# EU AI Act Article 15 Compliance Mapping — Mnemom Research

```json
{"@context":"https://schema.org","@type":"ScholarlyArticle","name":"EU AI Act Article 15 Compliance Mapping","headline":"EU AI Act Article 15 Compliance Mapping","description":"How AAP and AIP Satisfy Accuracy, Robustness, and Cybersecurity Obligations","url":"https://www.mnemom.ai/research/eu-ai-act-article-15-mapping/","inLanguage":"en-US","datePublished":"March 2026","dateModified":"March 2026","author":{"@type":"Organization","name":"Mnemom Research","url":"https://www.mnemom.ai"},"publisher":{"@id":"https://www.mnemom.ai#organization"},"license":"https://creativecommons.org/licenses/by/4.0/"}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.mnemom.ai/"},{"@type":"ListItem","position":2,"name":"Research","item":"https://www.mnemom.ai/research/"},{"@type":"ListItem","position":3,"name":"EU AI Act Article 15 Compliance Mapping","item":"https://www.mnemom.ai/research/eu-ai-act-article-15-mapping/"}]}
```

[All research](/research)

# EU AI Act Article 15 Compliance Mapping

How AAP and AIP Satisfy Accuracy, Robustness, and Cybersecurity Obligations

Mnemom Research·March 2026·v1.0·CC BY 4.0

[Source (Markdown)](https://github.com/mnemom/mnemom-website/blob/main/client/content/eu-ai-act-article-15-mapping.md)

Contents

## Summary

The EU AI Act's Article 15 establishes accuracy, robustness, and cybersecurity requirements for high-risk AI systems. These obligations require that AI systems achieve appropriate levels of accuracy, are resilient to errors and inconsistencies, and are protected against unauthorized manipulation.

The Agent Alignment Protocol (AAP) and Agent Integrity Protocol (AIP) together provide the technical infrastructure to satisfy these requirements. AIP's output analysis (v0.5.0) enables continuous accuracy monitoring by comparing agent outputs against declared alignment card behaviors. AIP's integrity windows and CLPI's policy enforcement provide robustness monitoring. AIP's prompt injection detection and chain hashes address cybersecurity requirements.

This document provides a field-level mapping between Article 15 obligations and AAP/AIP features.

**Disclaimer**: This document reflects a technical mapping of AAP/AIP features to Article 15 requirements. It does not constitute legal advice. Consult qualified legal counsel for your specific compliance obligations.

* * *

## Article 15 Obligation Mapping

### 15(1) — Accuracy

**Requirement**: High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, as declared by the provider. Accuracy levels and metrics shall be communicated to deployers.

**AAP mapping** — accuracy declaration and monitoring:

Obligation

AAP Field

How It Satisfies

Declare accuracy levels

`AlignmentCard.values.declared`

Declares behavioral commitments that define "accurate" for this agent

Accuracy metrics

`verify_trace()` violation rates

Ratio of traces with zero violations quantifies behavioral accuracy

Communicate to deployers

`/.well-known/alignment-card.json`

Publicly discoverable accuracy contract

Accuracy over time

`detect_drift()` API

Surfaces accuracy degradation via behavioral drift alerts

**AIP mapping** — real-time accuracy monitoring:

Obligation

AIP Field

How It Satisfies

Output accuracy monitoring

`analysis_scope: "thinking_and_output"`

Compares agent output against declared card behaviors in real-time

Output-card alignment

`output_misalignment` concern category

Detects when output contradicts declared values, even with clean thinking

Accuracy metrics

`integrity_ratio` (window)

Rolling ratio of aligned verdicts as continuous accuracy metric

Accuracy evidence

`IntegrityCheckpoint.reasoning_summary`

Natural-language explanation of accuracy assessment

**SDK preset**: `EU_COMPLIANCE_ARTICLE_15_EXTENSIONS` provides a ready-made extension block declaring accuracy monitoring via AIP.

### 15(2) — Robustness

**Requirement**: High-risk AI systems shall be resilient as regards errors, faults, or inconsistencies that may occur within the system or the environment in which the system operates.

**AAP mapping** — robustness via behavioral contracts:

Obligation

AAP Field

How It Satisfies

Error resilience

`autonomy_envelope.escalation_triggers`

Defines conditions for graceful degradation

Fault tolerance

`audit_commitment.tamper_evidence`

Append-only audit trail survives system faults

Inconsistency detection

`verify_trace()` → `CARD_MISMATCH`

Detects behavioral inconsistency between card and actions

**AIP mapping** — robustness via continuous monitoring:

Obligation

AIP Field

How It Satisfies

Integrity windows

`WindowConfig.mode = "sliding"`

Continuous monitoring with bounded memory; survives partial failures

Fail-closed mode

`FailurePolicy.mode = "fail_closed"`

System blocks on analysis failure — no silent pass-through

Drift resilience

`IntegrityDriftAlert`

Detects behavioral inconsistency across sessions

Session isolation

`WindowConfig.session_boundary = "reset"`

Clean session boundaries prevent cross-session contamination

**CLPI mapping** — robustness via policy enforcement:

Obligation

CLPI Field

How It Satisfies

Tool-level enforcement

`policy.evaluate` at gateway

Real-time policy enforcement blocks tools outside behavioral contract

Unmapped tool handling

`defaults.unmapped_tool_action`

Configurable response to unknown tools (deny/warn/allow)

Grace periods

`defaults.grace_period_hours`

Controlled introduction of new tools without immediate failure

### 15(3) — Cybersecurity

**Requirement**: High-risk AI systems shall be resilient as regards attempts by unauthorized third parties to alter their use, outputs, or performance by exploiting system vulnerabilities.

**AIP mapping** — cybersecurity via prompt injection detection:

Obligation

AIP Field

How It Satisfies

Prompt injection detection

`prompt_injection` concern category

Real-time detection of injected instructions in thinking blocks

Output injection compliance

`output_injection_compliance` concern category

Detects when output follows injected instructions despite clean thinking

Thinking block integrity

`thinking_block_hash` (SHA-256)

Tamper-evident hash of analyzed content

Output integrity

`output_block_hash` (SHA-256)

Tamper-evident hash of output content (v0.5.0)

Chain hashes

Linked `checkpoint_id` → `linked_trace_id`

Cryptographic chain from reasoning to decision

**AAP mapping** — cybersecurity via audit and verification:

Obligation

AAP Field

How It Satisfies

Tamper evidence

`audit_commitment.tamper_evidence`

Append-only or merkle-tree protected audit trail

Action authorization

`autonomy_envelope.forbidden_actions`

Prevents unauthorized actions at the behavioral contract level

Unauthorized use detection

`verify_trace()` → `FORBIDDEN_ACTION`

Post-hoc detection of unauthorized tool invocations

* * *

## Output Analysis as Accuracy Monitoring

AIP v0.5.0's output analysis (`analysis_scope: "thinking_and_output"`) directly enables the accuracy monitoring Article 15(1) requires:

Article 15 Concept

AIP Implementation

Appropriate accuracy level

Defined by the Alignment Card's declared values and autonomy envelope — the behavioral accuracy contract

Continuous monitoring

Every agent turn is analyzed against the card, producing a real-time accuracy signal

Accuracy metrics

`integrity_ratio` provides a rolling quantitative accuracy metric (0.0–1.0)

Accuracy degradation

`IntegrityDriftAlert` with `drift_direction: "value_erosion"` surfaces accuracy decline

Output-level accuracy

`output_misalignment` concerns detect output that contradicts declared card behaviors

* * *

## SDK Compliance Presets

### AAP Presets

```typescript
import {
  EU_COMPLIANCE_ARTICLE_15_EXTENSIONS,
} from "agent-alignment-protocol";

const card: AlignmentCard = {
  ...,
  extensions: {
    ...EU_COMPLIANCE_ARTICLE_15_EXTENSIONS,
  },
};
```

The `EU_COMPLIANCE_ARTICLE_15_EXTENSIONS` preset declares:

```typescript
{
  eu_ai_act_article_15: {
    accuracy_monitoring: true,
    robustness_monitoring: true,
    cybersecurity_monitoring: true,
    monitoring_protocol: "aip-v1",
    compliance_version: "2026-08",
  },
}
```

### AIP Presets

```typescript
import {
  EU_COMPLIANCE_WINDOW_CONFIG,
  EU_COMPLIANCE_FAILURE_POLICY,
} from "@mnemom/agent-integrity-protocol";
```

The AIP compliance presets (extended windows, fail-closed mode) satisfy Article 15(2) robustness requirements. Combined with `analyze_output: true`, they provide complete Article 15 coverage.

* * *

## The Complete Article 15 Trust Chain

Obligation

Protocol

Feature

What It Provides

Accuracy

AIP

Output analysis

Real-time output-vs-card accuracy monitoring

Accuracy metrics

AIP

`integrity_ratio`

Quantitative accuracy ratio per session

Accuracy decay

AIP

Drift alerts

Early warning when accuracy degrades

Robustness

AIP

Integrity windows

Continuous monitoring with bounded memory

Robustness

CLPI

Policy enforcement

Tool-level enforcement at the gateway

Cybersecurity

AIP

Prompt injection detection

Real-time detection of adversarial manipulation

Cybersecurity

AIP

Output/thinking block hashes

Tamper-evident integrity chain

Cybersecurity

AAP

Append-only audit trail

Protected evidence of all agent decisions

* * *

## Enforcement Timeline

Date

Milestone

August 2025

AI Act general provisions in force

February 2026

Prohibited practices apply

August 2026

Article 50 transparency obligations apply

**August 2027**

**Article 15 high-risk obligations apply**

* * *

## References

-   [EU AI Act Article 15 — Full Text](https://artificialintelligenceact.eu/article/15/)
-   [EU AI Act Article 50 Mapping](/research/eu-ai-act-mapping) — Companion transparency mapping
-   [AAP Specification](https://docs.mnemom.ai/protocols/aap/specification)
-   [AIP Specification](https://docs.mnemom.ai/protocols/aip/specification)
-   [AIP v0.5.0 Output Analysis](/protocols/aip/specification#7-output-analysis)

Licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/). You are free to share and adapt with attribution.

[AAP repository](https://github.com/mnemom/aap)[AIP repository](https://github.com/mnemom/aip)[OTel exporter](https://github.com/mnemom/aip-otel-exporter)

---
_Source: /research/eu-ai-act-article-15-mapping/index.html · Generated by build-markdown-mirrors.mjs · For agent-readability commitment #4 see https://www.mnemom.ai/for-agents/_