EU AI Act · Digital Omnibus on AI

The most complete runtime governance & evidence platform for the EU AI Act

The 2026 Digital Omnibus on AI simplifies the paperwork — and sharpens the controls that only a runtime layer can deliver. Aperion already enforces those controls and produces the machine-readable evidence regulators can now demand on the spot.

Aligned to Reg. (EU) 2026/… — Digital Omnibus on AI (amending the AI Act 2024/1689) Runtime enforcement + tamper-evident audit + EU AI Act Conformity Console Live in production

What the Digital Omnibus changes

It's a simplification package — lighter process, same (and in places stronger) substance:

Net effect: less form-filling, but a higher bar for live enforcement and on-demand proof — the layer Aperion provides.

Covered enforced & evidenced on every request today Partial in place today, deepening on the roadmap

Article 5 — the new prohibitions & their runtime safeguards

What the Omnibus expectsHow Aperion delivers itStatus
Runtime prompt guardrails against prohibited generationSemantic policy engine + destructive-prompt rules enforced on the request path before the model is calledCovered
Content classification & filtering of inputs and outputsPII / toxic / regulated-content classification at ingest and egress, with data-leaving-the-perimeter detectionCovered
Usage restrictions & abuse detectionPer-identity and per-route allowlists, budgets and adaptive rate limiting; multi-turn abuse detectionCovered
Notice-and-action & corrective measures on misuseEvery blocked action is sealed into the audit chain and fanned out to alerting; human approval/override closes the loopCovered

High-risk obligations (Articles 9–17)

ObligationHow Aperion delivers itStatus
Art 9 — Risk-management systemPer-route, per-identity policy graph with tiered risk rules (Critical → Low), surfaced as live evidenceCovered
Art 10 — Data & data governanceInference-time data-class controls, information barriers (group × content-label), signed agent data-class scopesCovered
Art 11 — Technical documentation (Annex IV)Auto-generated model inventory, examination reports and a signed AI bill-of-materials, exportable on demandPartial
Art 12 — Automatic record-keepingPer-request logs (input, output, model, identity, decisions) in a tamper-evident, independently verifiable audit chainCovered
Art 13 — Transparency to usersResponse-side disclosure banners and headers for downstream interfaces to surfacePartial
Art 14 — Human oversightHigh-risk actions route to a human approval queue; government-grade identity step-up (IAL2/AAL2 + liveness) holds the action until a verified human approves; oversight analytics measure override rate, approval latency and outlier reviewersCovered
Art 15 — Accuracy, robustness, cybersecurityResponse-quality & hallucination scoring, regression detection, degradation alerting; destructive prompt/tool blockingPartial
Art 17 — Quality-management systemContinuous multi-pass review program (PII, rescans, adversarial, anomalies, nightly report) producing audit-ready findingsPartial

Deployers, monitoring & incidents

ObligationHow Aperion delivers itStatus
Art 26 — Deployer obligationsVerified natural-person identity per action; every request attributed to a user, group and department; tamper-evident logsCovered
Art 72 — Post-market monitoringLive usage analytics, perimeter-egress monitoring and a nightly organisation report feeding the monitoring planPartial
Art 73 — Serious-incident reportingCritical events and high-severity findings captured and fanned out, with a pre-formatted incident envelope ready to fileCovered

The new enforcement regime — evidence on demand

New regulator powerHow Aperion answers itStatus
Order access to the AI system & retain all data/documentsRead-only Conformity Console surfaces live, per-article evidence; the tamper-evident chain is the retained recordCovered
Evidence in machine-readable format by electronic meansStructured, per-article JSON evidence plus a regulator-facing dashboardCovered
Take a system offline / limit blast radius during enforcementOne-switch emergency stop (off / read-only / halt) across model, tool and agent-to-agent traffic, fully loggedCovered

Coverage at a glance

13 / 18
obligations enforced & evidenced today
5
in place today, deepening on the roadmap
10+
AI Act articles in the live Conformity Console
100%
of Article 5's named runtime safeguards