EU AI Act compliance as API calls
We shipped eight endpoints on api.moltrust.ch (v2.5) this week. Three implement EU AI Act obligations directly. This is the short version for people who want to call them; the full reasoning is on our blog ( https://moltrust.ch/blog/compliance-as-an-api.html ). Why no model in the loop: the Aithos LARA study (May 2026) placed twelve frontier models in simulated workplaces where the task required breaking EU law. Best model: 54% lawful runs. In the Art. 5(1)(f) scenario (emotion inference from workplace communications, prohibited), all twelve committed the violation. So the classifier is deterministic code branching on the pinned EUR-Lex text, and every response carries article references you can check yourself. POST /compliance/assess — use case + intended purpose + declared signals in, risk tier + obligations + article pins out. Evaluation order: Art. 5 prohibitions, Annex I route (Art. 6(1)), Annex III route (Art. 6(2)/(3)), Art. 50 transparency, minimal. The trap worth knowing: Art. 6(3) offers four derogation grounds, and its final subparagraph voids all of them for systems that profile natural persons. In the code that subparagraph is a branch; it cannot be skipped. curl -X POST https://api.moltrust.ch/compliance/assess \ -H "Content-Type: application/json" \ -d '{ "use_case": "Customer-support agent that reads inbound email and drafts replies", "intended_purpose": "Automated first-line support for consumer inquiries", "performs_profiling": false, "interacts_with_humans": true, "emotion_recognition": false }' POST /compliance/declaration — EU declaration of conformity as a W3C Verifiable Credential with the eight Annex V items, Ed25519-signed. Verify offline against https://api.moltrust.ch/.well-known/jwks.json ; no call back to us. anchor: true adds a sha256 commitment for batch anchoring on Base L2. POST /compliance/incident — records Art. 73 serious incidents and computes the deadline from the regulation: 15 days standard, 10 days for a death, 2 days for wid