<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">
EU AI Act

Meet EU AI Act requirements with cutting-edge AI escrow solutions

Get your AI-dependent operations audit-ready and protected against third-party AI software failure with Codekeeper’s purpose-built escrow offerings.
hero-eu-ai-act

The EU AI Act now puts your business on the hook for AI infrastructure you don't control. If your vendor fails and you can't prove your stack was documented and protected, you face fines up to €35 million, regulatory scrutiny, and months of operational disruption.

The EU AI Act: What you need to know

What is the EU AI Act?

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. It takes a risk-based approach, sorting AI systems into four tiers based on potential harm to health, safety, or fundamental rights. The Act casts a wide net — applying to any AI system used in the EU, regardless of where the company behind it is based.

Who needs to comply with the EU AI Act?

The Act covers the full commercial chain, from the companies that build AI to the businesses that run it.
AI system providers
AI deployers
Product manufacturers
Importers and distributors
Authorized representatives
Non-EU companies using AI output in the EU

Key EU AI Act requirements

The Act lays out six clear obligations across the full life cycle of any AI system your business develops or makes use of:
1
AI literacy — Staff operating AI systems must demonstrate sufficient understanding of how they work and what they risk.
2
Risk classification — Every AI system must be assessed and assigned to one of four risk tiers before it goes live.
3
Technical documentation — High-risk systems require a living technical file, kept up to date and retained for 10 years.
4
Automatic logging — System logs must be maintained for a minimum of six months, longer in regulated sectors.
5
Human oversight — High-risk systems must allow human intervention and cannot operate as a closed loop.
6
Vendor due diligence — Deployers must verify supplier compliance, govern AI vendor relationships, and document the evidence.

Where AI escrow fits in

Due to the nature of AI systems, most businesses building on third-party AI don't have access to the data needed to guarantee recovery. AI Escrow addresses that access issue directly to ensure full EU AI Act compliance.
01
EU AI Act risk
Your AI vendor relationships carry no legal protection
Your AI stack has no documented recovery plan
You can't prove AI vendor governance to auditors
Model deprecation can strip your compliance record overnight
02
AI Escrow solution
Backs up your full AI stack daily
Secures prompts, weights, and configurations in escrow
Verifies your stack is reproducible from escrow
Legal framework governing your AI vendor relationships
03
Compliance outcome
AI operations stay documented even when vendors leave
Recoverable AI stack evidence ready for regulators
Article 11 documentation kept current and complete
Protection from fines for undocumented AI systems
When EU AI Act auditors ask how you govern AI vendors you don't control, AI Escrow gives you documented proof instead of assurances. Without it, you have no recoverable technical record of the systems your business depends on.

Let us guide you to EU AI Act compliance

If your business relies on third-party AI, the EU AI Act makes you responsible for what happens when that vendor can't deliver. Codekeeper gives you the compliance path: AI escrow built by people who know the regulation inside out.
We understand the situation you’re in:
AI vendors can pull the plug on models overnight, leaving your technical documentation incomplete.
The Act requires 10 years of documentation on systems you didn't build and can't fully access.
Customizing a third-party AI system can flip your compliance role from deployer to provider.
Governing AI vendor relationships across multiple platforms with no centralized audit trail leaves you exposed.
We've helped over 3 500 companies protect their critical software. Helping you avoid the EU AI Act’s pitfalls is what we're built for.
we_see_challenges_you_face

Codekeeper’s complete solutions for EU AI Act compliance

Our escrow solutions help you meet the EU AI Act's documentation, continuity, and vendor governance requirements by keeping your AI operations protected and audit-ready.
AI Escrow

Protection scope: AI vendor dependency and stack continuity

Backs up the AI infrastructure your business has built on third-party vendors, giving you a documented, recoverable stack the moment the EU AI Act demands proof.
Syncs your full AI stack into secure escrow every day
Stores prompts, model weights, and configurations in a tamper-proof vault
Rebuilds and tests your stack to confirm it works when you need it
Satisfies Article 11 documentation requirements with verified evidence
Learn more
feature-ai-escrow
Software Escrow

Protection scope: On-premises software solutions

Secures the source code and build assets behind your critical on-premises applications, so your business retains access and documentation if that software ever becomes unavailable.
Releases source code and build assets when trigger conditions are met
Removes the risk of software failure cutting off essential systems
Supplies verified compliance records for regulatory audits
Documents on-premises software dependencies under EU AI Act requirements
Learn more
how_it_works_software_escrow_3x
SAAS escrow

Protection scope: Cloud-based software and applications

Holds a complete, current copy of the cloud platforms your business runs on, so operations stay available and compliant even if the live environment goes down.
Packages deployment documentation so the app can run independently
Covers full cloud environments including databases and configurations
Enables your team to redeploy or migrate the application after a trigger event
Answers the EU AI Act's continuity demands for services you don't host yourself
Learn more
how_it_works_saas_escrow_3x
Continuity escrow

Protection scope: Supporting infrastructure and services

Absorbs missed payments for essential hosting and third-party services, holding your operations steady until you can put a long-term fix in place.
Safeguards credentials, API keys, and integration settings for connected services
Sustains access to hosting and supporting services for up to 12 months
Stops infrastructure disruption from spreading to your AI operations
Gives regulators proof that supporting services remain operational
Learn more
continuity_escrow_1x
Verification

Protection scope: All escrowed materials

Puts your escrowed assets through rigorous testing to verify they are complete, buildable, and fit for recovery.
Tests deposited assets to confirm they can be rebuilt from escrow
Identifies gaps before auditors come looking
Produces audit-ready reports aligned with EU AI Act requirements
Issues Software Resilience Certificates that hold up under regulatory scrutiny
Learn more
how_it_works_continuity_escrow_3x-1

Get EU AI Act ready in 4 steps

The EU AI Act requires you to demonstrate control over the AI supply chain your business depends on. Here's how to get there fast:
1

Book your EU AI Act assessment call

We'll identify which of your AI systems and vendor relationships fall under the Act's scope.

2

Choose your protection level

Select from AI Escrow, Software Escrow, SaaS Escrow, Continuity Escrow, or Verification based on your AI architecture.

3

We handle the setup

Our team manages legal agreements, vendor onboarding, and deposit automation, getting you live in 24 hours.

4

Receive your certificates

Get Software Resilience Certificates as proof that your AI stack is protected and recoverable, ready for EU AI Act audits.

One assessment. One solution. Complete AI risk management for EU AI Act compliance.
Book a free demo

Codekeeper takes the complexity out of compliance

Over the years, we've helped thousands of businesses who rely on AI protect their critical software without drowning in technical details. Our solutions make EU AI Act regulatory requirements straightforward and manageable.
Airbus
Bayer
European parliament
General Motors
Intuit
Nestle
Pepsico
Pfizer

The EU AI Act rollout: What's hit and what's coming

The EU AI Act phases in over several years, from prohibited practices and AI literacy in 2025 to full high-risk obligations in 2027. Each date brings new demands, and the Digital Omnibus has already shifted some of them. Here's where things stand.
ban

February 2, 2025

Prohibited AI practices banned and AI literacy obligations in force across the EU
All businesses deploying AI professionally must ensure staff are sufficiently trained
cpu

August 2, 2025

GPAI model obligations active — providers of models like GPT and Gemini face full regulatory scrutiny
National competent authorities designated across Member States, enforcement infrastructure in place
eye

August 2, 2026

Article 50 transparency obligations kick in for chatbots, deepfakes, and AI-generated content
GPAI provider fines under Article 101 become enforceable — up to €15 million or 3% of global turnover
clipboard-check-v1

December 2, 2027

Full high-risk Annex III obligations apply to standalone AI systems, following the Digital Omnibus postponement
Deployers must have documented risk management systems, technical files, and vendor governance ready for audit

What EU AI Act non-compliance will cost you

Failing to meet EU AI Act requirements leaves your business exposed to:
Fines and penalties
Non-compliance carries fines up to €35 million or 7% of global turnover for the most serious violations. Most deployer and high-risk system obligations attract fines up to €15 million or 3%.
Regulatory scrutiny
Market surveillance authorities can conduct unannounced inspections, demand corrective action, and request source code access for high-risk AI systems. A single compliance gap puts your entire AI operation under the microscope.
Market and procurement exclusion
Enterprise procurement teams now request EU AI Act compliance documentation before contracts are signed. Without it, deals stall before they get off the ground.
Unexpected provider liability
Under Article 25, substantially modifying a third-party AI system can flip your legal status from deployer to provider overnight, inheriting the full compliance burden of an AI developer.
Forced withdrawal of your AI systems
Under Article 79, authorities can require you to withdraw or recall non-compliant AI systems from operation entirely. For businesses that run on AI, that means operational shutdown.
Exclusion from public procurement
Several Member State frameworks, including Italy's national AI law, add exclusion from public procurement as a penalty on top of fines. For businesses selling to government or public sector clients, that shuts down an entire market.
European regulators have made their expectations clear. Businesses that can't prove control over their AI stack pay the price.

How you can benefit from EU AI Act compliance

Get ahead of enforcement

Meeting EU AI Act requirements before deadlines hit puts you in control. Instead of reacting to audits and penalties, you're demonstrating compliance on your own terms.

Keep your AI operations running

With your AI stack documented and protected, vendor failure or model deprecation can't bring your operations to a halt. Business continuity is built in, not hoped for.

Turn compliance into a deal-winner

Enterprise clients increasingly ask for EU AI Act compliance proof before signing contracts. Getting there first means closing deals your competitors are still losing.

Build client confidence

EU AI Act compliance signals to clients that your AI operations are governed, secure, and built to last. That's the mark of a business they can rely on long term.
cta-eu-ai-act

Get EU AI Act ready on your own terms

Our specialists will assess your AI vendor relationships, identify your EU AI Act exposure, and show you exactly how to close the gap.
A clear assessment of which AI systems and vendor relationships fall under the Act's scope
Tailored steps to get your AI stack documented and protected
Escrow agreement drafted by in-house legal counsel in 1-3 days
Full implementation live within 24 hours

Frequently asked questions

What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It takes a risk-based approach, sorting AI systems into four tiers and imposing escalating obligations as risk increases.
Who must comply with the EU AI Act?
Any business that develops, deploys, imports, or distributes AI systems in the EU falls under the Act. This includes businesses that use third-party AI professionally, not just the companies that build it.
Why is AI Escrow relevant to EU AI Act compliance?
The Act requires deployers to document, govern, and prove recovery of the AI systems they depend on. AI Escrow backs up your full AI stack daily, provides the technical documentation the Act demands, and gives you legal coverage over AI vendor relationships.
When does the EU AI Act apply?
Parts of the Act are already in force. AI literacy and prohibited practice obligations apply since February 2025. GPAI model obligations have been active since August 2025. Full high-risk obligations for standalone AI systems apply from December 2027.
Does the EU AI Act apply to companies outside the EU?
Yes. The Act applies to any business whose AI output is used in the EU, regardless of where the company is based. A US or UK company with EU customers deploying AI professionally falls within scope.
What did the Digital Omnibus change?
The Digital Omnibus, provisionally agreed on May 7, 2026, postponed full high-risk Annex III obligations from August 2026 to December 2027. Core obligations including GPAI rules, prohibited practices, and the penalty structure remain unchanged.
What is Article 25 role-shifting and why does it matter?
Under Article 25, substantially modifying a third-party AI system can make your organization the legal provider, inheriting full compliance obligations including technical documentation and conformity assessment. Organizations that customize AI tools heavily need to assess their exposure.

Let's build bulletproof software resilience together.