EU AI Act Overview
The EU AI Act is the first comprehensive horizontal regulation for AI systems, entering force August 2024 with staged obligations through 2027. This recipe maps Meridian gateway features to the Act's risk-tiered requirements so you can ship to EU customers without holding up legal review.
1.Classify your AI system
The Act sorts systems into four tiers: prohibited, high-risk, limited-risk (transparency), and minimal-risk. Most B2B SaaS using LLMs lands in limited-risk plus GPAI obligations on the model provider. Meridian routes to providers who already file their own GPAI technical documentation.
2.Turn on transparency logging
Article 50 requires you disclose AI-generated content to end users and keep tamper-evident logs of model invocations. Meridian's audit log endpoint emits an immutable JSONL stream per workspace with prompt hash, model id, output token count, and a monotonic sequence number.
curl https://llm.getnimbus.net/v1/audit \
-H "Authorization: Bearer $MERIDIAN_KEY" \
-d '{
"workspace": "eu-prod",
"since": "2026-01-01",
"format": "jsonl"
}'3.Data residency and DPIA
Pin traffic to EU regions by setting the `region: eu` header on every request. Meridian then only routes to Azure Sweden Central and refuses fall-through to US deployments even on capacity exhaustion. Pair with the included DPIA template under your privacy folder before launching the workspace publicly.