Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mnemom.ai/llms.txt

Use this file to discover all available pages before exploring further.

EU AI Act compliance

Compliance programs

Factual posture of Mnemom’s third-party compliance and contract programs, as of the most recent documentation update. For current attestation status or evidence requests, contact your Mnemom account team.
  • SOC 2 Type II. On the roadmap. Pre-audit readiness work is in progress; third-party audit engagement has not yet begun, and no SOC 2 report is currently available. Security questionnaires, architecture reviews, and control evidence are available to enterprise customers under NDA.
  • ISO 27001. Not currently pursued.
  • GDPR Data Processing Agreement (DPA). Available to enterprise customers on request. Contact sales@mnemom.ai.
  • EU AI Act Article 50 transparency. Addressed by the AAP + AIP mapping documented on this page (below).
  • GDPR Article 17 right to erasure. Addressed by the deletion cascade documented in GDPR data subject rights.
This section records the program status as stated; it is not a certification or an attestation in itself. The SOC 2 entry in particular is a roadmap statement and should not be read as a claim of current certification.
The EU AI Act’s Article 50 establishes transparency obligations for providers and deployers of AI systems. These obligations require that users are informed they are interacting with AI, that AI-generated content is machine-detectable, that decisions are explainable, and that audit trails are maintained. Both protocols in the Mnemom trust plane address these requirements:
  • AAP (Agent Alignment Protocol) provides post-hoc audit trails — what the agent did, with structured decision records and verification.
  • AIP (Agent Integrity Protocol) provides real-time transparency — what the agent was thinking, with integrity checkpoints and concern detection.
Together they satisfy both dimensions of Article 50 transparency. The cross-protocol linkage (IntegrityCheckpoint.linked_trace_id references APTrace.trace_id) creates a complete audit chain from reasoning to decision.
This document reflects a technical mapping of AAP and AIP features to Article 50 requirements. It does not constitute legal advice. Consult qualified legal counsel for your specific compliance obligations.

AAP: Article 50 obligation mapping

50(1) — Inform users of AI interaction

Requirement: Providers shall ensure that AI systems intended to interact directly with natural persons are designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system.
ObligationAAP FieldHow It Satisfies
Identify the AI systemAlignmentCard.agent_idUnique, persistent agent identifier
Identify the principalAlignmentCard.principalDeclares human/org oversight and relationship type
Disclose AI natureextensions.eu_ai_act.disclosure_textMachine-readable disclosure text for presentation to users
Classify the systemextensions.eu_ai_act.ai_system_classificationDeclares risk classification per AI Act categories
SDK preset: EU_COMPLIANCE_EXTENSIONS provides a ready-made extension block:
from aap.compliance import EU_COMPLIANCE_EXTENSIONS

card = AlignmentCard(
    ...,
    extensions=EU_COMPLIANCE_EXTENSIONS,
)
# card.extensions["eu_ai_act"]["disclosure_text"] contains the disclosure

50(2) — Machine-readable marking

Requirement: Providers of AI systems shall ensure that the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated.
ObligationAAP FieldHow It Satisfies
Machine-readable formatAP-Trace structured JSONEvery decision is a structured, parseable record
Protocol versioningAlignmentCard.aap_versionProtocol version enables tooling compatibility
Trace format declarationaudit_commitment.trace_format = "ap-trace-v1"Declares the structured format used
Agent attributionAPTrace.agent_id + APTrace.card_idEvery trace links to the producing agent and its card
AP-Traces are inherently machine-readable — they are structured JSON documents with a defined schema. Any system processing AAP-instrumented agent output can parse the trace to determine that it was AI-generated and by which agent.

50(3) — Transparency of decisions

Requirement: Deployers of AI systems that generate or manipulate content shall disclose that the content has been artificially generated or manipulated.
ObligationAAP FieldHow It Satisfies
Decision reasoningAPTrace.decision.selection_reasoningFree-text explanation of why the agent chose this action
Values appliedAPTrace.decision.values_appliedWhich declared values influenced the decision
Alternatives consideredAPTrace.decision.alternatives_consideredAll options the agent evaluated, with scores
Escalation evaluationAPTrace.escalation.evaluated + triggers_checkedWhether human oversight was considered and why
ConfidenceAPTrace.decision.confidenceAgent’s self-assessed confidence in the decision
The AP-Trace decision block provides complete transparency into agent reasoning: what alternatives were considered, how they were scored, which values were applied, and why the selected option was chosen. This goes beyond Article 50’s minimum requirements by making the full decision process auditable.

50(4) — Audit trail

Requirement: AI systems shall be designed and developed to allow for the logging of relevant events over the lifetime of the system.
ObligationAAP FieldHow It Satisfies
Retention periodaudit_commitment.retention_days >= 90Minimum 90 days recommended for EU compliance
Queryabilityaudit_commitment.queryable = trueTraces can be retrieved and inspected
Tamper evidenceaudit_commitment.tamper_evidence = "append_only"Audit log integrity protection
Query endpointaudit_commitment.query_endpointOptional: API endpoint for trace retrieval
Trace formataudit_commitment.trace_format = "ap-trace-v1"Standardized, versioned format
SDK preset: EU_COMPLIANCE_AUDIT_COMMITMENT provides recommended values:
from aap.compliance import EU_COMPLIANCE_AUDIT_COMMITMENT

card = AlignmentCard(
    ...,
    audit_commitment=AuditCommitment(**EU_COMPLIANCE_AUDIT_COMMITMENT),
)
# retention_days=90, queryable=True, tamper_evidence="append_only"

AAP risk assessment support

Article 50 obligations vary by risk classification. AAP supports risk assessment through:
Risk DimensionAAP FeatureReference
Behavioral boundariesautonomy_envelope.bounded_actions + forbidden_actionsAlignment Card
Escalation policyautonomy_envelope.escalation_triggersAlignment Card
Value declarationvalues.declared + values.definitionsAlignment Card
Known limitationsLIMITS.md documentation patterndocs/LIMITS.md
Behavioral driftdetect_drift() APIVerification Engine
Violation detectionverify_trace() APIVerification Engine
The Alignment Card + LIMITS.md combination provides the static risk assessment. The Verification Engine provides dynamic, ongoing risk monitoring.

AAP SDK compliance presets

AAP provides three compliance presets that encapsulate the recommended configuration:

EU_COMPLIANCE_AUDIT_COMMITMENT

{
    "retention_days": 90,
    "queryable": True,
    "query_endpoint": "https://audit.example.com/traces",
    "tamper_evidence": "append_only",
    "trace_format": "ap-trace-v1",
}

EU_COMPLIANCE_EXTENSIONS

{
    "eu_ai_act": {
        "article_50_compliant": True,
        "ai_system_classification": "general_purpose",
        "disclosure_text": "This system is powered by an AI agent. Its decisions "
                           "are logged and auditable. You may request a human "
                           "review of any decision.",
        "compliance_version": "2026-08",
    },
}

EU_COMPLIANCE_VALUES

["transparency", "honesty", "user_control", "principal_benefit"]
These are available in both Python and TypeScript:
from aap.compliance import (
    EU_COMPLIANCE_AUDIT_COMMITMENT,
    EU_COMPLIANCE_EXTENSIONS,
    EU_COMPLIANCE_VALUES,
)

import {
  EU_COMPLIANCE_AUDIT_COMMITMENT,
  EU_COMPLIANCE_EXTENSIONS,
  EU_COMPLIANCE_VALUES,
} from "agent-alignment-protocol";
For the full AAP specification, see the AAP Specification.

Cross-protocol linkage

AAP provides post-hoc audit trails (what the agent did). AIP provides real-time transparency (what the agent is thinking). Together they satisfy both dimensions of Article 50:
DimensionProtocolArtifact
Decision audit trailAAPAP-Trace
Real-time reasoning transparencyAIPIntegrity Checkpoint
Cross-protocol linkageBothIntegrityCheckpoint.linked_trace_id references APTrace.trace_id

Working examples

  • AAP EU Compliance Example — Creates an EU-compliant Alignment Card, generates a traced decision, verifies it, and prints a compliance summary.
  • AIP EU Compliance Example — Creates an AIP configuration with EU compliance presets, runs an integrity check, shows the checkpoint audit trail, and demonstrates fail-closed behavior.

Enforcement timeline

DateMilestone
August 2025AI Act general provisions in force
February 2026Prohibited practices apply
August 2026Article 50 transparency obligations apply
August 2027High-risk system obligations apply
This page covers the EU AI Act (Article 50 transparency obligations). For GDPR compliance — including the right to erasure (Article 17) and the deletion cascade architecture — see the dedicated guide:

GDPR Data Subject Rights

Right to erasure (Article 17) — how Mnemom handles agent deletion requests, what data is removed, what is retained under legal carve-outs, and how to verify compliance.

References