The latest articles on DEV Community by Kuziva Muzondo (@kuzivaai). https://dev.to/kuzivaai https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3891438%2F3e1c693a-09e1-4ba1-8603-e72bc43d2d1a.png https://dev.to/kuzivaai en Kuziva Muzondo Sun, 26 Apr 2026 23:29:25 +0000 https://dev.to/kuzivaai/technical-report-eu-ai-act-code-footprint-analysis-4l6i https://dev.to/kuzivaai/technical-report-eu-ai-act-code-footprint-analysis-4l6i <p>As of April 26, 2026, the AI industry is 98 days from the original August 2 enforcement deadline for high-risk systems. While the European Parliament’s March 26 vote (569-45) significantly increases the likelihood of a delay to December 2027 via the Digital Omnibus, the technical requirements of Articles 9–15 remain the fixed objective for engineering teams.</p> <p>To quantify the readiness of the ecosystem, we conducted a source-code audit using Regula (v1.7.0). We analyzed 19,426 files across five cornerstone AI frameworks. The analysis identifies "compliance surface"—code patterns that trigger specific legal obligations under the Act.</p> <p><strong>The Framework Audit</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzp8hh5dq02tclohb8c7e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzp8hh5dq02tclohb8c7e.png" alt=" " width="624" height="220"></a></p> <p><strong>Engineering Findings</strong></p> <p><strong>Human Oversight (Article 14)</strong><br> The highest density of agentic autonomy indicators was found in CrewAI. Under Article 14, high-risk systems must be designed for human intervention. Our scan identified 56 instances where autonomous loops lack native confirmation gates, shifting the compliance burden entirely to the end-implementer.</p> <p><strong>Cybersecurity and Weights (Article 15)</strong><br> HuggingFace Transformers triggered 113 specific AI security patterns. These primarily involve model-loading and serialization risks. Article 15(4) mandates protection against model poisoning; using these frameworks requires a verified provenance chain for all external weights.</p> <p><strong>Data Governance (Article 10)</strong><br> We identified 79 patterns in LlamaIndex indicating PII or sensitive data flowing into or out of LLMs without redaction. Article 10(5) requires training and testing data to be securely governed. Frameworks that facilitate RAG on sensitive datasets create a direct Article 10 surface and significant information disclosure risks.</p> <p><strong>Project Details</strong><br> Regula is a zero-dependency Python CLI for AI governance. It uses 409 unique detection patterns to map code to the EU AI Act, OWASP LLM Top 10, and NIST AI RMF. It runs locally and generates signed evidence packs for regulatory submission.</p> <p>*<em>Source: <a href="https://github.com/kuzivaai/getregula" rel="noopener noreferrer">https://github.com/kuzivaai/getregula</a><br> *</em></p> ai opensource euaiact python