EU AI Act Agentic AI: EU-Native Deployment, Compliance Stack & August 2026 Finale

Post #5 in the sota.io EU AI Act Agentic AI Compliance Series

This is the fifth and final post in our series on EU AI Act compliance for agentic AI systems. We have covered the regulatory framework across four layers of agentic AI architecture: MCP server and tool-calling governance (Post 1), multi-agent orchestration and responsibility chains (Post 2), memory and RAG compliance under GDPR Art.17 and Art.22 (Post 3), and human-in-the-loop implementation patterns under Art.14 (Post 4). Each post identified a compliance obligation that ultimately depends on something not in the code: the infrastructure jurisdiction where your agentic AI runs.

This finale addresses that dependency directly. The EU AI Act's Art.12 logging requirements, GDPR Art.32 security controls, and Art.9 risk management obligations all assume that your compliance evidence — tool-call logs, audit trails, decision records, vector embeddings — is protected under EU law. When your agentic AI runs on AWS, Azure, or GCP with US-parent infrastructure, that assumption breaks. The Cloud Stored Data for Law Enforcement Act (CLOUD Act, 18 U.S.C. § 2713) allows US law enforcement to compel US-incorporated providers to produce stored data regardless of where that data physically resides. Your Art.12 audit trail on AWS Frankfurt is still accessible to US subpoenas without your knowledge or consent.

This post covers the full EU-native deployment stack for agentic AI compliance: what infrastructure components are affected, how to build an Art.12-compliant logging architecture on EU-sovereign infrastructure, how to integrate the compliance controls from Posts 1-4 into a deployment-level implementation, and the 25-item deployment checklist for August 2, 2026.

Why Infrastructure Jurisdiction Matters for Agentic AI

The CLOUD Act problem is not new. What changes with agentic AI is the scope of affected data. A traditional SaaS application stores user data — account records, documents, payment information. An agentic AI system generates continuous compliance-critical data as a byproduct of operation:

Tool-call logs — every tool invocation an agent makes (web search, database query, API call, file write, code execution) must be logged under EU AI Act Art.12 for high-risk AI systems. These logs are compliance evidence. They contain the full audit trail required by Art.12(1), which mandates automatic recording of events sufficient to verify compliance throughout the AI system's lifetime.

Prompt histories and reasoning traces — the orchestrator's chain-of-thought, sub-agent communications, and decision rationales are increasingly retained as audit artifacts. Art.12 requires logging "that could be considered necessary for the purpose of verifying compliance," which in practice includes reasoning outputs for high-risk systems.

Vector embeddings and retrieved context — RAG pipelines generate embeddings for every document chunk stored in your vector database. These embeddings may encode personal data (name-entity-relationship graphs, behavioral patterns, preference vectors). GDPR Art.17 right to erasure requires reconstructible deletion of personal embeddings, which requires knowing where every embedding is stored.

Human oversight decision records — every human approval or rejection in your Art.14 HITL architecture must be logged with actor identity, timestamp, reasoning, and outcome. These records establish that human oversight was genuinely exercised (not rubber-stamped), which is the primary enforcement target for NCA inspectors.

HITL audit trails — the complete chain from automated agent action → human review request → human decision → resumed or blocked execution. This chain is the proof that Art.14 human oversight operated as required.

All of this data is generated at infrastructure level. When your infrastructure provider has a US parent, all of it is compellable under the CLOUD Act — without notice to you, without notice to your EU users, and without a formal EU legal assistance treaty request. This is not theoretical: US authorities issued approximately 250,000 legal process orders to Microsoft, Google, and Apple in 2023 under CLOUD Act frameworks.

For EU AI Act compliance, the practical risk is regulatory rather than criminal. An NCA audit that finds CLOUD Act-exposed audit logs — logs that US authorities could access and share with competitors, regulators, or press — undermines the confidentiality protection of Art.70 (which covers information obtained during NCA inspections). It also creates a GDPR Art.44 cross-border transfer risk: if US authorities access your logs, they have effectively transferred personal data to a third country without an adequacy decision or appropriate safeguards.

The EU AI Act Logging Obligation: Art.12 in Detail

Art.12 of the EU AI Act imposes logging requirements on providers of high-risk AI systems. The key obligations are:

Art.12(1): High-risk AI systems must be designed and developed with capabilities enabling automatic recording of events (logs) throughout the lifetime of the system. The logs must be designed with "the level of traceability" appropriate to the system's intended purpose.

Art.12(2): For high-risk AI systems used in areas involving natural persons, the logging functionality must enable at minimum: the recording of the period of each use (start/end timestamps), the reference database against which input data was checked (where applicable), the input data that led to the system's output, and the identity of the natural persons involved in the verification of the results.

Art.12(3): Deployers of high-risk AI systems must retain logs for the period appropriate to the intended purpose — with a minimum of six months specified for certain critical infrastructure categories, and longer where required by sector-specific regulation.

For agentic AI systems, Art.12 compliance requires logging infrastructure that:

1. Captures every tool invocation with full input/output and timestamps (satisfying the "events throughout the system's lifetime" requirement)
2. Records human oversight decisions with actor identity and reasoning (satisfying the natural-person verification requirement)
3. Maintains retrieval integrity — logs cannot be modified after creation (satisfying evidentiary requirements for NCA inspection)
4. Enables selective export for NCA inspection without requiring full database access

Implementing this on EU-sovereign infrastructure eliminates the CLOUD Act exposure gap.

GDPR Art.32 Security Requirements for Agentic AI Infrastructure

GDPR Art.32 requires implementing "appropriate technical and organisational measures" to ensure a level of security appropriate to the risk of processing. For agentic AI systems handling personal data (which most production agentic systems do, since they process user inputs and outputs), Art.32 applies to every infrastructure layer.

The specific Art.32 risk factors relevant to agentic AI infrastructure are:

Unlawful access to transmitted data — agentic AI systems make continuous tool calls to external APIs. Each outbound call is a transmission. TLS termination must occur on EU-sovereign infrastructure to prevent interception.

Unlawful access to stored data — tool-call logs, vector databases, and HITL decision records are "stored data" under GDPR. Storage must be on infrastructure where access is governed by EU law, not US CLOUD Act.

Accidental or unlawful destruction — agentic AI logs must be available for NCA inspection on demand. Infrastructure must implement backup and recovery that preserves log integrity.

Unlawful processing — agentic AI logs that contain personal data must be processed under a lawful basis. Infrastructure that allows unauthorized access (including via CLOUD Act) creates unlawful processing risk.

Data protection by design under GDPR Art.25 further requires that infrastructure is selected and configured to implement data minimization and access controls by default — not as an afterthought.

The Five-Layer EU-Native Compliance Stack

A complete EU-native deployment for agentic AI compliance requires alignment across five infrastructure layers. These map directly to the compliance obligations from Posts 1-4 in this series.

Layer 1: Compute — EU-Sovereign AI Inference

Agentic AI orchestrators and sub-agents require compute. When you use a US-incorporated cloud provider's managed inference (AWS Bedrock, Azure OpenAI, GCP Vertex AI), the inference compute is subject to CLOUD Act compellability even when running in EU datacenters. EU-sovereign compute options:

• Self-hosted models on Hetzner Germany, Scaleway France, OVHcloud, or IONOS — no US parent, no CLOUD Act exposure
• EU-incorporated managed inference — limited options currently; verify incorporation location and parent company
• sota.io managed PaaS — deploy custom inference containers on Hetzner Germany infrastructure with no US parent

For Art.14 HITL implementation, the compute layer must be able to pause agent execution, route to a human decision interface, and resume based on human response. This requires stateful execution support on your compute layer — not just serverless function invocation.

Layer 2: Storage — Immutable Audit Logs

Art.12 audit logs must be stored on immutable, append-only storage. Implementation requirements:

• Write-once, read-many (WORM) semantics — logs cannot be modified after writing. Use Object Lock (S3-compatible) or purpose-built audit logging infrastructure.
• EU jurisdiction — storage provider must be EU-incorporated with no US parent (Hetzner Object Storage, Scaleway Object Storage, OVHcloud Object Storage)
• Separate storage from application data — audit logs should be on storage that is not accessible to the application's own service accounts, to prevent tampering

For vector embedding storage (GDPR Art.17 erasure requirement), the vector database must support indexed deletion with verified tombstoning. EU-hosted options with deletion support include Qdrant (Berlin-incorporated), Weaviate (Amsterdam-incorporated), and Milvus (self-hosted on EU compute).

Layer 3: Networking — Zero-Exposure Data Paths

Agentic AI tool calls require network connectivity to external services. Every outbound connection where personal data transits is a GDPR transfer risk. EU-native networking requirements:

• TLS termination on EU-sovereign infrastructure — end-to-end encryption with keys controlled by the EU entity
• Outbound traffic filtering — prevent unauthorized data exfiltration from agent tool calls (a promptinjection attack vector where attackers craft inputs that cause agents to exfiltrate data via tool calls)
• VPC isolation — agent infrastructure isolated from internet-accessible endpoints except defined egress points
• DNS resolution on EU-sovereign DNS — prevents DNS-based traffic interception

Layer 4: Identity and Access — Human Oversight Authentication

Art.14 HITL requires that human oversight decisions are attributable to identified natural persons. This requires identity infrastructure that:

• Authenticates human reviewers with strong multi-factor authentication
• Logs every authentication event with timestamp and method (satisfying Art.12 human oversight logging)
• Supports audit export for NCA inspection with actor identity intact
• Implements least-privilege access — reviewers can only approve/reject decisions within their authorized scope

EU-native identity providers: Keycloak (self-hosted), Authentik (self-hosted), or IONOS SSO.

Layer 5: Observability — Compliance-Grade Monitoring

Continuous monitoring of agentic AI systems is required for Art.72 post-market monitoring obligations. Providers must "actively monitor" high-risk AI systems for deviations from intended purpose and unexpected behaviors. EU-native observability stack:

• Metrics: Prometheus (self-hosted) or Grafana Cloud EU region (verify EU incorporation for enterprise SLA)
• Logs: Elasticsearch (self-hosted on EU compute) or Grafana Loki (self-hosted)
• Tracing: Jaeger or OpenTelemetry (self-hosted) — captures full distributed traces across agent tool calls
• Alerting: Alertmanager (self-hosted) — routes Art.73 serious incident notifications to the appropriate internal escalation channel

The observability stack doubles as your Art.72 post-market monitoring evidence: it demonstrates that you are actively monitoring the system for deviations, which is a primary NCA inspection criterion.

Integration: Connecting Posts 1-4 at the Infrastructure Layer

Each post in this series identified a compliance obligation that requires infrastructure-level implementation. Here is how the EU-native deployment stack satisfies those obligations:

Post 1 (MCP Server compliance): MCP tool-call logs must be captured at the gateway layer. Deploy an MCP proxy on EU-sovereign compute that intercepts all tool calls, logs them to immutable WORM storage with full input/output, and routes the log to your Art.12 audit system. The proxy also enforces tool permission scope (preventing privilege escalation from prompt injection).

Post 2 (Multi-agent orchestration): Orchestrator-to-sub-agent communications must be logged for responsibility chain documentation. Deploy an agent mesh network on EU compute with full request/response logging. The agent mesh enforces sub-agent authorization — only approved sub-agents can receive tasks from the orchestrator — satisfying Art.9 risk management for orchestrator attack surface.

Post 3 (Memory and RAG compliance): Vector embeddings must be stored on EU-sovereign infrastructure with indexed deletion support. Deploy Qdrant or Weaviate on EU compute with user ID indexing. Implement erasure flows that use the vector database's native deletion API to remove all embeddings associated with a user ID, satisfying GDPR Art.17. Log every erasure event to your Art.12 audit trail.

Post 4 (HITL implementation): Human oversight decisions must be logged with actor identity, timestamp, and decision reasoning. Route all HITL decision events to your Art.12 immutable audit storage with reviewer identity from your EU-native identity provider. Deploy the HITL interface on EU compute so reviewer sessions do not transit US infrastructure.

Python Implementation: AgenticComplianceDeployment

from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
import hashlib
import time


class JurisdictionStatus(Enum):
    EU_SOVEREIGN = "eu_sovereign"           # No US parent, EU-incorporated
    EU_DATACENTER_US_PARENT = "eu_dc_us_parent"  # EU datacenter, US-incorporated parent
    US_JURISDICTION = "us_jurisdiction"     # US datacenter or US-incorporated
    UNKNOWN = "unknown"


class ComplianceLayer(Enum):
    COMPUTE = "compute"
    STORAGE = "storage"
    NETWORKING = "networking"
    IDENTITY = "identity"
    OBSERVABILITY = "observability"


@dataclass
class InfrastructureComponent:
    name: str
    layer: ComplianceLayer
    provider: str
    jurisdiction: JurisdictionStatus
    cloud_act_exposed: bool
    eu_incorporated: bool
    notes: str = ""


@dataclass
class AgenticComplianceDeployment:
    """
    Validates the EU AI Act compliance posture of an agentic AI deployment.
    Maps infrastructure components to Art.12, Art.9, Art.14, and Art.72 obligations.
    """
    system_name: str
    is_high_risk: bool
    components: list[InfrastructureComponent] = field(default_factory=list)

    def add_component(self, component: InfrastructureComponent) -> None:
        self.components.append(component)

    def cloud_act_exposure(self) -> list[InfrastructureComponent]:
        """Returns components exposed to CLOUD Act compellability."""
        return [c for c in self.components if c.cloud_act_exposed]

    def art12_compliant_storage(self) -> list[InfrastructureComponent]:
        """Returns storage components meeting Art.12 immutable logging requirements."""
        return [
            c for c in self.components
            if c.layer == ComplianceLayer.STORAGE
            and c.jurisdiction == JurisdictionStatus.EU_SOVEREIGN
        ]

    def missing_layers(self) -> list[ComplianceLayer]:
        """Returns compliance layers not covered by any EU-sovereign component."""
        covered = {
            c.layer for c in self.components
            if c.jurisdiction == JurisdictionStatus.EU_SOVEREIGN
        }
        return [layer for layer in ComplianceLayer if layer not in covered]

    def compliance_score(self) -> dict:
        """
        Returns a compliance score per EU AI Act obligation.
        Score: 0-100, where 100 = fully EU-sovereign.
        """
        total = len(self.components)
        if total == 0:
            return {"overall": 0, "cloud_act_risk": "UNKNOWN"}

        eu_sovereign = sum(
            1 for c in self.components
            if c.jurisdiction == JurisdictionStatus.EU_SOVEREIGN
        )
        cloud_act_exposed = len(self.cloud_act_exposure())

        return {
            "overall_score": round((eu_sovereign / total) * 100),
            "eu_sovereign_components": eu_sovereign,
            "cloud_act_exposed_components": cloud_act_exposed,
            "missing_layers": [l.value for l in self.missing_layers()],
            "art12_storage_compliant": len(self.art12_compliant_storage()) > 0,
            "high_risk_system": self.is_high_risk,
            "recommendation": self._recommend(),
        }

    def _recommend(self) -> str:
        exposed = len(self.cloud_act_exposure())
        missing = self.missing_layers()

        if exposed == 0 and not missing:
            return "COMPLIANT: All layers EU-sovereign. Art.12 and GDPR Art.32 obligations met."
        elif exposed > 0:
            names = ", ".join(c.name for c in self.cloud_act_exposure())
            return (
                f"RISK: {exposed} components CLOUD-Act-exposed: {names}. "
                "Audit trails accessible to US subpoenas without notice. "
                "Migrate to EU-sovereign providers before August 2, 2026."
            )
        else:
            return f"INCOMPLETE: Missing EU-sovereign coverage for: {[l.value for l in missing]}"


def build_hetzner_compliant_stack(system_name: str) -> AgenticComplianceDeployment:
    """Reference implementation: full EU-native agentic AI deployment on Hetzner/sota.io."""
    deployment = AgenticComplianceDeployment(
        system_name=system_name,
        is_high_risk=True,
    )

    # Layer 1: Compute — sota.io managed PaaS on Hetzner Germany
    deployment.add_component(InfrastructureComponent(
        name="agentic_orchestrator",
        layer=ComplianceLayer.COMPUTE,
        provider="sota.io (Hetzner Germany)",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="No US parent. Hetzner Online GmbH, Gunzenhausen DE.",
    ))

    # Layer 2: Storage — Hetzner Object Storage with Object Lock
    deployment.add_component(InfrastructureComponent(
        name="art12_audit_log_storage",
        layer=ComplianceLayer.STORAGE,
        provider="Hetzner Object Storage",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="WORM semantics via Object Lock. Append-only audit trail. Art.12 compliant.",
    ))

    # Layer 2: Vector DB — Qdrant self-hosted on sota.io
    deployment.add_component(InfrastructureComponent(
        name="vector_database_qdrant",
        layer=ComplianceLayer.STORAGE,
        provider="Qdrant (self-hosted, sota.io)",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="Berlin-incorporated. Indexed deletion for GDPR Art.17 erasure flows.",
    ))

    # Layer 3: Networking — EU VPC with outbound filtering
    deployment.add_component(InfrastructureComponent(
        name="agent_network_gateway",
        layer=ComplianceLayer.NETWORKING,
        provider="Hetzner Cloud VPC",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="Private VPC with defined egress. TLS termination on EU infrastructure.",
    ))

    # Layer 4: Identity — Keycloak self-hosted
    deployment.add_component(InfrastructureComponent(
        name="hitl_reviewer_identity",
        layer=ComplianceLayer.IDENTITY,
        provider="Keycloak (self-hosted, sota.io)",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="Open source. HITL reviewer authentication with MFA. Actor identity for Art.12.",
    ))

    # Layer 5: Observability — Grafana stack self-hosted
    deployment.add_component(InfrastructureComponent(
        name="compliance_monitoring",
        layer=ComplianceLayer.OBSERVABILITY,
        provider="Prometheus + Grafana + Loki (self-hosted)",
        jurisdiction=JurisdictionStatus.EU_SOVEREIGN,
        cloud_act_exposed=False,
        eu_incorporated=True,
        notes="Art.72 post-market monitoring. Full distributed tracing for agent tool calls.",
    ))

    return deployment


def build_aws_exposed_stack(system_name: str) -> AgenticComplianceDeployment:
    """Demonstrates CLOUD Act exposure with AWS-based deployment."""
    deployment = AgenticComplianceDeployment(
        system_name=system_name,
        is_high_risk=True,
    )

    deployment.add_component(InfrastructureComponent(
        name="agentic_orchestrator_bedrock",
        layer=ComplianceLayer.COMPUTE,
        provider="AWS Bedrock (Frankfurt)",
        jurisdiction=JurisdictionStatus.EU_DATACENTER_US_PARENT,
        cloud_act_exposed=True,          # AWS Inc. = US-incorporated
        eu_incorporated=False,
        notes="AWS Inc. incorporated in US. CLOUD Act compellability applies to all AWS data.",
    ))

    deployment.add_component(InfrastructureComponent(
        name="audit_logs_s3",
        layer=ComplianceLayer.STORAGE,
        provider="AWS S3 (eu-central-1)",
        jurisdiction=JurisdictionStatus.EU_DATACENTER_US_PARENT,
        cloud_act_exposed=True,
        eu_incorporated=False,
        notes="Art.12 logs on CLOUD-Act-exposed storage. NCA inspection data accessible to US subpoenas.",
    ))

    return deployment


# Usage example
if __name__ == "__main__":
    # Compliant stack
    compliant = build_hetzner_compliant_stack("customer_support_agent_v2")
    score = compliant.compliance_score()
    print("=== EU-Native Stack ===")
    print(f"Overall score: {score['overall_score']}/100")
    print(f"CLOUD Act exposed: {score['cloud_act_exposed_components']}")
    print(f"Missing layers: {score['missing_layers']}")
    print(f"Art.12 storage compliant: {score['art12_storage_compliant']}")
    print(f"Recommendation: {score['recommendation']}")

    print()

    # Exposed stack
    exposed = build_aws_exposed_stack("customer_support_agent_aws")
    score = exposed.compliance_score()
    print("=== AWS Stack (Exposed) ===")
    print(f"Overall score: {score['overall_score']}/100")
    print(f"CLOUD Act exposed: {score['cloud_act_exposed_components']}")
    print(f"Recommendation: {score['recommendation']}")

The 25-Item EU-Native Deployment Checklist

Use this checklist to assess and remediate your agentic AI infrastructure before August 2, 2026. Each item maps to a specific EU AI Act or GDPR obligation.

Part A: Compute Sovereignty (Art.9 Risk Management)

1. Compute provider is EU-incorporated with no US parent company ✓/✗
2. AI inference (if using managed inference) runs on EU-sovereign infrastructure ✓/✗
3. Orchestrator and sub-agent containers run on EU-sovereign compute ✓/✗
4. Container images are built and stored in EU-sovereign registries ✓/✗
5. Dependency supply chain is audited — no silent US-parent exfiltration in dependencies ✓/✗

Part B: Audit Log Integrity (Art.12 Record-Keeping)

1. Tool-call logs are written to append-only WORM storage on EU-sovereign infrastructure ✓/✗
2. Orchestrator reasoning traces are logged with timestamps and agent identifiers ✓/✗
3. Sub-agent input/output is fully logged for every invocation ✓/✗
4. Human oversight decisions are logged with actor identity, timestamp, and reasoning ✓/✗
5. Log storage is separate from application data (no cross-access via application service accounts) ✓/✗

Part C: Vector Store and Memory Compliance (GDPR Art.17)

1. Vector database is EU-incorporated with no US parent ✓/✗
2. Vector database supports indexed deletion with verified tombstoning ✓/✗
3. Every embedding is tagged with the user ID that generated it ✓/✗
4. GDPR Art.17 erasure requests trigger automated deletion across all vector namespaces ✓/✗
5. Erasure events are logged to the Art.12 audit trail ✓/✗

Part D: Human Oversight Infrastructure (Art.14)

1. HITL reviewer interface is deployed on EU-sovereign compute ✓/✗
2. Reviewer authentication uses EU-sovereign identity provider (not Google/Microsoft SSO) ✓/✗
3. Every reviewer session generates an authenticated log entry in Art.12 storage ✓/✗
4. Agent execution can pause synchronously pending human decision (not fire-and-forget) ✓/✗
5. Escalation paths are documented for cases where human reviewer is unavailable ✓/✗

Part E: Post-Market Monitoring and Incident Response (Art.72 + Art.73)

1. Observability stack is deployed on EU-sovereign infrastructure ✓/✗
2. Behavioral baseline is established and deviation alerting is active ✓/✗
3. Art.73 incident classification criteria are implemented in alerting rules ✓/✗
4. NCA notification workflow is tested and takes less than the maximum allowed period ✓/✗
5. Art.12 log export is tested and produces an NCA-readable report without manual transformation ✓/✗

Scoring and Remediation Priority

22-25 checks passed: EU-native deployment is substantially complete. Focus on documentation and NCA inspection readiness.

16-21 checks passed: Moderate gaps. Prioritize Part B (audit logs) and Part D (HITL identity) — these are the primary NCA inspection targets for agentic AI in the first enforcement cycle.

11-15 checks passed: Significant CLOUD Act exposure. Immediate action required on compute and storage providers before August 2, 2026.

0-10 checks passed: Critical remediation needed. Begin infrastructure migration immediately. August 2, 2026 is the Art.99 enforcement activation date for high-risk AI providers — fines up to €15 million or 3% of global annual turnover for violations of high-risk AI obligations.

The Series in Summary: Five Layers, One Compliance Architecture

This five-post series has mapped the EU AI Act onto the five principal architecture layers of modern agentic AI:

The architecture insight is that each layer's compliance obligation ultimately lands at the infrastructure level. You can write perfect HITL code that implements Art.14 exactly as required — but if your HITL decision logs are stored on AWS S3, those compliance records are accessible to US subpoenas without your knowledge. The compliance obligation and the infrastructure requirement are not separable.

August 2, 2026: What Providers Must Have Ready

The EU AI Act's general obligations for high-risk AI providers enter full enforcement on August 2, 2026. For agentic AI systems classified as high-risk (or systems where classification is uncertain), the compliance infrastructure must be operational — not planned, not in progress — by that date.

The minimum infrastructure the EU AI Act requires for high-risk agentic AI:

• Art.9 risk management system: Documented, operational, and tested. For agentic AI, this includes prompt injection risk assessment, tool permission scoping, and action blast-radius limits.
• Art.10 data governance: Training data and input data governance documented. For RAG systems, this includes the retrieval corpus governance.
• Art.12 logging: Automatic logging of events sufficient to verify compliance. Logs stored with integrity and available for NCA export.
• Art.13 transparency: Technical documentation and instructions for use available to deployers. For agentic AI, this includes documentation of tool categories, autonomy levels, and override mechanisms.
• Art.14 human oversight: Operational HITL mechanisms appropriate to the risk level. For fully automated agentic pipelines, this means at minimum confidence-threshold escalation and irreversible-action blocking.
• Art.17 quality management system: QMS operational with documented processes for monitoring, corrective action, and NCA notification.

All of these require infrastructure. None of them can be satisfied with a compliance document alone.

Getting Started with EU-Native Deployment

For teams beginning the infrastructure migration, the recommended sequence is:

Week 1-2: Audit current infrastructure

• Map every infrastructure component to a jurisdiction status
• Run the 25-item checklist above
• Identify CLOUD Act-exposed components in your audit log storage (this is the highest-priority risk)

Week 3-4: Migrate audit log storage

• Move Art.12 audit logs to EU-sovereign WORM storage
• Implement log integrity verification (hash chains or similar)
• Test NCA export workflow

Month 2: Migrate compute and vector storage

• Deploy orchestrator and sub-agents on EU-sovereign compute (sota.io managed PaaS provides single-command deployment with no infrastructure management overhead)
• Migrate vector database to EU-sovereign provider with deletion support
• Implement GDPR Art.17 erasure flows

Month 3: Identity and observability

• Deploy EU-sovereign identity provider for HITL reviewers
• Configure observability stack for Art.72 post-market monitoring
• Run Art.73 incident notification drill

This sequence prioritizes the compliance evidence layer (audit logs) first, since NCA inspections typically begin with the audit trail. A correctly deployed EU-native audit trail buys time for the remaining infrastructure migration.

This is Post #5 in the sota.io EU AI Act Agentic AI Compliance Series. The complete series: Post 1 — MCP Server & Tool Calling | Post 2 — Multi-Agent Orchestration | Post 3 — Memory & RAG Compliance | Post 4 — HITL Art.14 Implementation Patterns | Post 5 — EU-Native Deployment Finale (this post)

sota.io is an EU-native managed PaaS running on Hetzner Germany with no US parent. Deploy your agentic AI compliance infrastructure with full EU sovereignty at sota.io.