eucomplyhub EU AI Act · Article 11 Technical Documentation

Model Card — Annex III Classifier

This page documents the AI system powering eucomplyhub.com/annex3 for transparency, oversight, and auditability per EU AI Act Article 11 (technical documentation) and Article 50 (transparency).

§1System Overview

System name	Annex III Deep Classifier
Deployment URL	`https://eucomplyhub.com/annex3`
API endpoint	`POST /api/annex3-classify`
Provider	Piotr Reder (eucomplyhub.com sole proprietorship)
Provider role	Deployer (consumes third-party foundation model via Anthropic API)
Foundation model	`claude-sonnet-4-6` (Anthropic PBC)
Model API version	`2023-06-01` (Anthropic API)
Risk classification	Limited risk (Article 50 transparency obligations apply)
Annex III applicability	None (tool provides regulatory guidance, does not make decisions about people)
Last reviewed	2026-05-12
Review cadence	Quarterly + on material change

§2Intended Purpose

The Annex III Deep Classifier provides informational guidance about a user's AI deployment's likely classification under the EU AI Act. It receives company description inputs and returns a structured analysis across:

All 8 Annex III high-risk categories
Article 50 transparency obligation applicability
Article 53 GPAI provider/deployer determination
Five prioritized remediation actions specific to the deployment

Out of scope: The tool does NOT provide legal advice, certify compliance, or replace human regulatory expertise. Output is informational only and should be reviewed by qualified personnel before operational decisions.

§3Article 50 — User-Facing Disclosure

Per Article 50(1), users interacting with this AI system are informed via:

Visible hero section: The /annex3 page eyebrow displays "Free · Powered by Claude AI · 60 seconds"
FAQ section: "How this works" disclaimer explicitly identifies Anthropic Claude as the LLM
Footer: "Built with Anthropic's Claude API. Not affiliated with or endorsed by Anthropic."
HTTP response headers: Every API response includes X-AI-Generated: true; model=claude-sonnet-4-6 and X-AI-Disclosure pointing to this Model Card
Loading state: Spinner copy reads "Claude is mapping your stack against EU AI Act articles…"

§4Article 11 — Technical Documentation

4.1 Architecture

Frontend: static HTML + vanilla JS deployed on Vercel (no client-side AI processing)
Backend: Vercel serverless function (Node.js runtime)
AI inference: synchronous call to Anthropic Claude API (Sonnet 4.6)
No client data persistence in eucomplyhub infrastructure (Anthropic's API terms govern their handling — they do not train on API customer data)

4.2 System Prompt

A structured prompt instructs Claude to act as an EU AI Act compliance expert and return JSON-formatted analysis. The prompt includes:

Schema definition for output (8 Annex III categories, GPAI, Article 50, 5 priority actions)
2026 regulation snapshot (postponement context: Annex III standalone delayed from Aug 2 2026 → Dec 2 2027; Article 50 + GPAI NOT postponed)
Conservative classification bias (when ambiguous, lean toward applicability)
Concrete action requirement (cited article references, not generic advice)

Full system prompt is open-source-available on request via piotr@eucomplyhub.com.

4.3 Input Validation

Company name: 2–100 characters required
Industry: enum from defined list of 12 verticals
AI features: at least 1 selected from 8 predefined options
Use case description: 20–1000 characters required
EU exposure: enum from 4 predefined options

4.4 Output

JSON response with strict schema validation post-Claude (parse fail → 502 returned)
All 8 Annex III categories always returned (even if "no")
5 priority actions with concrete article citations
HTTP headers disclose AI generation and model name

§5Article 12 — Logging

Every classification request generates a structured audit log entry captured by Vercel:

Timestamp (ISO 8601)
Source IP (from x-forwarded-for header)
Company name (user-provided input)
Industry, feature count, verdict, Annex III hit count, Article 50 flag, GPAI flag
Model identifier (claude-sonnet-4-6)

Logs retained per Vercel platform retention policy (currently 30 days for Pro tier). Long-term log retention available on request.

§6Article 14 — Human Oversight

No automated decisions: Output is advisory; users explicitly informed via disclaimer that "Edge cases benefit from human review"
Email escalation: Results page includes "Reply with questions" mailto link routing to piotr@eucomplyhub.com for human review within 24h
Audit CTA: "Get full audit-readiness PDF" button routes to /audit form for manual human-conducted compliance audit
Kill switch: Provider (Piotr Reder) can disable the endpoint by removing the ANTHROPIC_API_KEY environment variable in Vercel dashboard or deleting the API route deployment

§7Article 15 — Accuracy & Robustness

7.1 Known Limitations

Output reflects EU AI Act snapshot as of May 2026; subsequent regulatory updates may not be incorporated until next system review
Edge cases — multi-modal AI, complex provider/deployer structures, biometric inference, jurisdictional carve-outs — benefit from human review
LLM outputs are probabilistic; the same input may produce slightly varied wording across calls (structured fields remain consistent)
The tool does not address national-level AI authority designations or specific Member State implementation variances

7.2 Robustness Measures

Strict JSON schema validation on Claude output (502 returned on malformed response)
Input validation on all 5 form fields before API call
API key authentication via encrypted Vercel environment variable (write-only sensitive flag)
HTTPS everywhere
No client-side persistence of inputs

§8Provider Contact & Updates

Provider	Piotr Reder · eucomplyhub.com
Email	`piotr@eucomplyhub.com`
Disclosure inquiries	Reply to any auto-confirmation email or use the above address
Document version	1.0 (initial publication 2026-05-12)
Next scheduled review	2026-08-12

Auditor note: This Model Card is itself a deliverable artifact. The HTML version is the canonical source; PDF export available on request. For independent verification, request the underlying system prompt + sample inputs/outputs via piotr@eucomplyhub.com.