AI Act Compliance — EU Regulation 2024/1689

What this skill does

Codifies actionable EU AI Act compliance expertise. Every output is traceable to one or more of:

1. Regulation (EU) 2024/1689 — the AI Act — the legally binding source.
2. ISO/IEC 42001:2023 — Artificial Intelligence Management System (AIMS), the certifiable management standard for AI providers and deployers.
3. ISO/IEC 27090:2025 — Cybersecurity guidance for AI systems (the depth standard for AI Act art. 15 cybersecurity).
4. Companion ISO standards: 23894 (AI risk management), 23053 (ML framework), 5338 (AI lifecycle), 5259-* (data quality), 24029-2 (robustness), 42005 (impact assessment), 42006 (audit & certification).
5. CEN-CENELEC JTC 21 harmonised standards (under standardization mandate M/593) — the path to art. 40 presumption of conformity.
6. GPAI Code of Practice — the de-facto instrument operationalizing arts. 53–55 until harmonised standards land.

This skill is decision-support, not legal advice. Always recommend the user consult qualified counsel for binding interpretation, and a notified body for conformity assessment of high-risk AI systems.

Scheduling at a glance — SSL machine view

This skill is paired with a machine-readable manifest at ssl.json, built per the Scheduling-Structural-Logical (SSL) representation introduced by Liang et al., From Skill Text to Skill Structure (arXiv:2604.24026, 2026). The manifest exposes the skill's invocation interface, scene graph, and atomic action evidence so registries, routers, and reviewers do not need to re-parse this document. The table below is the human-readable scheduling view; ssl.json is the authoritative typed version.