EU AI Act: 67 Days to Enforcement — The RAG Pipeline Checklist
August 2, 2026 is the EU AI Act enforcement deadline for Annex III high-risk AI systems. On that date, enforcement becomes active for systems involved in employment decisions, credit scoring, education, healthcare screening, and law enforcement assistance. The maximum penalty for non-compliance is €15 million or 3% of global annual turnover. You have 67 days.
Is your RAG pipeline in scope?
The trigger is use-case, not technology. If your AI assistant influences decisions about employment, loan approvals, insurance risk, clinical triage, or educational placement — you are in scope for Annex III, regardless of what vector database you use or where your company is headquartered. The AI Act follows the same extraterritorial model as GDPR: if the system affects people in the EU, it applies. Internal productivity tools and customer service chatbots with no decision-making authority are generally out of scope for the high-risk chapter, though general transparency obligations still apply.
The seven-item checklist
Work through these in order. Items 1–4 are the technical controls regulators will want to see evidence of. Items 5–7 are the governance processes that surround them.
Item 1 — Risk management documentation (Article 9). Every high-risk AI system needs a documented risk management process. For RAG pipelines, this means policy versioning: every change to who can access what should be tracked, diffable, and reversible. If you cannot show the state of your access policies at any point in time, you fail Article 9. Gateco's Policy Studio maintains a full version history with diff view for every policy change.
Item 2 — Data governance and classification (Article 10). Every resource in your vector knowledge base needs a classification label. Public, internal, confidential, restricted — or equivalent. These classifications must be enforced at retrieval time, not just stored in a spreadsheet. If your classification scheme only exists in documentation but is not actively checked against who is asking for what, it does not satisfy Article 10.
Item 3 — Automatic retrieval-level audit trail (Article 12). HTTP access logs are not sufficient. You need retrieval-level logging: principal ID, resource ID, the policy that governed the decision, the outcome (allowed/denied), search mode, and timestamp. The log must be exportable in a structured format. This is the control auditors verify first — it produces the evidence for everything else.
Item 4 — Fail-safe behavior (Article 15). Your retrieval system must deny access when it cannot evaluate the policy correctly, not default to allowing it. A timeout, a missing policy, a misconfigured connector — any of these should result in a logged denial, not a silent allow. This is fail-closed: the secure default, not an optional hardening measure.
Item 5 — Human oversight mechanism (Article 14). You must be able to pause, override, or deactivate any retrieval policy immediately, without a code deployment. If disabling a policy requires a deploy, you are not compliant with Article 14. Policies should have a clear activation/deactivation lifecycle accessible to non-engineers.
Item 6 — Identity-bound access control. Every retrieval must be attributable to a named principal. Anonymous queries against a vector database are incompatible with Annex III obligations. If your AI agent currently queries with a shared service account and no user-level identity context, this is the most urgent gap to close.
Item 7 — Conformity assessment documentation. Technical controls alone are not sufficient. You also need a documented conformity assessment showing how you identified risks, what mitigations you implemented, and how you monitor for new risks. This is process documentation — but the technical controls from items 1–6 provide the evidence base.
What Gateco covers — and what it does not
Gateco directly addresses items 1–6: policy versioning and lifecycle (Article 9), classification labels enforced at retrieval (Article 10), a 25-event audit trail with export (Article 12), fail-closed behavior (Article 15), instant policy activation/deactivation (Article 14), and principal-bound retrieval. Item 7 — conformity assessment documentation — is a process artifact your compliance team must own. Gateco provides the technical evidence; the assessment document is yours to write.
If you have not yet deployed a retrieval-layer access control solution, 67 days is enough time to get the controls in place — but not with a long procurement process. The free tier gets you connected and enforcing policies in under an hour. If you are already running Gateco with active policies and classification labels in place, your technical controls are largely covered; the remaining work is audit export configuration, conformity documentation, and confirming every AI agent routes through the policy enforcement layer rather than querying the vector database directly.
Related reading
- 93 Days to EU AI Act Enforcement: The Practical Annex III Mapping for RAG Pipelines8 min read
- The RAG Authorization Gap: What Your Security Team Needs to Know Before AI Goes to Production7 min read
- RAG Security for Financial Services: SOX, Data Walls, and Classification-Based Access7 min read
- Gateco DocumentationFull reference
Ready to secure your AI retrieval?
Start with the free tier — 100 retrievals/month, no credit card required.