All papers
HB-005·Governance Document·Governance·November 2025·36 pages

EU AI Act · Compliance Framework

How a Helios world model maps to the obligations of the EU AI Act across risk classification, transparency, human oversight, robustness, and post-market monitoring. Auditor-ready.

Leonidas Papadopoulos · Helios Brain · Founder
§ 01

Purpose

This document maps the Helios substrate to the obligations of the EU AI Act for high-risk AI systems. It is intended for compliance officers, internal audit teams, DPAs, and procurement reviewers. It is auditor-ready: every claim references a substrate property and the artefact that demonstrates it.

§ 02

Risk classification

A Helios world model deployed for institutional decisions is treated as a high-risk AI system under the EU AI Act. The substrate is designed against the obligations applicable to that class: risk management, data governance, technical documentation, transparency, human oversight, accuracy and robustness, and post-market monitoring.

§ 03

Risk management system

The substrate implements a continuous risk management process: known risks are catalogued with the controls that mitigate them, residual risks are documented, and emerging risks are surfaced through adversarial review (see Project Athena). The risk register is versioned with the substrate.

§ 04

Data governance

Data inside the substrate is typed, versioned, and bound to provenance contracts. Training and operational data are separable. Personal data is processed under GDPR Article 22 obligations: every automated decision is traceable, explainable, and reviewable at the level the regulator and the data subject require.

§ 05

Technical documentation

The substrate generates its own technical documentation as a property of the runtime. Architecture diagrams, data flow records, reasoning composition logs, and policy artefacts are produced continuously. A regulator inquiry does not require a documentation project, it requires a query.

§ 06

Human oversight

The substrate is designed to be operated by humans, not in place of humans. Every recommendation can be reviewed at the level of evidence, reasoning composition, and policy enforcement. Refusal is supported as a first-class output. Critical actions require typed human sign-off, recorded with the substrate.

§ 07

Accuracy and robustness

Accuracy is measured at the decision level, not the prediction level. Robustness is tested through adversarial governance (Project Athena), drift detection across nested time-scales, and provenance-aware replay of prior states. The substrate exposes its own confidence and refuses outside its support.

§ 08

Post-market monitoring

The substrate monitors itself in production. Drift, anomaly, governance violation, and outcome divergence are continuously evaluated. Incidents are reported under DORA timelines for financial sector clients. The post-market monitoring is part of the runtime, not a separate compliance pipeline.

Cite this paper
Papadopoulos, L. (2025). EU AI Act · Compliance Framework. Helios Brain · Governance Document, HB-005.