<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">
EU AI Act

Meet EU AI Act requirements with cutting-edge AI escrow solutions

Get your AI-dependent operations audit-ready and protected against third-party AI software failure with Codekeeper’s purpose-built escrow offerings.
hero-eu-ai-act

The EU AI Act now puts your business on the hook for AI infrastructure you don't control. If your vendor fails and you can't prove your stack was documented and protected, you face fines up to €35 million, regulatory scrutiny, and months of operational disruption.

The EU AI Act: What you need to know

What is the EU AI Act?

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. It takes a risk-based approach, sorting AI systems into four tiers based on potential harm to health, safety, or fundamental rights. The Act casts a wide net — applying to any AI system used in the EU, regardless of where the company behind it is based.

Who needs to comply with the EU AI Act?

The Act covers the full commercial chain, from the companies that build AI to the businesses that run it.
AI system providers
AI deployers
Product manufacturers
Importers and distributors
Authorized representatives
Non-EU companies using AI output in the EU

Key EU AI Act requirements

The Act lays out six clear obligations across the full lifecycle of any AI system your business develops or makes use of:
1
AI literacy — Staff operating AI systems must demonstrate sufficient understanding of how they work and what they risk.
2
Risk classification — Every AI system must be assessed and assigned to one of four risk tiers before it goes live.
3
Technical documentation — High-risk systems require a living technical file, kept up to date and retained for 10 years.
4
Automatic logging — System logs must be maintained for a minimum of six months, longer in regulated sectors.
5
Human oversight — High-risk systems must allow human intervention and cannot operate as a closed loop.
6
Vendor due diligence — Deployers must verify supplier compliance, govern AI vendor relationships, and document the evidence.

Where AI escrow fits in

Due to the nature of AI systems, most businesses building on third-party AI don’t have access to the data needed to ensure recovery. AI Escrow addresses that access issue directly to ensure full EU AI Act compliance.
01
EU AI Act risk
Your AI vendor relationships carry no legal protection
Your AI stack has no documented recovery plan
You can't prove AI vendor governance to auditors
Model deprecation can strip your compliance record overnight
02
AI Escrow solution
Backs up your full AI stack daily
Secures prompts, weights, and configurations in escrow
Verifies your stack is reproducible from escrow
Legal framework governing your AI vendor relationships
03
Compliance outcome
AI operations stay documented even when vendors leave
Recoverable AI stack evidence ready for regulators
Article 11 documentation kept current and complete
Protection from fines for undocumented AI systems
When EU AI Act auditors ask how you govern AI vendors you don't control, AI Escrow gives you documented proof instead of assurances. Without it, you have no recoverable technical record of the systems your business depends on.

Let us guide you to EU AI Act compliance

Codekeeper combines specialist knowledge of EU regulatory requirements with proven AI protection expertise, delivering dedicated solutions for businesses managing AI vendor obligations under the EU AI Act.
We understand the situation you’re in:
AI vendors can pull the plug on models overnight, leaving your technical documentation incomplete.
The Act requires 10 years of documentation on systems you didn't build and can't fully access.
Customizing a third-party AI system can flip your compliance role from deployer to provider.
Governing AI vendor relationships across multiple platforms with no centralized audit trail leaves you exposed.
We've helped over 3 500 companies protect their critical software. Helping you avoid the EU AI Act’s pitfalls is what we're built for.
we_see_challenges_you_face

Codekeeper’s complete solutions for EU AI Act compliance

Our escrow solutions help businesses meet the EU AI Act's documentation, continuity, and vendor governance requirements, keeping your AI operations protected and audit-ready.
AI Escrow

Protection scope: AI vendor dependency and stack continuity

Protects the AI infrastructure your business has built on third-party vendors, keeping your stack documented and recoverable under the EU AI Act.
Keeps your full AI stack backed up and recoverable every day
Secures prompts, model weights, and configurations in a tamper-proof vault
Tests your stack to confirm it can be rebuilt when you need it
Satisfies Article 11 documentation requirements with verified evidence
Learn more
feature-ai-escrow
Software Escrow

Protection scope: On-premises software solutions

Keeps core on-premises applications protected and accessible, supporting the operational continuity and documentation requirements the EU AI Act demands.
Guarantees continued access to on-premises software assets
Protects against vendor failure cutting off critical systems
Provides verified compliance records for regulatory audits
Documents on-premises software dependencies under EU AI Act requirements
Learn more
how_it_works_software_escrow_3x
SAAS escrow

Protection scope: Cloud-based software and applications

Protects the cloud platforms your business runs on, keeping services available and compliant even when cloud vendors run into trouble.
Secures cloud application dependencies against vendor disruption
Covers full cloud environments including databases and configurations
Daily automated syncs keep your deposit current and complete
Supports EU AI Act continuity requirements for cloud-dependent operations
Learn more
how_it_works_saas_escrow_3x
Continuity escrow

Protection scope: Supporting infrastructure and services

Keeps critical hosting environments and third-party services running when payments lapse, protecting your operations from disruption under the EU AI Act.
Steps in to cover missed payments before services get suspended
Maintains access to hosting and supporting services for up to 12 months
Keeps AI infrastructure environments running through vendor disruptions
Provides documented continuity evidence for regulatory compliance
Learn more
continuity_escrow_1x
Verification

Protection scope: All escrowed materials

Puts your escrowed assets through rigorous testing to verify they are complete, buildable, and fit for recovery.
Tests deposited assets to confirm they can be rebuilt from escrow
Identifies gaps before auditors come looking
Produces audit-ready reports aligned with EU AI Act requirements
Issues Software Resilience Certificates that hold up under regulatory scrutiny
Learn more
how_it_works_continuity_escrow_3x-1

Get EU AI Act ready in 4 steps

The EU AI Act requires you to demonstrate control over the AI supply chain your business depends on. Here's how to get there fast:
1

Book your EU AI Act assessment call

We'll identify which of your AI systems and vendor relationships fall under the Act's scope.

2

Choose your protection level

Select from AI Escrow, Software Escrow, SaaS Escrow, Continuity Escrow, or Verification based on your AI architecture.

3

We handle the setup

Our team manages legal agreements, vendor onboarding, and deposit automation, getting you live in 24 hours.

4

Receive your certificates

Get Software Resilience Certificates as proof that your AI stack is protected and recoverable, ready for EU AI Act audits.

One assessment. One solution. Complete AI risk management for EU AI Act compliance.
Book a free demo

Codekeeper takes the complexity out of compliance

Over the years, we've helped thousands of businesses who rely on AI protect their critical software without drowning in technical details. Our solutions make EU AI Act regulatory requirements straightforward and manageable.
Airbus
Bayer
European parliament
General Motors
Intuit
Nestle
Pepsico
Pfizer

The EU AI Act rollout: What's hit and what's coming

The ISO 27001 standard has evolved significantly with the 2022 update. Whether you're pursuing initial certification or updating an existing certificate, understanding these key dates helps you plan your implementation strategy and avoid certification delays.
ban

February 2, 2025

Prohibited AI practices banned and AI literacy obligations in force across the EU
All businesses deploying AI professionally must ensure staff are sufficiently trained
cpu

August 2, 2025

GPAI model obligations active — providers of models like GPT and Gemini face full regulatory scrutiny
National competent authorities designated across Member States, enforcement infrastructure in place
eye

August 2, 2026

Article 50 transparency obligations kick in for chatbots, deepfakes, and AI-generated content
GPAI provider fines under Article 101 become enforceable — up to €15 million or 3% of global turnover
clipboard-check-v1

December 2, 2027

Full high-risk Annex III obligations apply to standalone AI systems, following the Digital Omnibus postponement
Deployers must have documented risk management systems, technical files, and vendor governance ready for audit

What EU AI Act non-compliance will cost you

Failing to meet EU AI Act requirements leaves your business exposed to:
Fines and penalties
Non-compliance carries fines up to €35 million or 7% of global turnover for the most serious violations. Most deployer and high-risk system obligations attract fines up to €15 million or 3%.
Regulatory scrutiny
Market surveillance authorities can conduct unannounced inspections, demand corrective action, and request source code access for high-risk AI systems. A single compliance gap puts your entire AI operation under the microscope.
Market and procurement exclusion
Enterprise procurement teams now request EU AI Act compliance documentation before contracts are signed. Without it, deals stall before they get off the ground.
Unexpected provider liability
Under Article 25, substantially modifying a third-party AI system can flip your legal status from deployer to provider overnight, inheriting the full compliance burden of an AI developer.
Forced withdrawal of your AI systems
Under Article 79, authorities can require you to withdraw or recall non-compliant AI systems from operation entirely. For businesses that run on AI, that means operational shutdown.
Exclusion from public procurement
Several Member State frameworks, including Italy's national AI law, add exclusion from public procurement as a penalty on top of fines. For businesses selling to government or public sector clients, that shuts down an entire market.
European regulators have made their expectations clear. Businesses that can't prove control over their AI stack pay the price.

How you can benefit from EU AI Act compliance

Get ahead of enforcement

Meeting EU AI Act requirements before deadlines hit puts you in control. Instead of reacting to audits and penalties, you're demonstrating compliance on your own terms.

Keep your AI operations running

With your AI stack documented and protected, vendor failure or model deprecation can't bring your operations to a halt. Business continuity is built in, not hoped for.

Turn compliance into a deal-winner

Enterprise clients increasingly ask for EU AI Act compliance proof before signing contracts. Getting there first means closing deals your competitors are still losing.

Build client confidence

EU AI Act compliance signals to clients that your AI operations are governed, secure, and built to last. That's the mark of a business they can rely on long term.
cta-eu-ai-act

Get EU AI Act ready on your own terms

Our specialists will assess your AI vendor relationships, identify your EU AI Act exposure, and show you exactly how to close the gap.
A clear assessment of which AI systems and vendor relationships fall under the Act's scope
Tailored steps to get your AI stack documented and protected
Escrow agreement drafted by in-house legal counsel in 1-3 days
Full implementation live within 24 hours

Frequently asked questions

What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It takes a risk-based approach, sorting AI systems into four tiers and imposing escalating obligations as risk increases.
Who must comply with the EU AI Act?
Any business that develops, deploys, imports, or distributes AI systems in the EU falls under the Act. This includes businesses that use third-party AI professionally, not just the companies that build it.
Why is AI Escrow relevant to EU AI Act compliance?
The Act requires deployers to document, govern, and prove recovery of the AI systems they depend on. AI Escrow backs up your full AI stack daily, provides the technical documentation the Act demands, and gives you legal coverage over AI vendor relationships.
When does the EU AI Act apply?
Parts of the Act are already in force. AI literacy and prohibited practice obligations apply since February 2025. GPAI model obligations have been active since August 2025. Full high-risk obligations for standalone AI systems apply from December 2027.
Does the EU AI Act apply to companies outside the EU?
Yes. The Act applies to any business whose AI output is used in the EU, regardless of where the company is based. A US or UK company with EU customers deploying AI professionally falls within scope.
What did the Digital Omnibus change?
The Digital Omnibus, provisionally agreed on May 7, 2026, postponed full high-risk Annex III obligations from August 2026 to December 2027. Core obligations including GPAI rules, prohibited practices, and the penalty structure remain unchanged.
What is Article 25 role-shifting and why does it matter?
Under Article 25, substantially modifying a third-party AI system can make your organization the legal provider, inheriting full compliance obligations including technical documentation and conformity assessment. Organizations that customize AI tools heavily need to assess their exposure.

Let's build bulletproof software resilience together.