How Fronterio covers every EU AI Act deployer obligation
Article-by-article breakdown of what the EU AI Act requires from deployers, and how the Fronterio platform handles each obligation — so you don't have to.
EU AI Act Enforcement Timeline
Feb 2025
Prohibited Practices + AI Literacy
Article 5 bans and Article 4 literacy requirements are already enforceable.
Aug 2025
GPAI + Governance
General-purpose AI obligations and governance infrastructure requirements begin.
Dec 2027
Full High-Risk Rules
All high-risk AI system requirements become enforceable. The main compliance deadline.
Aug 2027
Full Applicability
EU AI Act fully applicable to all actors. No exceptions.
Penalty Structure
€35M / 7%
Prohibited Practices (Art 5)
Up to €35 million or 7% of global annual turnover for deploying banned AI systems.
€15M / 3%
Deployer Obligations (Art 26)
Up to €15 million or 3% of global annual turnover for failing to meet deployer requirements.
€7.5M / 1%
Misleading Information
Up to €7.5 million or 1% of global annual turnover for providing false information to authorities.
Article-by-Article Coverage
Every EU AI Act deployer obligation mapped to a specific platform feature. Nothing left to manual tracking.
Prohibited Practices Screening
Art 5Already enforceableArticle 5 bans 8 categories of AI practices outright: social scoring, vulnerability exploitation, real-time remote biometric identification in public spaces, emotion recognition in workplace/education, untargeted facial scraping, predictive policing by profiling, subliminal manipulation, and biometric categorisation by sensitive attributes.
How Fronterio helps:
- Mandatory pre-screen during agent registration — 8 prohibited practices checked before any classification
- Agents matching prohibited practices are blocked from registration with penalty warning (€35M / 7%)
- Clear distinction between prohibited (Art 5) and high-risk (Annex III) — biometrics correctly routed
Risk Classification
Annex IIILive in platformAnnex III defines 8 high-risk domains. Deployers must correctly classify every AI system they use. Misclassification means either unnecessary compliance burden (over-classifying) or regulatory non-compliance (under-classifying).
How Fronterio helps:
- AI-assisted classification: the AI analyses agent description and suggests Annex III category with confidence level
- All 8 Annex III domains covered: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice
- Safety component detection for Annex I regulated products — classified as high-risk independently of Annex III
Provider Instructions for Use
Art 26(1)complianceDocs.status.aug-2026Article 26(1) — the most fundamental deployer obligation. Deployers must use high-risk AI systems in accordance with the instructions for use provided by the AI system provider.
How Fronterio helps:
- Dedicated provider instructions section per agent with URL link and notes storage
- Provider name auto-populated from agent vendor field
- Tracked as one of the 12 deployer obligations with assigned owner and evidence
Human Oversight
Art 14 + 26(2)complianceDocs.status.aug-2026Article 14 requires high-risk AI to be overseen by competent natural persons. Article 26(2) requires deployers to ensure oversight personnel have necessary competence, training, authority, and support.
How Fronterio helps:
- Human oversight plan documented per high-risk agent during registration
- Separate 'Oversight Personnel Training' obligation tracks competence of assigned oversight staff
- Per-agent obligation summary shows which agents need oversight assigned
AI Literacy Training
Art 4Already enforceableArticle 4 requires all providers and deployers to ensure sufficient AI literacy of staff dealing with AI systems. This obligation is already enforceable since February 2025.
How Fronterio helps:
- Training status tracked per user with completion dates and training sources
- Role-based required levels: basic (general staff), intermediate (executives, compliance), advanced (technology, AI leads)
- AI literacy completion rate included in compliance posture score (20% weight)
Fundamental Rights Impact Assessment
Art 27complianceDocs.status.aug-2026Article 27 requires FRIAs before deploying high-risk AI in credit scoring, insurance, HR, or public services. Public authorities and entities providing public services must also conduct FRIAs.
How Fronterio helps:
- Step-by-step wizard: purpose, affected groups, fundamental rights impact, mitigations, oversight mechanisms
- Save to database, export as report, track completion per agent with 'FRIA Completed' badge
- Art 27 scope guidance explains when FRIA is legally required vs recommended
Incident Reporting
Art 73complianceDocs.status.aug-2026Article 73 requires deployers to report serious incidents to the AI system provider without undue delay (within 24 hours), then notify national competent authorities.
How Fronterio helps:
- 24-hour provider notification deadline with live countdown timer and overdue alerts
- Notification status tracking: pending, provider notified, authority notified — per incident
- Severity classification, root cause analysis, resolution tracking, and preventive action documentation
Log Retention
Art 26(6)complianceDocs.status.aug-2026Article 26(6) requires deployers to keep automatically generated logs for a minimum of 6 months. Longer retention may be required by other applicable laws.
How Fronterio helps:
- Per-agent log retention card showing minimum retention period, logs-from date, and retain-until date
- Tracked as a deployer obligation with assigned owner and evidence links
- Immutable audit log records every platform action — agent registrations, approvals, policy changes, incidents
Transparency Obligations
Art 50complianceDocs.status.aug-2026Article 50 requires deployers to inform individuals when they interact with AI systems. Deepfakes and emotion recognition systems have additional disclosure requirements.
How Fronterio helps:
- Transparency requirements documented per agent in the compliance record
- Tracked as one of the 12 deployer obligations with status, owner, and evidence
- Limited-risk agents (chatbots, conversational AI) flagged for transparency disclosure during classification
Post-Market Monitoring
Art 72complianceDocs.status.aug-2026Article 72 requires continuous monitoring of high-risk AI system performance. Deployers must actively collect data, watch for drift, and report issues to the provider.
How Fronterio helps:
- Monitoring guidance dashboard with 4 areas: performance tracking, drift detection, provider reporting, incident readiness
- Conformity assessment tracker with dynamic 6-month review dates and overdue alerts
- Operational monitoring tracked as a deployer obligation — inform provider of any identified risks (Art 26(5))
EU Database Registration
Art 49complianceDocs.status.aug-2026Article 49 requires public authorities and entities acting on their behalf to register high-risk AI systems in the EU database before putting them into service.
How Fronterio helps:
- Informational note in conformity tracker explaining registration requirements
- Distinguishes public sector (registration required) from private sector (generally not required)
- Registration status can be tracked alongside conformity assessment
Authority Cooperation
Art 26(8)complianceDocs.status.aug-2026Article 26(8) requires deployers to cooperate with national competent authorities and make logs and data available upon request.
How Fronterio helps:
- Searchable directory of all 27 EU member state AI regulatory authorities with contact details
- One-click regulator report export formatted for Art 26(8) authority submissions
- Authority cooperation tracked as one of the 12 deployer obligations
Ready to get compliant?
Start with a free trial. Prohibited practices screening included free. Full compliance tools in every paid plan.