Phrony
EU AI Act Compliance
Built for the governance layer the EU AI Act requires.
Phrony is the runtime and governance infrastructure for production AI agents. For companies deploying high-risk AI systems in the European Union, Phrony is positioned as a third-party component supplier under Article 25 of the EU AI Act.
Phrony Labs BV | KvK 42039600
Our role in your compliance
The EU AI Act assigns obligations based on who places the AI system on the market. For AI agents deployed on Phrony, the roles are clear.
You — Provider of the high-risk AI system
You decide what your AI agent is used for — credit decisioning, underwriting, claims handling, employment screening, or similar. That makes you the Provider under the EU AI Act. You are responsible for the conformity assessment, CE marking, EU database registration, and the full set of provider obligations.
Phrony — Third-party component supplier
Phrony provides the runtime, governance, and audit infrastructure your AI agent operates within. Under Article 25, we supply you with the technical capabilities, documentation, and cooperation needed to meet your obligations — formalised in a dedicated Customer Agreement.
The timeline
Obligations for high-risk AI systems under the EU AI Act apply from 2 August 2026. Most AI agents deployed in financial services, insurance, HR, and related sectors fall within the high-risk classification.
2 August 2026 — high-risk AI obligations apply.
Risk management, automatic logging, transparency documentation, human oversight, and accuracy / robustness / cybersecurity controls must be operational before that date. Phrony is built to support these requirements today, so your deployment does not become a last-minute retrofit.
How the platform supports AI Act compliance
Phrony maps platform capabilities to the high-risk AI system requirements in Chapter III, Section 2 of the EU AI Act. Each capability is documented in detail in the Phrony Compliance Documentation Package, available to customers under the Article 25 Customer Agreement.
Article 9 — Risk management system
Three-layer detection: real-time inline prevention, statistical behavioural drift analysis, and multi-step sequence pattern detection. HITL escalation for residual risk. Continuous rule refinement feeding back into real-time enforcement.
Article 11 — Technical documentation
Platform architecture, data-flow documentation, control specifications, and governance design — provided in a format that can be incorporated into your Annex IV technical documentation file for your conformity assessment.
Article 12 — Automatic record-keeping
Tamper-resistant session, run, and step logging for every agent execution. Full audit trail from trigger to outcome — timestamped, immutable, and exportable. Retention configurable up to five years for Enterprise deployments.
Article 13 — Transparency & instructions for use
Operator-facing documentation covering platform capabilities, limitations, intended use, and operator responsibilities. Clear and explicit about what Phrony is, what it is not, and where accuracy validation remains the operator's responsibility.
Article 14 — Human oversight
Human-in-the-loop and agent-in-the-loop escalation with Approve, Reject, and Redirect controls. Manual session termination at any point. Full operator-decision audit trail. Supports both AI Act Article 14 and GDPR Article 22 requirements.
Article 15 — Accuracy, robustness & cybersecurity
Policy guardrails enforced at the runtime level — resistant to prompt-injection of the reasoning layer. Session safety limits including maximum tokens, duration, and tool-call depth. Encrypted secrets vault, role-based access control, and multi-tenancy isolation.
What Phrony is not
We hold a clear line on where our obligations end and yours begin. This clarity is what makes Phrony a trusted component supplier for regulated deployments.
Phrony does not:
- Determine the intended purpose of your AI system.
- Perform the conformity assessment on your behalf.
- Issue the EU declaration of conformity or affix the CE marking.
- Register your high-risk AI system in the EU database.
- Validate domain-specific accuracy of LLM outputs.
- Replace the legal or regulatory advice of qualified counsel.
These obligations remain with you as the Provider of your high-risk AI system. Our role is to give you the runtime capabilities and documentation that make meeting those obligations operationally possible.
Request the compliance documentation package
For prospective customers evaluating Phrony for deployment under the EU AI Act, the full Article 25 Customer Agreement and compliance documentation package is available under mutual NDA.
Email: compliance@phrony.com