Cypherz.
Start free

European Union · EU AI Act

EU AI Act

The EU AI Act takes a risk-based approach: most LLM-powered features are 'limited risk' or 'high risk' depending on use case. Even for limited-risk uses, you need data governance, logging, and risk-management documentation. Cypherz gives you the data-protection primitive — pseudonymization at the boundary — and an audit trail you can hand to an assessor.

Start freeTry the free PII detector

  • 01

    Audit-grade logs

    Every tokenize, detokenize, and proxy call is recorded with timestamps, action types, and projection metadata — SIEM-ready.

  • 02

    Project isolation

    Per-project encryption keys make it straightforward to scope data flows to specific products or features.

  • 03

    Provider-portable

    Switch from OpenAI to Anthropic to a local model without re-architecting your data protection layer.

What EU AI Act requires you to do

• Data governance (Art. 10) — Training, validation, and operational data must be subject to data governance and management practices. Tokenized inputs are easier to govern than free-form prompts.

• Record-keeping (Art. 12) — High-risk AI systems must enable automatic logging. Cypherz logs every request, action, and metadata field.

• Transparency (Art. 13) — Users must be told they're interacting with AI. Cypherz doesn't generate the disclosure but documents which requests touched which models.

• Human oversight (Art. 14) — Operators must be able to intervene. Cypherz's dashboard surfaces every request so you can audit, alert, and revoke keys in real time.

How Cypherz helps

• Audit-grade logs — Every tokenize, detokenize, and proxy call is recorded with timestamps, action types, and projection metadata — SIEM-ready.

• Project isolation — Per-project encryption keys make it straightforward to scope data flows to specific products or features.

• Provider-portable — Switch from OpenAI to Anthropic to a local model without re-architecting your data protection layer.

Important caveat

The Act is being phased in. Conformity assessments, registration, and certification obligations vary by risk class. Get specialist advice.

Common questions

Frequently asked.

Does Cypherz make my app EU AI Act-compliant by itself?

No tool can — compliance is a posture across people, process, and technology. Cypherz handles a critical technical layer (pseudonymization, encryption, audit logging) but you still need policy, training, and assessment.

Where is Cypherz hosted?

EU (Hetzner — Helsinki and Falkenstein) by default for the managed product. Self-host anywhere with one docker-compose command if your compliance posture requires it.

Do you sign formal agreements?

Yes — Business and Enterprise tiers include DPAs and BAAs. We're working through SOC 2 Type II audit; ask for our latest report.

Can I get an audit log export?

Yes — every action is logged with structured metadata, exportable via the API. Common formats supported for SIEM ingestion.

Get started

Bring your AI features into EU AI Act scope cleanly.

Sign up free. Create a project. The audit trail starts logging from request one.

Start freeTry the free PII detector

Other compliance topics