Regulation (EU) 2024/1689
EU AI Act Compliance
Sentinel compliance mapping across the governance stack — articles actively enforced, tools integrated, and evidence chain documented.
Article Mapping
10 articles mapped across Sentinel's governance stack| Article | Requirement | Sentinel Feature | Tool | Status |
|---|---|---|---|---|
| Art. 9 | Risk Management System | Gate pipeline with composable security gates (PII, injection, tool approval) | Sentinel Policy Engine | Active |
| Art. 12 | Automatic Record-Keeping | Full request lifecycle logging — every gate evaluation, decision, and human action recorded | Sentinel Audit Log + Langfuse Tracing | Active |
| Art. 13 | Transparency to Deployers | Admin dashboard with real-time metrics, gate explanations, and policy documentation | Sentinel Admin Console | Active |
| Art. 14 | Human Oversight | HITL approval queue with approve / reject / override + emergency kill switch (Art. 14(4)(e)) | Sentinel Approval Queue | Active |
| Art. 15 | Accuracy, Robustness, Cybersecurity | Prompt injection detection (LLM Guard), PII detection (Presidio), input / output validation | Sentinel Gates + LLM Guard + Presidio | Active |
| Art. 19 | Log Retention (6-month min) | Configurable retention policy with audit log persistence | Sentinel Database | Planned |
| Art. 50 | AI Content Transparency | Agent metadata for AI-generated content attribution | Sentinel Agent Registry | Planned |
| Art. 71 | EU Database Registration | Agent registry with risk classification, intended purpose, EU registry ID field | Sentinel Agent Registry | Active |
| Art. 72 | Post-Market Monitoring | Metrics pipeline with hourly rollups, Prometheus alerting, anomaly detection | Prometheus + Sentinel Metrics | Partial |
| Art. 73 | Incident Reporting | Webhook notifications for security events with severity classification | Sentinel Webhooks | Partial |
Evidence Chain
Request lifecycle through the compliance pipelineAgent Registered
Art. 71
Risk Classified
Art. 9
Policy Assigned
Art. 9
Request Arrives
Art. 12
Gates Evaluated
Art. 12
Art. 15
Decision Made
Art. 9
If REVIEW: Human Notified
Art. 14
Logged
Art. 12
Metrics Aggregated
Art. 72
Webhooks Fired
Art. 73
Logs Retained
Art. 19
Cross-Framework Alignment
EU AI Act mapped to NIST AI RMF and ISO 42001| EU AI Act | NIST AI RMF | ISO 42001 | Sentinel Feature |
|---|---|---|---|
| Art. 9 | GOVERN 1.4–1.5 | 8.2–8.3 | Gate pipelines per risk level |
| Art. 12 | MAP 1.5, MEASURE 2.6 | A.6.2.6 | Enriched audit log + metrics rollups |
| Art. 13 | GOVERN 1.7, MAP 5.1 | A.8.3 | Admin dashboard + A2A Agent Cards |
| Art. 14 | GOVERN 1.3 | A.8.5 | HITL approval queue + kill switch |
| Art. 15 | MEASURE 2.5–2.7 | A.6.2.4 | Gate accuracy tracking + Prometheus |
| Art. 72 | MANAGE 4.1 | 9.1 | Metrics pipeline + webhooks |
Integrated Tools
Components in the Sentinel stack and their compliance roles
Sentinel Proxy
Core Gateway
Policy enforcement, gate pipeline, decision logging at the API boundary
Art. 9
Art. 12
Art. 14
Art. 15
Langfuse
Observability
OpenTelemetry tracing with full request lifecycle observability and cost attribution
Art. 12
LiteLLM
Provider Router
Multi-provider routing, model allowlisting, and cost tracking across LLM providers
Art. 15
Prometheus
Metrics
Metrics collection, alerting rules, and SLA monitoring for post-market surveillance
Art. 72
Presidio
PII Detection
PII entity detection across 17+ entity types — PERSON, EMAIL, PHONE, IBAN, and more
Art. 15
LLM Guard
Injection Detection
Prompt injection and jailbreak detection with configurable sensitivity thresholds
Art. 15