Making AI Accountable: Real-Time Governance for EU AI Act Compliance

Authors: Kaouthar El Bairi (AI Governance) & Possum Hodgkin (AI Architecture)
Project: Fractal Transparency Web (FTW) /HatCat Architecture
Documentation: hatcat.io/about 

Code: github.com/p0ss/HatCat

Introduction: The Enforcement Gap

The EU AI Act mandates human oversight (Article 14), automatic logging (Article 19), and continuous monitoring (Article 72) for high-risk systems. Critical implementation challenges persist:
Article 14 requires humans to "correctly interpret" AI outputs yet black-box architectures provide no mechanism to verify whether explanations reflect actual reasoning.
Article 19 demands automatic event recording proving safeguards operated yet traditional logs capture only inputs and outputs, not compliance evidence.
Article 72 requires continuous post-market monitoring yet point-in-time conformity assessment cannot detect behavioral drift after deployment.
This creates an enforcement paradox: competent authorities must supervise AI decision-making that remains fundamentally unobservable.
What is FTW?
Fractal Transparency Web is a governance architecture enabling real-time observation of AI internal reasoning through concept-based mechanistic interpretability. Rather than explaining decisions retrospectively, FTW monitors for governance-relevant patterns bias, deception, manipulation as decisions form.
Core innovation: Interpretability becomes detection capability rather than explanation generation, creating actionable governance signals suitable for regulatory enforcement.
Methodology: Problems → Solutions
Problem 1: Unverifiable Human Oversight (Article 14)
Current limitation: Human overseers cannot verify AI explanations when reasoning processes are opaque.
FTW solution:
• HAT monitors 6,000+ governance concepts during inference
• CAT quantifies divergence between internal reasoning and external explanations
• HUSH enables human intervention authority with processing halts
Result: Mechanically enforces human oversight rather than relying on provider self-reporting.
Problem 2: Insufficient Audit Evidence (Article 19)
Current limitation: Traditional logs document that systems ran, not whether safeguards operated.
FTW solution:
• ASK creates tamper-evident audit trails with cryptographic integrity
• Captures which safeguards were active, what they detected, whether thresholds exceeded, how humans responded
• Merkle tree hash-chaining ensures any modification is immediately detectable
Result: Evidentiary records suitable for regulatory proceedings.
Problem 3: Point-in-Time Certification (Article 72)
Current limitation: Conformity assessment at deployment cannot detect post-deployment behavioral drift.
FTW solution:
• Continuous statistical monitoring tracks concept activation distributions over time
• KL-divergence alerts when patterns drift beyond baseline thresholds
• Temporal causality chains establish when non-compliance began
Result: Ongoing compliance verification rather than relying on initial certification.
Problem 4: Centralized Enforcement Bottlenecks (Article 70)
Current limitation: Single competent authorities face capacity constraints supervising diverse high-risk systems across Annex III categories.
FTW solution:
• MAP enables multi-stakeholder ecosystem through standardized lens packs
• National competent authorities, sectoral regulators, professional bodies, civil society, research institutions deploy independent monitoring simultaneously
• Providers cannot optimize for singular regulatory approval while violating other requirements
Result: Distributed enforcement capacity scalable across Member States.
Validation Results
FTW demonstrated complete EU AI Act operationalization during Apart Research's AI Manipulation Hackathon (January 2026):
Regulatory coverage: 100% implementation of Articles 14, 19, 72 requirements
Technical performance: 6,000+ concept detectors operating with production viability on standard hardware
Detection capability: Six manipulation behaviors (sycophancy, strategic deception, sandbagging, reward hacking, dark patterns, persuasive manipulation)
Full research: https://apartresearch.com/project/governing-ai-manipulation-in-real-tim…
Governance Requirements Beyond Technology
FTW provides technical infrastructure demonstrating what real-time accountability can achieve. Effective implementation requires institutional frameworks addressing:
Institutional Enforcement
• Compliance Officers with sectoral expertise and Article 72 suspension authority
• Lens pack validation mandates ensuring comprehensive monitoring coverage
• Multi-party verification preventing provider gaming through selective transparency
Cross-Border Coordination
• Standardized evidence protocols ensuring legal admissibility across jurisdictions
• Conformity certificate-linked registries coordinating multi-Member State investigations
• Shared lens pack repositories enabling harmonized oversight
Liability Determination
• Temporal causality documentation establishing when violations emerged
• Provider notification tracking demonstrating response to alerts
• Audit trails supporting insurance claims and legal proceedings
Critical distinction: FTW demonstrates technical feasibility. Governance frameworks determine institutional adoption, enforcement authority, and accountability mechanisms.
Contribution to AI Governance
This work addresses three fundamental challenges:
Observability: Makes AI internal reasoning observable without requiring provider cooperation.
Enforceability: Converts regulatory requirements into technically enforceable specifications with cryptographic audit trails.
Scalability: Distributes enforcement capacity across stakeholders while maintaining coordination through standardized protocols.
Implications for Implementation
For competent authorities establishing Article 70 supervisory frameworks:
• Reference architecture showing feasible compliance pathways
• Technical specifications translating Articles 14, 19, 72 into concrete requirements
• Ecosystem governance model enabling enforcement capacity to scale
For the AI Office coordinating EU-level implementation:
• Harmonization infrastructure through MAP protocol standardization
• Cross-border coordination mechanisms via shared lens pack registries
• Institutional frameworks bridging technical capabilities to regulatory enforcement
Why This Matters Now
High-risk AI systems are deploying across Member States. Competent authorities are establishing supervisory frameworks. Implementation guidance is being developed.
The decisions made during this foundational period will determine enforcement effectiveness for years ahead.
FTW demonstrates that real-time accountability is technically achievable, that distributed enforcement is institutionally viable, and that regulatory requirements can become operationally enforceable.