Regulation (EU) 2024/1689 — the EU AI Act
The EU AI Act classifies AI systems by risk tier and sets binding obligations on deployers. Know what your use case requires before you procure.
Buying AI is buying regulated software. Four regimes account for most enterprise procurement gates — this is the plain-language read on what each binds, and what you should require before signing.
Regulation (EU) 2024/1689 — the EU AI Act
The EU AI Act classifies AI systems by risk tier and sets binding obligations on deployers. Know what your use case requires before you procure.
Regulation (EU) 2016/679 — the General Data Protection Regulation
GDPR requires a lawful basis for every AI processing operation, a signed data-processing agreement, and defined deletion paths. Here is what to verify.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA requires a Business Associate Agreement before any protected health information enters an AI pipeline. Here is what to verify in a provider.
System and Organisation Controls 2 (SOC 2)
A SOC 2 Type II report covers a provider's operational controls, not the AI system itself. Know what it contains and what to ask for before signing.
Regulatory compliance is a property of the deployed system, not the vendor. Trustgent's verification levels (how we verify) answer who has actually delivered what; the regime page answers what your use case binds you to. Together they form the procurement gate: use the regime brief to build the requirements list, then filter verified providers against it. Neither document is legal advice.