EU AI Act Article 50 Compliance Mapping

Summary

The EU AI Act's Article 50 establishes transparency obligations for providers and deployers of AI systems. These obligations require that users are informed they are interacting with AI, that AI-generated content is machine-detectable, that decisions are explainable, and that audit trails are maintained.

The Agent Alignment Protocol (AAP) and Agent Integrity Protocol (AIP) together provide the technical infrastructure to satisfy these requirements. AAP audits what an agent did through Alignment Cards and AP-Traces. AIP reveals what an agent was thinking through Integrity Checkpoints. Together they create a complete transparency and audit chain.

This document provides a field-level mapping between Article 50 obligations and AAP/AIP features, references the SDK compliance presets, and links to working examples.

Disclaimer: This document reflects a technical mapping of AAP/AIP features to Article 50 requirements. It does not constitute legal advice. Consult qualified legal counsel for your specific compliance obligations.

Article 50 Obligation Mapping

50(1) — Inform Users of AI Interaction

Requirement: Providers shall ensure that AI systems intended to interact directly with natural persons are designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system.

AAP mapping:

Obligation	AAP Field	How It Satisfies
Identify the AI system	`AlignmentCard.agent_id`	Unique, persistent agent identifier
Identify the principal	`AlignmentCard.principal`	Declares human/org oversight and relationship type
Disclose AI nature	`extensions.eu_ai_act.disclosure_text`	Machine-readable disclosure text for presentation to users
Classify the system	`extensions.eu_ai_act.ai_system_classification`	Declares risk classification per AI Act categories

AIP mapping:

Obligation	AIP Field	How It Satisfies
Identify the AI system	`IntegrityCheckpoint.agent_id`	Unique agent identifier in every checkpoint
Link to alignment declaration	`IntegrityCheckpoint.card_id`	References the AAP Alignment Card
Session tracking	`IntegrityCheckpoint.session_id`	Groups checks within a conversation
Provider identification	`IntegrityCheckpoint.provider` + `model`	Identifies the underlying LLM

SDK preset (AAP): EU_COMPLIANCE_EXTENSIONS provides a ready-made extension block with disclosure text and classification.

50(2) — Machine-Readable Marking

Requirement: Providers of AI systems shall ensure that the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated.

AAP mapping:

Obligation	AAP Field	How It Satisfies
Machine-readable format	AP-Trace structured JSON	Every decision is a structured, parseable record
Protocol versioning	`AlignmentCard.aap_version`	Protocol version enables tooling compatibility
Trace format declaration	`audit_commitment.trace_format` = `"ap-trace-v1"`	Declares the structured format used
Agent attribution	`APTrace.agent_id` + `APTrace.card_id`	Every trace links to the producing agent and its card

AIP mapping:

Obligation	AIP Field	How It Satisfies
Structured format	IntegrityCheckpoint JSON	Every checkpoint is structured, parseable JSON
Content integrity	`thinking_block_hash`	SHA-256 hash of the thinking block — tamper-evident
Output integrity	`output_block_hash`	SHA-256 hash of the output block — machine-readable marking of AI-generated content (v0.5.0)
Protocol versioning	`X-AIP-Version` header	Protocol version on all responses
Unique identification	`checkpoint_id` (`ic-{uuid}`)	Every checkpoint is uniquely identified

Both AP-Traces and Integrity Checkpoints are inherently machine-readable structured JSON documents with defined schemas. Any system processing output from an AAP/AIP-instrumented agent can determine that it was AI-generated and by which agent. The output_block_hash (v0.5.0) provides a cryptographic fingerprint of the AI-generated output without storing the content, enabling downstream systems to verify provenance.

50(3) — Transparency of Decisions

Requirement: Deployers of AI systems that generate or manipulate content shall disclose that the content has been artificially generated or manipulated. Systems shall provide explanations of their operation.

AAP mapping — post-hoc decision transparency:

Obligation	AAP Field	How It Satisfies
Decision reasoning	`APTrace.decision.selection_reasoning`	Free-text explanation of why the agent chose this action
Values applied	`APTrace.decision.values_applied`	Which declared values influenced the decision
Alternatives considered	`APTrace.decision.alternatives_considered`	All options the agent evaluated, with scores
Escalation evaluation	`APTrace.escalation.evaluated` + `triggers_checked`	Whether human oversight was considered and why
Confidence	`APTrace.decision.confidence`	Agent's self-assessed confidence in the decision

AIP mapping — real-time reasoning transparency:

Obligation	AIP Field	How It Satisfies
Reasoning summary	`IntegrityCheckpoint.reasoning_summary`	Natural-language explanation of the integrity analysis
Values checked	`ConscienceContext.values_checked`	Which conscience values were evaluated
Value conflicts	`ConscienceContext.conflicts`	Which values were in tension
Value supports	`ConscienceContext.supports`	Which values the thinking aligned with
Integrity verdict	`IntegrityCheckpoint.verdict`	`clear`, `review_needed`, or `boundary_violation`
Specific concerns	`IntegrityCheckpoint.concerns[]`	Categorized concerns with evidence and severity

Together, AAP's decision block and AIP's ConscienceContext provide complete transparency into agent reasoning — from what the agent was thinking (AIP) to what it chose and why (AAP). This goes beyond Article 50's minimum requirements by making the full decision process auditable in real-time.

50(4) — Audit Trail

Requirement: AI systems shall be designed and developed to allow for the logging of relevant events over the lifetime of the system, in a manner that enables tracing of the system's operation.

AAP mapping — decision audit trail:

Obligation	AAP Field	How It Satisfies
Retention period	`audit_commitment.retention_days` >= 90	Minimum 90 days recommended for EU compliance
Queryability	`audit_commitment.queryable` = `true`	Traces can be retrieved and inspected
Tamper evidence	`audit_commitment.tamper_evidence` = `"append_only"`	Audit log integrity protection
Query endpoint	`audit_commitment.query_endpoint`	API endpoint for trace retrieval
Trace format	`audit_commitment.trace_format` = `"ap-trace-v1"`	Standardized, versioned format

AIP mapping — reasoning audit trail:

Obligation	AIP Field	How It Satisfies
Session windowing	`WindowConfig.max_age_seconds` = 7200	Extended 2-hour retention window for EU compliance
Window management	`WindowConfig.mode` = `"sliding"`	Continuous monitoring with bounded memory
Session boundaries	`WindowConfig.session_boundary` = `"reset"`	Clean session isolation
Cross-protocol audit	`IntegrityCheckpoint.linked_trace_id`	Links to AAP AP-Trace for full audit chain
Output analysis	`analysis_scope: "thinking_and_output"`	Output analysis results stored in audit trail (v0.5.0)
Output integrity	`output_block_hash`	SHA-256 hash of analyzed output for tamper-evident audit
Failure handling	`FailurePolicy.mode` = `"fail_closed"`	System blocks on analysis failure — no silent pass-through

The linked_trace_id field in every Integrity Checkpoint can reference the corresponding AAP AP-Trace, creating a complete audit chain from reasoning to decision. With output analysis enabled (v0.5.0), the audit trail includes both what the agent was thinking and what it said, with cryptographic hashes (output_block_hash) enabling verification without storing content.

Risk Assessment Support

Article 50 obligations vary by risk classification. AAP and AIP support risk assessment through:

Risk Dimension	Protocol	Feature
Behavioral boundaries	AAP	`autonomy_envelope.bounded_actions` + `forbidden_actions`
Escalation policy	AAP	`autonomy_envelope.escalation_triggers`
Value declaration	AAP	`values.declared` + `values.definitions`
Known limitations	Both	LIMITS.md documentation pattern
Behavioral drift	AAP	`detect_drift()` API
Violation detection	AAP	`verify_trace()` API
Reasoning integrity	AIP	`check_integrity()` real-time analysis
Concern taxonomy	AIP	`prompt_injection`, `value_misalignment`, `autonomy_violation`, `deception`

SDK Compliance Presets

AAP Presets

from aap.compliance import (
    EU_COMPLIANCE_AUDIT_COMMITMENT,   # retention, queryable, tamper_evidence
    EU_COMPLIANCE_EXTENSIONS,          # eu_ai_act disclosure block
    EU_COMPLIANCE_VALUES,              # transparency, honesty, user_control, principal_benefit
)

import {
  EU_COMPLIANCE_AUDIT_COMMITMENT,
  EU_COMPLIANCE_EXTENSIONS,
  EU_COMPLIANCE_VALUES,
} from "agent-alignment-protocol";

AIP Presets

from aip import (
    EU_COMPLIANCE_WINDOW_CONFIG,       # extended 2h window, sliding, fail-closed
    EU_COMPLIANCE_FAILURE_POLICY,      # fail_closed, 15s timeout
)

import {
  EU_COMPLIANCE_WINDOW_CONFIG,
  EU_COMPLIANCE_FAILURE_POLICY,
} from "@mnemom/agent-integrity-protocol";

The Complete Trust Chain

AAP and AIP together create a complete transparency chain that exceeds Article 50 requirements:

Layer	Protocol	Artifact	What It Captures
Declaration	AAP	Alignment Card	What the agent is, what it can do, what it values
Real-time analysis	AIP	Integrity Checkpoint	What the agent is thinking, whether it aligns
Decision audit	AAP	AP-Trace	What the agent chose, why, what alternatives existed
Cross-protocol link	Both	`linked_trace_id`	Connects reasoning to decision
Behavioral monitoring	AAP	Drift Detection	Whether the agent is changing over time

Enforcement Timeline

Date	Milestone
August 2025	AI Act general provisions in force
February 2026	Prohibited practices apply
August 2026	Article 50 transparency obligations apply
August 2027	High-risk system obligations apply