{"slug": "eu-ai-act-compliance-as-api-calls", "title": "EU AI Act compliance as API calls", "summary": "Moltrust shipped eight endpoints on api.moltrust.ch (v2.5), including three that implement EU AI Act obligations directly. The compliance-as-an-API approach uses deterministic code branching on the pinned EUR-Lex text, as Aithos LARA study found frontier models broke EU law in up to 46% of runs. Endpoints include risk assessment, declaration of conformity as Verifiable Credentials, and incident reporting with regulatory deadlines.", "body_md": "We shipped eight endpoints on api.moltrust.ch (v2.5) this week. Three implement EU AI Act obligations directly. This is the short version for people who want to call them; the full reasoning is on our blog ([https://moltrust.ch/blog/compliance-as-an-api.html](https://moltrust.ch/blog/compliance-as-an-api.html)).\n\n**Why no model in the loop:** the Aithos LARA study (May 2026) placed twelve frontier models in simulated workplaces where the task required breaking EU law. Best model: 54% lawful runs. In the Art. 5(1)(f) scenario (emotion inference from workplace communications, prohibited), all twelve committed the violation. So the classifier is deterministic code branching on the pinned EUR-Lex text, and every response carries article references you can check yourself.\n\n**POST /compliance/assess** — use case + intended purpose + declared signals in, risk tier + obligations + article pins out. Evaluation order: Art. 5 prohibitions, Annex I route (Art. 6(1)), Annex III route (Art. 6(2)/(3)), Art. 50 transparency, minimal. The trap worth knowing: Art. 6(3) offers four derogation grounds, and its final subparagraph voids all of them for systems that profile natural persons. In the code that subparagraph is a branch; it cannot be skipped.\n\n```\ncurl -X POST https://api.moltrust.ch/compliance/assess \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"use_case\": \"Customer-support agent that reads inbound email and drafts replies\",\n    \"intended_purpose\": \"Automated first-line support for consumer inquiries\",\n    \"performs_profiling\": false,\n    \"interacts_with_humans\": true,\n    \"emotion_recognition\": false\n  }'\n```\n\n**POST /compliance/declaration** — EU declaration of conformity as a W3C Verifiable Credential with the eight Annex V items, Ed25519-signed. Verify offline against [https://api.moltrust.ch/.well-known/jwks.json](https://api.moltrust.ch/.well-known/jwks.json); no call back to us. `anchor: true`\n\nadds a sha256 commitment for batch anchoring on Base L2.\n\n**POST /compliance/incident** — records Art. 73 serious incidents and computes the deadline from the regulation: 15 days standard, 10 days for a death, 2 days for widespread infringement or serious disruption of critical infrastructure.\n\n**GET /compliance/report/{did}** — classification, obligations, gaps, declarations, audit summary per agent as HTML.\n\nScope stays narrow: the Art. 43 conformity assessment and the legal responsibility remain with provider and deployer. What you get is a machine-readable answer a third party can re-check against the same text.\n\nDates: Art. 5 in force since 2 Feb 2025, general application 2 Aug 2026, Art. 6(1) high-risk classification from 2 Aug 2027.\n\nOpenAPI: [https://api.moltrust.ch/openapi.json](https://api.moltrust.ch/openapi.json)", "url": "https://wpnews.pro/news/eu-ai-act-compliance-as-api-calls", "canonical_source": "https://dev.to/moltycel/eu-ai-act-compliance-as-api-calls-43d7", "published_at": "2026-07-12 06:25:53+00:00", "updated_at": "2026-07-12 06:44:18.076434+00:00", "lang": "en", "topics": ["ai-policy", "ai-safety", "ai-ethics", "developer-tools"], "entities": ["Moltrust", "Aithos LARA", "EU AI Act", "Base L2", "W3C"], "alternates": {"html": "https://wpnews.pro/news/eu-ai-act-compliance-as-api-calls", "markdown": "https://wpnews.pro/news/eu-ai-act-compliance-as-api-calls.md", "text": "https://wpnews.pro/news/eu-ai-act-compliance-as-api-calls.txt", "jsonld": "https://wpnews.pro/news/eu-ai-act-compliance-as-api-calls.jsonld"}}