SentinelEU AI Act
Log inStart free audit
EU AI Act — Enforcement: 2 August 2026

EU AI Act compliance, verified by code.

Sentinel runs a deterministic 18-phase forensic scan of your repository and maps every detected signal directly to EU AI Act articles. Cryptographically signed. Always reproducible.

Static analysis only — zero code execution, zero side effects
RSA-PSS signed · SHA-256 verified · RFC8785 canonical
Annex IV technical documentation generated automatically
app.gettingsentinel.com/audits/AUD-2026-04721
GAPAUD-2026-04721

TalentScreen Pro v3.1

HIGH_RISK · Annex III §4 · HR/Employment

72/100

Article Coverage

Art. 9
84%
Art. 14
31%
Art. 10
89%
Art. 20
96%
Art. 15
58%

Top Findings

CriticalArt. 14No human override mechanism detected
HighArt. 10Data governance documentation incomplete
MediumArt. 15Adversarial robustness tests absent
audit.jsonSARIF v2.1Annex IVSBOMRSA-PSS
0EU AI Act articles
0Pipeline phases
0+Signal patterns
0Output formats
0Languages

The process

From repo to signed audit in minutes

No manual configuration. No ambiguity. Identical input always produces identical output.

Step 01

Connect your repository

Add a sentinel.manifest.json. Sentinel reads your code with static analysis — nothing is executed, nothing changes in your system.

GitHub · GitLab · Bitbucket · any URL
Step 02

18-phase forensic scan

AST parsing across 15 languages, 89 AI package signatures, contradiction engine — every finding mapped to an exact file and article.

~5 min average · fully deterministic
Step 03

Receive signed audit bundle

Score, article breakdown, findings, Annex IV pack — RSA-PSS signed, SHA-256 verified, reproducible.

7 output formats included

What gets assessed

22 articles scored.
Every signal traced to code.

Sentinel maps 33+ technical patterns directly to EU AI Act obligations. Each finding references the exact file, function, and line.

Art. 9Risk Management
84%11pt
Art. 14Human Oversight
47%11pt
Art. 10Data Governance
89%8pt
Art. 20Logging & Traceability
96%8pt
Art. 5Prohibited Practices
100%7pt
Art. 15Robustness & Security
58%5pt

22 articles scored · ARTICLE_WEIGHTED_V3

Risk categories

PROHIBITEDArt. 5

Hard FAIL — any prohibited practice overrides all other scores regardless of result.

HIGH RISKAnnex III

Full 22-article assessment. All Annex IV documents required. Sector multipliers applied.

LIMITED RISKArt. 50

AI output transparency obligations. Disclosure patterns verified in user-facing code.

MINIMAL RISKUniversal

Universally applicable articles only. Lighter assessment scope.

GPAIArt. 53

General-purpose AI obligations. Separate scoring track for model providers.

Scoring model

Four verdicts. Four tracks.

A numeric score alone doesn't determine compliance. Four independent evaluation tracks run in parallel — any can override the final verdict.

Verdict thresholds

≥ 85

Statically Aligned

All static signals satisfy requirements

≥ 65

Aligned

Material compliance achieved, minor gaps

≥ 40

Gap

Material gaps — remediation plan generated

< 40

Fail

Hard violations — fundamental remediation required

Override tracks

A

Governance Track

Required documents must exist and exceed quality threshold. Missing Annex IV overrides the score.

B

Technical Track

Code-level signals for critical articles verified independently. A failing article can't hide in an aggregate.

C

Score Gate

Hard floor per article — no single article may fall below its minimum regardless of others.

D

SIG Integrity

Comments stripped before verification. Compliance written only in comments is detected and rejected.

Output formats

audit.jsonreport.htmlSARIF v2.1.0Annex IVcompliance_report.mdepistemic_map.jsonremediation_roadmap

Use cases

Built for every compliance role

AI Providers

Audit before market placement. Generate all Annex IV documentation, gap report, and EU Declaration of Conformity evidence pack — ready for a Notified Body.

Pre-market compliance audit
Annex IV documentation pack
Gap remediation plan

Compliance Teams

Run audits on every release. Catch regressions before they reach the regulator. SARIF integrates with your CI/CD and GitHub Security tab.

CI/CD pipeline integration
Delta reports per release
Regression detection

Legal & Consultants

Deliver evidence-based assessments to clients. Signed, reproducible, legally formatted — credible in front of any regulator or Notified Body.

Client portfolio audits
Signed evidence bundles
Notified Body ready pack
CI/CD Integration

Plug into your pipeline. Zero configuration.

SARIF v2.1.0 integrates natively with GitHub Security tab, GitLab SAST, VS Code, and any CI/CD pipeline. Compliance on every commit.

GitHub Actions · GitLab CI · Bitbucket Pipelines
GitHub Security tab — native SARIF upload
VS Code Sentinel extension — findings inline
Delta report: what changed since last audit
Full integration docs
.github/workflows/sentinel.yml
# Sentinel EU AI Act audit — add to any workflow
- name: Run Sentinel audit
uses: sentinel-ai/audit-action@v2
with:
token: ${{ secrets.SENTINEL_API_KEY }}
upload-sarif: true
fail-on: critical
# Outputs: audit.json · report.html · SARIF · Annex IV
# Results appear in GitHub Security → Code scanning
✓ Audit complete · Score 72/100 · 3 critical findings · SARIF uploaded
EU AI Act enforcement

2 August 2026.
Non-compliance is not an option.

High-risk AI systems must hold full technical documentation, human oversight mechanisms, and risk management evidence — or face fines of up to €30M or 6% of global annual turnover.

Feb 2025
GPAI obligations in force
Aug 2025
Prohibited practices ban active
Aug 2026
HIGH-RISK systems full obligationsNOW
Aug 2027
Notified Body conformity assessments
Start audit before deadline

FAQ

Common questions

Enforcement: 2 August 2026

Start your EU AI Act audit today.

Connect your repository and get your compliance score in minutes. Signed, reproducible, legally formatted.

18-phase pipeline22 articles assessedAnnex IV generatedRSA-PSS signedSARIF outputRe-audit delta