Summary
The EU AI Act's Article 15 establishes accuracy, robustness, and cybersecurity requirements for high-risk AI systems. These obligations require that AI systems achieve appropriate levels of accuracy, are resilient to errors and inconsistencies, and are protected against unauthorized manipulation.
The Agent Alignment Protocol (AAP) and Agent Integrity Protocol (AIP) together provide the technical infrastructure to satisfy these requirements. AIP's output analysis (v0.5.0) enables continuous accuracy monitoring by comparing agent outputs against declared alignment card behaviors. AIP's integrity windows and CLPI's policy enforcement provide robustness monitoring. AIP's prompt injection detection and chain hashes address cybersecurity requirements.
This document provides a field-level mapping between Article 15 obligations and AAP/AIP features.
Disclaimer: This document reflects a technical mapping of AAP/AIP features to Article 15 requirements. It does not constitute legal advice. Consult qualified legal counsel for your specific compliance obligations.
Article 15 Obligation Mapping
15(1) — Accuracy
Requirement: High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, as declared by the provider. Accuracy levels and metrics shall be communicated to deployers.
AAP mapping — accuracy declaration and monitoring:
| Obligation | AAP Field | How It Satisfies |
|---|---|---|
| Declare accuracy levels | AlignmentCard.values.declared | Declares behavioral commitments that define "accurate" for this agent |
| Accuracy metrics | verify_trace() violation rates | Ratio of traces with zero violations quantifies behavioral accuracy |
| Communicate to deployers | /.well-known/alignment-card.json | Publicly discoverable accuracy contract |
| Accuracy over time | detect_drift() API | Surfaces accuracy degradation via behavioral drift alerts |
AIP mapping — real-time accuracy monitoring:
| Obligation | AIP Field | How It Satisfies |
|---|---|---|
| Output accuracy monitoring | analysis_scope: "thinking_and_output" | Compares agent output against declared card behaviors in real-time |
| Output-card alignment | output_misalignment concern category | Detects when output contradicts declared values, even with clean thinking |
| Accuracy metrics | integrity_ratio (window) | Rolling ratio of aligned verdicts as continuous accuracy metric |
| Accuracy evidence | IntegrityCheckpoint.reasoning_summary | Natural-language explanation of accuracy assessment |
SDK preset: EU_COMPLIANCE_ARTICLE_15_EXTENSIONS provides a ready-made extension block declaring accuracy monitoring via AIP.
15(2) — Robustness
Requirement: High-risk AI systems shall be resilient as regards errors, faults, or inconsistencies that may occur within the system or the environment in which the system operates.
AAP mapping — robustness via behavioral contracts:
| Obligation | AAP Field | How It Satisfies |
|---|---|---|
| Error resilience | autonomy_envelope.escalation_triggers | Defines conditions for graceful degradation |
| Fault tolerance | audit_commitment.tamper_evidence | Append-only audit trail survives system faults |
| Inconsistency detection | verify_trace() → CARD_MISMATCH | Detects behavioral inconsistency between card and actions |
AIP mapping — robustness via continuous monitoring:
| Obligation | AIP Field | How It Satisfies |
|---|---|---|
| Integrity windows | WindowConfig.mode = "sliding" | Continuous monitoring with bounded memory; survives partial failures |
| Fail-closed mode | FailurePolicy.mode = "fail_closed" | System blocks on analysis failure — no silent pass-through |
| Drift resilience | IntegrityDriftAlert | Detects behavioral inconsistency across sessions |
| Session isolation | WindowConfig.session_boundary = "reset" | Clean session boundaries prevent cross-session contamination |
CLPI mapping — robustness via policy enforcement:
| Obligation | CLPI Field | How It Satisfies |
|---|---|---|
| Tool-level enforcement | policy.evaluate at gateway | Real-time policy enforcement blocks tools outside behavioral contract |
| Unmapped tool handling | defaults.unmapped_tool_action | Configurable response to unknown tools (deny/warn/allow) |
| Grace periods | defaults.grace_period_hours | Controlled introduction of new tools without immediate failure |
15(3) — Cybersecurity
Requirement: High-risk AI systems shall be resilient as regards attempts by unauthorized third parties to alter their use, outputs, or performance by exploiting system vulnerabilities.
AIP mapping — cybersecurity via prompt injection detection:
| Obligation | AIP Field | How It Satisfies |
|---|---|---|
| Prompt injection detection | prompt_injection concern category | Real-time detection of injected instructions in thinking blocks |
| Output injection compliance | output_injection_compliance concern category | Detects when output follows injected instructions despite clean thinking |
| Thinking block integrity | thinking_block_hash (SHA-256) | Tamper-evident hash of analyzed content |
| Output integrity | output_block_hash (SHA-256) | Tamper-evident hash of output content (v0.5.0) |
| Chain hashes | Linked checkpoint_id → linked_trace_id | Cryptographic chain from reasoning to decision |
AAP mapping — cybersecurity via audit and verification:
| Obligation | AAP Field | How It Satisfies |
|---|---|---|
| Tamper evidence | audit_commitment.tamper_evidence | Append-only or merkle-tree protected audit trail |
| Action authorization | autonomy_envelope.forbidden_actions | Prevents unauthorized actions at the behavioral contract level |
| Unauthorized use detection | verify_trace() → FORBIDDEN_ACTION | Post-hoc detection of unauthorized tool invocations |
Output Analysis as Accuracy Monitoring
AIP v0.5.0's output analysis (analysis_scope: "thinking_and_output") directly enables the accuracy monitoring Article 15(1) requires:
| Article 15 Concept | AIP Implementation |
|---|---|
| Appropriate accuracy level | Defined by the Alignment Card's declared values and autonomy envelope — the behavioral accuracy contract |
| Continuous monitoring | Every agent turn is analyzed against the card, producing a real-time accuracy signal |
| Accuracy metrics | integrity_ratio provides a rolling quantitative accuracy metric (0.0–1.0) |
| Accuracy degradation | IntegrityDriftAlert with drift_direction: "value_erosion" surfaces accuracy decline |
| Output-level accuracy | output_misalignment concerns detect output that contradicts declared card behaviors |
SDK Compliance Presets
AAP Presets
import {
EU_COMPLIANCE_ARTICLE_15_EXTENSIONS,
} from "agent-alignment-protocol";
const card: AlignmentCard = {
...,
extensions: {
...EU_COMPLIANCE_ARTICLE_15_EXTENSIONS,
},
};
The EU_COMPLIANCE_ARTICLE_15_EXTENSIONS preset declares:
{
eu_ai_act_article_15: {
accuracy_monitoring: true,
robustness_monitoring: true,
cybersecurity_monitoring: true,
monitoring_protocol: "aip-v1",
compliance_version: "2026-08",
},
}
AIP Presets
import {
EU_COMPLIANCE_WINDOW_CONFIG,
EU_COMPLIANCE_FAILURE_POLICY,
} from "@mnemom/agent-integrity-protocol";
The AIP compliance presets (extended windows, fail-closed mode) satisfy Article 15(2) robustness requirements. Combined with analyze_output: true, they provide complete Article 15 coverage.
The Complete Article 15 Trust Chain
| Obligation | Protocol | Feature | What It Provides |
|---|---|---|---|
| Accuracy | AIP | Output analysis | Real-time output-vs-card accuracy monitoring |
| Accuracy metrics | AIP | integrity_ratio | Quantitative accuracy ratio per session |
| Accuracy decay | AIP | Drift alerts | Early warning when accuracy degrades |
| Robustness | AIP | Integrity windows | Continuous monitoring with bounded memory |
| Robustness | CLPI | Policy enforcement | Tool-level enforcement at the gateway |
| Cybersecurity | AIP | Prompt injection detection | Real-time detection of adversarial manipulation |
| Cybersecurity | AIP | Output/thinking block hashes | Tamper-evident integrity chain |
| Cybersecurity | AAP | Append-only audit trail | Protected evidence of all agent decisions |
Enforcement Timeline
| Date | Milestone |
|---|---|
| August 2025 | AI Act general provisions in force |
| February 2026 | Prohibited practices apply |
| August 2026 | Article 50 transparency obligations apply |
| August 2027 | Article 15 high-risk obligations apply |
References
- EU AI Act Article 15 — Full Text
- EU AI Act Article 50 Mapping — Companion transparency mapping
- AAP Specification
- AIP Specification
- AIP v0.5.0 Output Analysis
