / Arize AI | △ | Anomaly detection → incident triggers. |
ADIC | △ Complement | REJECT records function as technical evidence of incidents. The reason "why it deviated from the boundary" can be tracked from the ledger. |
Art. 21: Cooperation with Competent Authorities
Core: Provision of technical documentation, information, and cooperation to market surveillance authorities.
Layer | Products/Tools | Strength | Nature of Response |
L4 | BSI / DNV / TÜV SÜD | ○ | Bridging relationships with authorities as certification bodies. |
L1 | ModelOp / Credo AI | △ | Disclosure and management of compliance evidence. |
ADIC | △ Complement | The ledger functions as evidence submitted to authorities. Deterministic replay allows authorities to independently verify. |
Art. 25: Allocation of Responsibilities (AI Value Chain)
Core: Reallocation and clarification of legal responsibilities between providers and deployers.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp | ○ | Definition of provider/deployer roles and clarification of governance responsibilities. |
L3 | ServiceNow / OneTrust | △ | Contract and document management for allocation of responsibilities. |
ADIC | △ Complement | The explicit fixing of operational boundaries is the technical basis for the allocation of responsibilities. The record that "an output passing this boundary was adopted" functions as evidence of responsibility between provider and deployer. |
Art. 26: Obligations of Deployers (Monitoring and Reporting)
Core: Continuous monitoring and reporting of substantial modifications by the deployer.
Layer | Products/Tools | Strength | Nature of Response |
L1 | Monitaur / Credo AI | ○ | Support for deployer governance and monitoring obligations. |
Ref | Evidently AI / Arize AI | ○ | Production monitoring for deployers. |
ADIC | △ Complement | Boundary passage records serve as the technical foundation for deployer monitoring and reporting. |
Art. 27: Fundamental Rights Impact Assessment (FRIA)
Core: Impact assessment on fundamental rights by high-risk AI deployers.
Layer | Products/Tools | Strength | Nature of Response |
L1 | Credo AI / Holistic AI | ○ | Impact assessment frameworks, ethical review support. |
L3 | OneTrust | ○ | FRIA documentation and process management. |
ADIC | 🔲 Separate Layer | Fundamental rights impact assessment is out of scope for ADIC. |
Art. 43: Conformity Assessment Procedures
Core: Presentation of conformity evidence that withstands third-party auditing and conformity assessment by Notified Bodies.
Layer | Products/Tools | Strength | Nature of Response |
L4 | TÜV SÜD / Bureau Veritas | ◎ | Examples of certification/assurance bodies (potential conformity-assessment-side actors). |
L4 | BSI / DNV / SGS | ◎ | ISO 42001 certification bodies. High synergy with Art. 43. |
L1 | Credo AI / Holistic AI | ○ | Management of conformity evidence, assessment support. |
L1 | ModelOp | △ | Conformity document management. |
ADIC | 💪 Strong | The ledger functions as the core of evidence for third-party auditing. It provides the "independently reproducible verification evidence" demanded by certification/assurance bodies like TÜV via deterministic replay. It does not compete with assessment body tools, but fundamentally enhances the quality of evidence submitted to them. |
Art. 47: EU Declaration of Conformity
Layer | Products/Tools | Strength |
L4 | BSI / DNV / TÜV SÜD (ISO 42001) | ○ |
L1 | ModelOp / Credo AI | △ |
ADIC | △ Complement (Foundation for preparing technical documentation) |
Art. 50: Transparency Obligations (AI-Generated Content Disclosure)
Layer | Products/Tools | Strength | Nature of Response |
L2 | Lakera / HiddenLayer | △ | Support for detection and labeling of AI-generated content. |
ADIC | 🔲 Separate Layer | Distinct from the essence of ADIC. However, depending on the system configuration, it could be indirectly related as output boundary management. |
Art. 53: Obligations for Providers of General-Purpose AI Models (GPAI)
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp / Collibra | ○ | GPAI model inventory and obligation management. |
L4 | ISO 42001 (BSI / DNV) | ○ | AI management systems for GPAI. |
ADIC | 🔲 Separate Layer | Due to ADIC's primitive core constraints, it is currently not applicable to the core certification of GPAI models themselves. However, it can be indirectly related as boundary management in the system layer of systems incorporating GPAI. |
Art. 72: Post-Market Monitoring Plan
Core: Continuous post-market conformity confirmation, active collection and analysis of operational data, and continuous compliance with Chapter III Section 2.
Layer | Products/Tools | Strength | Nature of Response |
L1 | ModelOp | ◎ | Continuous monitoring across the lifecycle, post-market governance. |
L1 | Monitaur | ◎ | Ongoing review, continuous conformity confirmation. |
Ref | Evidently AI / WhyLabs... | ◎ | Drift detection, performance degradation, production monitoring. |
L2 | Arthur AI | ○ | Continuous monitoring of agent lifecycle, evals. |
ADIC | 💪 Strong | The ledger, evidence chain, and boundary records have high affinity with continuous post-market conformity confirmation. The "record of boundary passage" becomes the technical baseline for post-market monitoring and the basis for detecting deviations. Art. 72 requires a monitoring plan as part of the technical documentation, and ADIC's evidence structure functions as its technical foundation. |
Art. 73: Reporting of Serious Incidents
Layer | Products/Tools | Strength |
L3 | IBM OpenPages / ServiceNow | ○ |
L1 | ModelOp | ○ |
ADIC | △ Complement (REJECT records function as incident evidence) |
Overall Summary: Article x Competitor Layer Matrix
Legend: ⭐ Strong fit | 💪 Strong | 🔧 Complement (Strong) | △ Complement | 🔲 Separate Layer | — Not Applicable Competitor Layers: L1 = Dedicated Gov Platform / L2 = AI Sec. & Agent Gov / L3 = Data/GRC / L4 = Certification/Standards
Article | L1 (Dedicated Gov) | L2 (AI Sec.) | L3 (Data/GRC) | L4 (Cert/Stds) | ADIC |
Art.9 Risk Management | ◎ | — | ◎ | ○ | △ Complement |
Art.10 Data | ◎ | — | ◎ | — | — N/A |
Art.11 Technical Doc | ○ | — | ○ | ○ | ⭐ Strong fit |
Art.12 Logs | ○ | ○ | ○ | — | ⭐ Strong fit |
Art.13 Transparency | ○ | △ | — | — | △ Complement |
Art.14 Human Oversight | ○ | △ | ○ | — | 💪 Depending on design |
Art.15 Accuracy/Robust | ○ | ◎ | — | ○ | 🔧 Complement |
Art.17 QMS | ◎ | — | ○ | ◎ | △ Complement |
Art.18 Document Retent | ○ | — | ○ | — | △ Complement |
Art.19 Automated Logs | ○ | ○ | ○ | — | 💪 Strong |
Art.20 Corrective Act. | ○ | △ | ○ | — | △ Complement |
Art.21 Authority Coop. | △ | — | — | ○ | △ Complement |
Art.25 Responsibility | ○ | — | △ | — | △ Complement |
Art.26 Deployer | ○ | — | — | — | △ Complement |
Art.27 FRIA | ○ | — | ○ | — | 🔲 Separate Layer |
Art.43 Conformity Eval | △ | — | — | ◎ | 💪 Strong |
Art.47 Decl. of Conform | △ | — | — | ○ | △ Complement |
Art.50 Transp. Disclos | — | △ | — | — | 🔲 Separate Layer |
Art.53 GPAI | ○ | — | — | ○ | 🔲 Separate Layer |
Art.72 Post-Market Mon | ◎ | ○ | — | — | 💪 Strong |
Art.73 Incidents | ○ | △ | ○ | — | △ Complement |
ADIC's Positioning: Final Summary by Strength (Revised Version)
⭐ Strong fit (Distinctive structural advantage in our assessment)
Art.11 Technical Documentation ← Hard to find an alternative structure among known major competitors: the verification act itself functions as documentation.
Art.12 Record-keeping / Traceability ← One of the strongest forms of evidence among known major competitors: a third party can independently reproduce it via deterministic replay.
💪 Strong (Approaches strongest depending on design)
Art.14 Human Oversight ← ACCEPT/REJECT technically defines intervention points (provided it is explicitly incorporated into the design).
Art.19 Retention of Automatically Generated Logs ← The ledger functions as an automatically generated re-executable evidence record.
Art.43 Conformity Assessment Evidence ← Fundamentally enhances the quality of evidence submitted for third-party auditing.
Art.72 Post-Market Monitoring ← Functions as a technical baseline for continuous conformity confirmation.
🔧 Complement (Effective from the perspective of evidencing)
Art.9 Risk Management (Technical basis for mitigation measures)
Art.13 Transparency (Explicit operational boundaries are the basis for providing information)
Art.15 Accuracy/Robustness (Strong in evidencing numerical safety)
Art.17 QMS (Technical foundation for the verification regime)
Art.18 Document Retention (Ledger retention functions as evidence)
Art.20 Corrective Actions (REJECT records function as triggers/evidence)
Art.21 Authority Cooperation (Ledger functions as submitted evidence)
Art.25 Allocation of Responsibilities (Boundary records are the evidence foundation)
Art.26 Deployer Monitoring (Boundary records are the reporting foundation)
Art.47 EU Declaration of Conformity (Foundation for preparing technical documentation)
Art.73 Incident Reporting (REJECT records are incident evidence)
🔲 Separate Layer (Outside ADIC's essence, indirectly related depending on system config)
Art.10 Data Governance
Art.27 Fundamental Rights Impact Assessment
Art.50 AI-Generated Content Disclosure
Art.53 GPAI Model Obligations
— Not Applicable (Institutional/Procedural articles)
Art.1-5 (Definitions, Prohibited Practices)
Art.22-24 (Obligations of Importers and Distributors)
Art.40-41 (Harmonized Standards, Common Specifications)
Art.44 (Certificates of Conformity Procedures)
Art.55 (Additional Obligations for Systemic Risks), etc.
The Core Structural Reason Why ADIC is a "Strong fit"
While other tools function as "components" for respective article requirements, ADIC can connect obligations spanning multiple articles into a single chain of evidence.
Pre-defined governance boundaries/specification constraints (Art.11: Core of technical documentation) ↓ Automatically generated realized ledger at runtime (Art.12/19: Re-executable log) ↓ Technical definition of intervention points via ACCEPT/REJECT (Art.14: Effective human oversight) ↓ Conformity evidence independently reproducible by a third party via deterministic replay (Art.43: Assessment evidence) ↓ Foundation for continuous conformity confirmation post-market (Art.72: Post-market monitoring)
Based on our assessment of known major competitor products, it is hard to find a product that closes Art.11, 12, 14, 19, 43, and 72 as a single, re-verifiable evidence chain.
Recommended Integration Stack (When ADIC is at the Core)
Role | Assigned Tool | Relationship with ADIC |
AI inventory / Lifecycle management | ModelOp / Collibra AI Governance | ADIC's ledger links as inventory evidence. |
ISO 42001 certification / QMS foundation | BSI / DNV / SGS (ISO 42001) | ADIC's evidence structure functions as the core of QMS technical documentation. |
Data / Bias management | Collibra / Databricks Unity Catalog / IBM AIF360 | Separate layer independent of ADIC (Art.10). |
AI Security / Agent Governance | Protect AI / HiddenLayer / Arthur AI | Handles security defense outside the boundary defined by ADIC. |
Core of technical doc & evidence chain | ADIC | Evidence foundation integrating Art. 11, 12, 14, 19, 43, and 72. |
Explainability / Transparency | SHAP / LIME / IBM watsonx.governance | Provides explanation within the boundary defined by ADIC. |
Operational monitoring / Post-market monitoring | Evidently AI / Arize AI / WhyLabs | Utilizes ADIC's boundary records as a baseline. |
Conformity assessment auditing | TÜV SÜD / Bureau Veritas | ADIC's ledger is submitted as assessment evidence. |
Risk management / GRC | ServiceNow AI Governance / OneTrust | Integrates ADIC's mitigation evidence into the risk register. |
This document is an analysis based on the ADIC paper (Maeki, 2026), the text of the EU AI Act (2024/1689), the AI Act Service Desk, publicly available information of each product from 2025 to 2026, and ISO/IEC 42001 related materials. The EU AI Act entered into force on August 1, 2024, and most of its main provisions will apply from August 2, 2026. For high-risk AI, Annex III will apply from the same date, while high-risk AI incorporated into regulated products will apply from August 2, 2027. It should also be noted that precedents for actual conformity assessments by Notified Bodies are still nascent at this stage.
コメント