EU AI Act

Fortanix Confidential AI addresses several of the requirements set by the EU AI Act for providers and deployers of high-risk AI systems, and it does so at the infrastructure layer rather than through application-level controls that can be modified or circumvented. 

As previously mentioned, the EU AI Act's requirements for high-risk AI systems include robust cybersecurity measures, meticulous technical documentation, automatic event logging, and mechanisms to ensure accuracy and integrity throughout the system's operation. 

For cybersecurity, Fortanix provides hardware-enforced isolation of AI workloads through trusted execution environments (TEEs), composite CPU and GPU attestation that verifies the integrity of the complete execution stack before any workload runs, and attestation-gated key management through a FIPS 140-2 Level 3 certified HSM. This is all at the silicon level and doesn’t depend on software configuration that could be misconfigured or bypassed. 

For logging and documentation, every attestation event generates a signed, tamper-evident record of the hardware running, the software loaded, the policy or policies enforced, and the keys that were released. These records are available to EU AI Act compliance platform documentation packages and provide the kind of verifiable, hardware-rooted evidence that’s increasingly expected. 

For organizations that need to meet EU AI Act compliance, there are three main recommendations:  

1. Assess which AI workloads fall into the high-risk tier under Annex III of the Act. 

2. Review the technical safeguards documentation requirements under Articles 9 through 15. 

3. Consider whether your current infrastructure can produce the evidence those articles require.