The EU AI Act doesn't regulate your model. It regulates what you do with it.
Most compliance programs focus on data and documentation. The gap is in the request path: who was authorized to use which AI capability, under what policy, with what record. Odock closes that gap at the infrastructure layer, for every LLM call and every MCP tool execution.
Built in Europe. Designed for European regulation.
Odock is a European company. We don't treat EU compliance as a checkbox added after the fact for a non-EU product. Data residency, GDPR alignment, EU AI Act readiness, and the ability to deploy entirely within EU infrastructure are design decisions, not add-ons.
European company
Odock is founded and operated in the EU. Our governance design reflects European regulatory expectations, not something retrofitted from a US-first product.
Deploy inside EU infrastructure
Self-hosted and hybrid deployment options mean your AI traffic never has to leave EU soil. Full data residency for organisations with GDPR obligations or sector-specific data localisation requirements.
Regulation-aware by design
Every feature in Odock's governance lifecycle, including access grants, audit records, policy enforcement, and usage attribution, maps to a specific obligation in the EU AI Act. We built it that way on purpose.
2 August 2026. What it actually means for your AI stack.
The EU AI Act's high-risk system obligations become enforceable on 2 August 2026 under Article 113. This is not a reporting deadline. It is the point at which your AI systems must have documented controls, conformity assessments, and technical evidence in place. The European Commission has proposed a potential extension to December 2027 for some Annex III systems, but regulators and legal advisors are clear: treat August 2026 as binding.
Prohibited AI practices
€35M or 7% of global turnover
Whichever is higher, and it exceeds GDPR maximums
High-risk system non-compliance
€15M or 3% of global turnover
Applies to most enterprise AI deployers
Misleading information to authorities
€7.5M or 1.5% of global turnover
Includes incomplete or inaccurate documentation
For SMEs and startups, fines are capped at the lower of the fixed amount or the turnover percentage, but even 7% of €2M in annual revenue is €140,000. Material at any stage.
Six EU AI Act articles. One governed gateway.
The EU AI Act's requirements for high-risk AI systems are spread across six core articles. Odock's governance lifecycle addresses each one at the infrastructure layer, not through documentation alone, but through enforced controls on every request.
What an ungoverned AI request path can't answer, and Odock can.
National competent authorities and internal auditors will ask these questions. If your AI infrastructure routes requests directly to providers without a governance layer, you cannot answer them. With Odock, every answer comes from structured records, not manual reconstruction.
Who was authorized to use this AI capability on this date?
Virtual API key with named scope, team attribution, and access grant record
Shared provider key, with no individual attribution possible
What policy was in effect when this request was processed?
Policy version, budget state, and rule outcomes recorded per request
No policy enforcement at infrastructure layer, and no record of what rules applied
Which AI tools could this agent access, and which were blocked?
MCP tool allowlist and blocklist enforced and logged per key and server
Agent had unrestricted access to all tools on connected MCP servers
Was this request inspected for unsafe or non-compliant content?
Payload inspection, semantic filters, and guardrail outcomes recorded per request
No inspection layer, so content went directly to provider
Can you reconstruct the full lifecycle of this AI decision for an auditor?
Complete record: identity, model or tool, bytes, latency, policy outcome, cost, status
Provider logs only, with no identity, policy, or organisational context
Your AI traffic stays where your data obligations require.
GDPR, sector-specific regulations, and internal data governance policies frequently require that traffic and data remain within EU infrastructure. Odock supports three deployment modes, all with the same full governance feature set.
EU cloud-hosted
Odock-managed gateway deployed on EU infrastructure. No servers to operate. All traffic stays within European data centres.
Self-hosted in your infrastructure
Deploy Odock entirely inside your own EU environment. All AI traffic stays on your network. No egress to third-party infrastructure of any kind.
Hybrid
Control plane managed by Odock. Data plane running inside your EU infrastructure or VPC. Policy management and observability without traffic egress.
All three modes are compatible with GDPR data processing requirements and EU AI Act technical documentation obligations.
What legal, compliance, and platform teams ask
The infrastructure gap is the hardest part of EU AI Act compliance to close last-minute.
Documentation, risk assessments, and conformity procedures can be written in weeks. A governed request path, with real attribution records, enforced access policy, and audit-ready logs, takes infrastructure changes. The earlier that work starts, the less painful it is.
Odock provides technical infrastructure for AI governance. This page is not legal advice. For classification decisions, conformity assessments, and regulatory submissions, work with qualified legal counsel.