The AI Act is the domain. EVE governance signals are the reusable verification layer.
The EU AI Act establishes requirements for high-risk AI systems across risk management, data governance, transparency, human oversight, accuracy, and post-market monitoring. EVE does not implement AI Act compliance. EVE provides a set of deterministic governance signals — each following the same pattern: a declared rule, observed activity, deterministic evaluation, human review gate, and a sealed, cryptographically verifiable decision record.

The five signals built in the TPRM context apply to AI Act governance questions without modification to the signal model. The domain changes. The verification pattern does not.
Illustrative source-mapping only. Article references below are indicative of the governance area each signal addresses. They are not a legal interpretation of the AI Act, not a conformity assessment, and not legal advice. EVE does not assess materiality. Human review and professional judgement remain required for all AI Act obligations.
The same verification pattern — applied to AI Act governance
1
Declared rule
2
Observed activity
3
Deterministic evaluation
4
Human review
5
Sealed decision record
6
Public verification
1
Authority Boundary
Did the action taken on or with the high-risk AI system stay within the declared authority of the responsible function?
Live · v0AI Act mapping
What it evaluates
Whether an action taken on or with a high-risk AI system exceeded the declared authority limit for that actor, action type, and context. Each limit is declared by the organisation; EVE compares the observed action to the declared threshold. Verdict is breach if exceeded, pass if within, unknown if the actor, action, or limit cannot be resolved (fail-closed — never treated as pass).
AI Act governance area
Provider and deployer responsibility / delegated authority over high-risk AI systems. The AI Act establishes clear accountability structures for providers and deployers of high-risk AI systems, including obligations to define who has authority to deploy, modify, or accept outputs from high-risk AI. The Authority Boundary signal surfaces whether an observed action was within the declared authority of the responsible function.
Art 16 Obligations of providers of high-risk AI systems Art 26 Obligations of deployers of high-risk AI systems
Output verdicts
breachpassunknown
unknown → actor, action, or limit unresolvable. Never a pass.
Domain proof — sealed on EVE Bridge
EVE-AIACT-00004293 breach / authority_limit_exceeded → high-risk model deployed to production above staging-only authority · Human decision: reject Verify publicly →
Synthetic AI Act demo proof — shows the Authority Boundary mechanism in an AI Act context. Not a real AI Act finding or enforcement action.
2
Approval Chain
Was the declared approval chain satisfied before the AI system action, deployment decision, or risk acceptance?
Live · v0AI Act mapping
What it evaluates
Whether a declared sequence of approvals was satisfied — in order, by the declared approver identities, and before the associated action occurred. Missing approver identity, wrong order, or approval recorded after the action produces unknown or breach respectively.
AI Act governance area
Risk management system approvals, quality management change control, and human oversight decisions. The AI Act requires providers to establish quality management and risk management systems with documented approval workflows for changes, deployments, and risk acceptances.
Art 9 Risk management system Art 17 Quality management system Art 14 Human oversight
Output verdicts
breachpassunknown
unknown → missing approval evidence or identity. Never a pass.
Domain proof — sealed on EVE Bridge
EVE-AIACT-00004288 breach / approval_after_action → required approvals recorded after the deployment action · Human decision: reject Verify publicly →
Synthetic AI Act demo proof — shows the Approval Chain mechanism in an AI Act context. Not a real AI Act finding or enforcement action.
3
Overlapping Boundaries
Did all applicable AI Act controls evaluate against this system, output, or decision — and did any fail?
Live · v0AI Act mapping
What it evaluates
A composition layer: each action or output carries the set of declared controls that apply to it. EVE verifies coverage and composes the verdicts. Propagation order: breach > unknown > pass. One failing control is enough for a breach, even if all others pass.
AI Act governance area
Multiple governance controls applying to the same high-risk AI system output or decision. The AI Act imposes multiple intersecting requirements — risk management, human oversight, data governance, transparency, accuracy — which may all apply simultaneously to a given output or deployment decision.
Art 9 Risk management system Art 10 Data and data governance Art 13 Transparency and provision of information Art 14 Human oversight
Output verdicts
breachpassunknown
unknown propagates upward from any unevaluated control.
Domain proof — sealed on EVE Bridge
EVE-AIACT-00004294 unknown / unevaluated_boundary → data_governance_check could not be evaluated; unknown is not pass · Human decision: reject (held for review) Verify publicly →
Synthetic AI Act demo proof — shows the Overlapping Boundaries mechanism (unknown path) in an AI Act context. Not a real AI Act finding or enforcement action.
4
Collective Outcome
Did individually acceptable AI system outputs or decisions produce an unacceptable combined outcome within a declared window?
Live · v0AI Act mapping
What it evaluates
The first cross-action layer: within one declared window, EVE groups outputs or events by a declared key, sums a declared field, and compares the aggregate to a declared collective limit. Each individual output may be below its own threshold — the breach is collective.
AI Act governance area
Accumulated AI system outputs or automated decisions creating collectively unacceptable outcomes. The AI Act requires ongoing monitoring of high-risk AI systems in operation, including post-market surveillance and serious incident reporting. Individually acceptable AI outputs may collectively produce unacceptable outcomes.
Art 9 Risk management system Art 72 Post-market monitoring and serious incidents
Output verdicts (per group)
breachpassunknown
breach when aggregate > limit. Equal to limit = pass.
Domain proof — sealed on EVE Bridge
EVE-AIACT-00004295 breach / collective_limit_exceeded → loan_applicants_segment_B adverse outcomes 40+35+30=105 > limit 100 · Human decision: reject Verify publicly →
Synthetic AI Act demo proof — shows the Collective Outcome mechanism in an AI Act context. Not a real AI Act finding or enforcement action.
5
Accumulation Risk
Did repeated minor AI system incidents, drift events, or control gaps accumulate beyond a declared threshold over a rolling window?
Live · v0AI Act mapping
What it evaluates
A rolling-window cumulative layer: EVE sums a declared field for a declared group-by key over a declared window anchored to a declared as_of reference point (never wall-clock time). A single incident may be below any individual reporting threshold while the rolling sum constitutes a breach.
AI Act governance area
Repeated minor AI system incidents, model drift events, and control gaps accumulating over time. The AI Act requires continuous risk management and post-market monitoring of high-risk AI systems. Individually sub-threshold incidents may accumulate to constitute a systemic risk pattern requiring escalation.
Art 9 Risk management system Art 72 Post-market monitoring and serious incidents Art 73 Reporting of serious incidents
Output verdicts (per group)
breachpassunknown
unknown: unresolvable timestamp, group key, or non-numeric value.
Domain proof — sealed on EVE Bridge
EVE-AIACT-00004296 breach / accumulation_limit_exceeded → support_agent_v2 minor incidents 40+35+30=105 > limit 100 over 90-day window · no single serious-incident breach · Human decision: reject Verify publicly →
Synthetic AI Act demo proof — shows the Accumulation Risk mechanism in an AI Act context. Not a real AI Act finding or enforcement action.
Illustrative source-mapping — not a conformity assessment
The AI Act article references on this page are indicative only. They identify the governance area each EVE signal addresses in an AI Act context. They are not a legal interpretation of AI Act obligations, not a conformity assessment, and not legal advice.

All sealed EVE-IDs linked on this page were produced against synthetic TPRM fixture data and are labelled accordingly. They demonstrate the verification mechanism — not AI Act-specific findings. No customer, partner or production data is used or exposed anywhere on this page.

EVE does not certify AI Act compliance or conformity. EVE does not assess materiality. EVE does not replace conformity assessment bodies, notified bodies, legal counsel, or competent authority review. Human review remains required for all AI Act obligations.