Unacceptable
BannedSocial scoring, manipulative or exploitative systems. Prohibited outright since February 2025.
// ai act guide
The world's first comprehensive AI regulation lands on European teams in full on August 2, 2026. Here's what it asks of you — and how to be ready by architecture, not by scramble.
// the law
The AI Act regulates AI by how risky its use is, not by the technology itself. It applies to anyone placing an AI system on the EU market or using one inside the EU — including companies that only integrate third-party models.
If your team puts AI into production for European users, the question is no longer whether the Act applies — it's which obligations you carry, and whether your stack can meet them.
// timeline
The Act phases in over three years. The date that matters for most enterprises is the next one.
The EU AI Act enters into force.
Prohibited AI practices become illegal across the EU.
Obligations for general-purpose AI models begin.
The bulk of obligations — high-risk systems, transparency and governance — become enforceable.
Rules for AI built into regulated products take full effect.
// risk tiers
Your obligations depend entirely on which tier your use of AI falls into. Most enterprise tooling lands in the middle two.
Social scoring, manipulative or exploitative systems. Prohibited outright since February 2025.
AI in hiring, credit, healthcare, critical infrastructure or justice. Risk management, data governance, logging, human oversight and documentation.
Chatbots and generative systems. Users must be told they are interacting with AI, and AI-generated content must be labelled.
Spam filters, recommendation, most internal tooling. Free to use, with voluntary codes of conduct.
// penalties
Fines are tiered by severity and calculated on global turnover — whichever figure is higher. They are built to register at board level.
Figures are the higher of the fixed amount or the percentage of global annual turnover.
// your obligations
For most teams running AI in production, compliance comes down to a handful of things you must be able to demonstrate.
Be able to show inference runs in the EU — not on a hyperscaler subject to the US Cloud Act.
Your prompts and outputs must not feed a third-party training set without basis.
Keep an auditable trail of what system processed what, and where it ran.
Disclose AI interactions and label AI-generated content.
Keep a person in the loop for decisions that carry real-world risk.
Control the lawful basis, quality and residency of the data you feed in.
// compliant by design
We can't classify your systems for you — but the hardest, most structural requirements are solved the moment your inference runs on Helmcode.
Inference processed exclusively on EU infrastructure — never a US hyperscaler.
Zero logs: prompts and completions are never stored and never train a model.
A single, auditable stack with documented data flows and a sub-processor list.
EU-owned and operated — outside the reach of the US Cloud Act.
// ai act faq
The questions European teams ask as the deadline approaches.
Very likely. The Act covers providers and deployers of AI systems placed on the EU market or used within the EU — including companies that only integrate third-party models. Obligations scale with the risk level of how you use AI.
The bulk of the obligations become enforceable: requirements for high-risk systems, transparency duties, governance and the supervisory/penalty regime. Prohibited practices and GPAI rules already apply from earlier dates.
Up to €35M or 7% of global annual turnover for prohibited practices, and €15M or 3% for breaching other obligations — whichever is higher. They are designed to be material at board level.
By removing the hardest parts structurally: EU-only processing, zero logs, no training on your data and an auditable stack. You are aligned by architecture rather than by configuration. See Security & Compliance for the full posture.
No. It is an informational overview to help you scope the work. For your specific obligations and classification, consult qualified legal counsel.
// get started
Skip the AI infra work. Deploy your first private inference endpoint today.
Flat rate. EU data. OpenAI API compatible.
// cookies
We use strictly necessary cookies to run the site and, only with your consent, Google Analytics to understand usage. No advertising, ever — see our Cookie Policy.
// preferences