EU AI Act Compliance. Reign Maps to Every High-Risk Obligation.
Under the provisional May 2026 Council and Parliament agreement, stand-alone high-risk AI obligations apply from December 2, 2027. AI-generated content rules apply from December 2, 2026. The substance of the obligations is unchanged. The runway gives enterprises more time to build the governance posture. Reign is built to be that posture.
Three tracks. One governance posture.
The provisional agreement creates three implementation tracks. Each one demands the same underlying evidence: classification, risk management, documentation, oversight, and continuous monitoring.
AI-generated content rules
Watermarking for AI-generated outputs. Restrictions on AI-generated non-consensual explicit content. These dates are not extended under the provisional agreement.
High-risk AI systems (stand-alone)
Extended from August 2, 2026 under the provisional agreement. Full high-risk obligations including risk management (Art. 9), technical documentation (Art. 11), record-keeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy and cybersecurity (Art. 15).
High-risk AI embedded in regulated products
Extended from August 2, 2027 under the provisional agreement. AI systems embedded in machinery and other products already covered by sector-specific rules.
Dates reflect the provisional agreement reached in May 2026 between the Council of the EU and the European Parliament. Formal ratification by both bodies is required before these dates become final. Reign customers stand up the governance posture today against the worst-case (earlier) timeline so any final shift is upside, not exposure.
Every high-risk obligation. One evidence layer.
Reign maps each high-risk obligation to a specific capability and evidence stream. The customer carries certification status. Reign carries the evidence.
Prohibited and High-Risk Classification
Risk-tier classification of AI systems with policy enforcement for prohibited practices.
AI Gateway classifies every model interaction by risk level and blocks prohibited use cases in real time.
Risk Management System
Continuous risk assessment, mitigation measures, and residual risk documentation.
Audit Ledger (CAVR) captures every prompt and response pair with risk scores in immutable, hash-chained logs. Continuous risk monitoring and mitigation tracking by construction.
Technical Documentation
Comprehensive technical documentation of AI system design, development, and capabilities.
Generated documentation with model cards, system architecture, and capability assessments. Assurance Packs pre-map to EU AI Act Annex IV.
Record-Keeping and Logging
Automatic logging of AI system operations for traceability and auditability.
Audit Ledger (CAVR) provides immutable, append-only audit trails of all AI interactions with full provenance tracking.
Transparency and Information
Clear information to deployers about AI system capabilities, limitations, and intended use.
Centralized model registry with transparency cards, usage policies, and disclosure generation.
Human Oversight
Mechanisms for effective human oversight of AI system operations.
Approval workflows, human-in-the-loop gates, and real-time dashboards for oversight of every AI operation.
Accuracy, Robustness, and Cybersecurity
Ensuring AI systems meet accuracy benchmarks with cybersecurity protections.
Guardrails validate output quality, PII detection prevents data leakage, prompt injection protection secures inputs.
Registration in EU Database
Registration of high-risk AI systems in the EU public database before market deployment.
Registration data preparation with pre-filled templates matching EU database schema.
Transparency for GPAI and Foundation Models
Transparency obligations for general-purpose AI models including systemic risk assessment.
AI Gateway tracks foundation model usage across the organization with transparency reporting and systemic risk dashboards.
Built for AI Regulation. Not Retrofitted From Legacy GRC.
Reign was designed from day one for AI governance. Every capability maps directly to regulatory requirements.
Built for AI Regulation
Reign was designed from day one for AI governance. Every capability maps directly to regulatory requirements. Not retrofitted from legacy compliance tools.
Build the Runway Now
Most enterprises need 12 to 18 months to operationalize an AI governance program. The provisional 2027 timeline does not change that. Start now and the deadline is upside, not exposure.
Continuous, Not Point-in-Time
Continuous monitoring of every AI operation with alerts when compliance drift is detected. The Audit Ledger (CAVR) replaces the quarterly compliance scramble with always-current state.
Sovereign Deployment Options
Four topologies: SaaS, Dedicated Cloud, Customer Cloud, Air-Gapped. Data residency aligned to EU and sector-specific requirements.
Audit-Ready by Construction
Technical documentation, conformity assessment evidence, and registration data generated continuously. The audit pack is current at any moment, not refreshed quarterly.
Executive Compliance Dashboard
Board-level visibility into AI compliance posture across the organization. Track coverage, gaps, and remediation in real time.
EU AI Act Compliance FAQ
Common questions about the May 2026 provisional agreement, the new timeline, and how Reign helps you build the posture.
What changed with the May 2026 provisional agreement?
The Council of the EU and the European Parliament reached a provisional agreement to extend implementation timelines for certain high-risk AI obligations. Stand-alone high-risk AI obligations move to December 2, 2027 (from August 2, 2026). Embedded high-risk AI systems move to August 2, 2028 (from August 2, 2027). The agreement is provisional and awaits formal approval by both bodies. The substance of obligations, including governance, transparency, oversight, and prohibited practices, remains unchanged.
Does the extension mean we can slow down?
No. The extension is a runway, not a relief. The same governance evidence, risk documentation, monitoring posture, and human oversight controls are still required. Most enterprises need 12 to 18 months to operationalize an AI governance program. The companies that begin now are ready well before enforcement. The companies that wait will face the same workload on a tighter clock.
What dates still apply in 2026?
The provisional agreement preserves December 2, 2026 for AI-generated content rules. This includes watermarking for AI-generated outputs and new restrictions on AI-generated non-consensual explicit content. Reign AI Gateway supports watermark detection and content provenance tracking. These rules are unchanged by the extension.
Does Reign cover the high-risk AI obligations?
Reign maps to every high-risk AI system obligation defined in the EU AI Act. Article-by-article evidence by construction across risk management (Art. 9), technical documentation (Art. 11), record-keeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), and accuracy and cybersecurity (Art. 15). Final certification status remains the customer's responsibility. Reign delivers the evidence.
What if we are not in the EU. Do we still need to comply?
If your AI systems process data from EU residents or your AI outputs affect EU markets, you are subject to the EU AI Act. This applies to organizations worldwide, similar to how GDPR applies extraterritorially.
How does Reign handle prohibited AI practices under Articles 5 and 6?
Reign AI Gateway classifies every AI interaction by risk tier. Prohibited practices (social scoring, real-time biometric surveillance, and others) are blocked at the gateway level before they can execute, with full audit trails of blocked attempts.
Can Reign help with GPAI and foundation model obligations?
Yes. Articles 52 to 55 require transparency for general-purpose AI. Reign AI Gateway tracks foundation model usage across the organization and generates transparency reports and systemic risk assessments.
Build the Governance Posture Now. Ship With Confidence Later.
The May 2026 provisional agreement extends the deadline. It does not extend the work. The companies building the governance posture today will be ready well before any final enforcement date. The companies that wait will face the same workload on a shorter clock.