EU AI Act Readiness Kit: Receipts, Policies, and Playbooks

What changed in May 2025

• Conformity assessments now expect receipts for every model-assisted decision.
• Providers must expose user controls for opt-out, redress, and traceability.
• Vendors need living risk registers with attack prompts and mitigations.

How teams are complying

• Added receipts panels that show data sources, model version, and evaluator scores.
• Shipped policy-as-code (OPA + LangGraph) to block tools outside approved scopes.
• Created red-team calendars with signed outcomes that auditors can replay.

Copy-paste assets

We bundled a receipts UI template, an EU AI Act-friendly consent modal, and a one-pager for legal explaining how ASI pods stay auditable.