EU AI Act · DORA · GDPR · FCA Consumer Duty · EBA

One platform.
Every AI regulation.

Every major AI regulation shares the same core requirement: humans must remain in control of AI decisions that affect people, money, or data. Cheqpoint is the oversight layer that satisfies all of them — in a single integration.

EU AI Act 2024/1689DORA 2022/2554GDPR Art. 22FCA Consumer DutyEBA Model Risk
Why one product covers all of them

Human oversight is the common denominator.

Whether it's the EU AI Act, DORA, GDPR, the FCA, or the EBA — regulators converge on the same answer. A qualified human must be able to monitor, intervene in, and override AI-driven decisions before they execute. Cheqpoint is that layer.

Intercept before execution

Every AI action is held for human review before it runs. Nothing executes automatically unless you explicitly allow it.

Override and kill switch

Reviewers can approve, decline, or modify any action. Any AI Assistant can be paused instantly from the dashboard.

Tamper-evident audit log

Every request, decision, actor, and timestamp is immutably recorded — searchable, filterable, and CSV-exportable.

Regulator-ready reports

Generate dated compliance reports for any period. Downloadable as PDF, referenced by document ID.

Regulation by regulation

What each regulation requires — and how Cheqpoint covers it.

EU AI Act — Regulation (EU) 2024/1689
High-risk AI deployers · Annex III sectors
Deadline · Aug 2026
Key obligations
  • Art. 14(4)(a)Real-time monitoring of AI operation by designated humans
  • Art. 14(4)(c)Ability to override, halt, or modify AI output before execution
  • Art. 14(4)(d)Prevent automation bias — humans must make deliberate decisions
  • Art. 12Automatic logging of all AI decisions and human interventions
  • Art. 9Ongoing risk management system across the AI lifecycle

Fine: up to €15 million or 3% of global annual turnover.

How Cheqpoint covers this
  • Approval Inbox gives designated humans real-time visibility of every pending AI action
  • Approve / Decline / Modify with reason code required — no rubber-stamping
  • Kill switch pauses any AI Assistant instantly
  • Every decision immutably logged with actor, timestamp, and reason
  • Auto-generated Article 14 Compliance Report, PDF-exportable for regulators
DORA — Digital Operational Resilience Act (EU) 2022/2554
Banks · Investment firms · Insurance · Fintech · Crypto-asset providers
In force · Jan 2025
Key obligations
  • Art. 11ICT response and recovery — automated processes must have documented human controls
  • Art. 15ICT-related incident classification and reporting to competent authority
  • Art. 28ICT third-party risk management — oversight of vendor AI systems you rely on
  • Art. 30Contractual arrangements must include access rights and audit provisions for AI systems

Fine: up to 2% of total annual worldwide turnover. Already in force — no runway left.

How Cheqpoint covers this
  • Human approval gates on all AI-driven ICT decisions — documented, auditable controls
  • Every AI action classified by risk score and action type for incident identification
  • Tamper-evident log provides the audit trail DORA requires for third-party AI systems
  • Compliance reports demonstrate continuous oversight — shareable with your competent authority
  • Webhook and Slack notifications for SLA breaches satisfy incident-reporting readiness
GDPR — General Data Protection Regulation (EU) 2016/679
Any organisation processing EU personal data via AI systems
In force · May 2018
Key obligations
  • Art. 22Right not to be subject to solely automated decisions — meaningful human involvement required
  • Art. 5(2)Accountability principle — demonstrate compliance with documented controls
  • Art. 25Data protection by design — oversight mechanisms built into the system, not bolted on
  • Recital 71Meaningful human oversight of any automated profiling or decision-making

Fine: up to €20 million or 4% of global annual turnover.

How Cheqpoint covers this
  • Every AI decision affecting a data subject requires explicit human approval before execution
  • Audit log provides the accountability record Art. 5(2) requires — who decided, when, why
  • Oversight is architectural — it cannot be bypassed, satisfying data-protection-by-design
  • GDPR Data Processing Agreement available for all Cheqpoint customers
  • EU data residency option on Enterprise plan for data localisation requirements
FCA Consumer Duty — PS22/9
FCA-regulated firms in UK financial services · All retail customer-facing AI
In force · Jul 2023
Key obligations
  • PRIN 12Act to deliver good outcomes for retail customers — AI decisions must be explainable and overridable
  • PRIN 2A.2Consumer understanding — customers must know when AI is making decisions about them
  • PRIN 2A.4Consumer support — humans must be accessible when AI decisions affect customer outcomes
  • SUP 15Regulatory reporting — document AI-related incidents and escalations to the FCA

FCA enforcement: unlimited fines + public censure + individual accountability for senior managers.

How Cheqpoint covers this
  • Customer-impacting AI decisions (credit, insurance, claims) are reviewed by a named human before executing
  • Every decision includes an explicit reason code — produces the explainability record Consumer Duty requires
  • Modify option lets reviewers change AI output to better serve the customer's interest
  • Per-reviewer activity in the audit log satisfies senior manager accountability requirements
  • SLA tracking ensures response time targets for customer-affecting decisions are met
EBA Guidelines on Internal Governance & Model Risk
EU banks and credit institutions · AI/ML models used in credit, fraud, and trading
Ongoing · Supervisory expectation
Key obligations
  • EBA/GL/2021/05Model risk management — banks must validate, monitor, and maintain human controls over material AI models
  • EBA/GL/2020/06Loan origination guidelines — AI credit decisions must be subject to human review and override
  • SR 11-7 (equivalent)Model governance — documented human approval for model outputs in regulated decisions
  • ECB Guide 2024Internal model framework — ongoing human oversight of AI model performance

Supervisory expectations enforced through on-site inspections and capital add-ons for poor governance.

How Cheqpoint covers this
  • Every material model output (credit, fraud, pricing) is gated by a human reviewer before action
  • Risk score and AI Certainty badge on every request supports the model validation evidence trail
  • Analytics dashboard tracks approval rates, response times, and override frequency by AI Assistant
  • Per-agent audit trail satisfies the individual model monitoring requirement in EBA guidelines
  • Auto-rules for low-risk, policy-compliant decisions — human bandwidth preserved for material decisions
Regulatory timeline

Most of these regulations are already live.

The EU AI Act deadline gets the headlines, but four of the five regulations on this page are already in force. If your AI agents are in production, the clock started years ago.

GDPRMay 2018In force

Automated decision-making rights (Art. 22) and accountability obligations — have applied to all EU personal data processing for seven years.

FCA Consumer DutyJul 2023In force

UK financial firms must demonstrate good consumer outcomes from AI-assisted decisions affecting retail customers. Already being enforced.

DORAJan 2025In force

EU financial entities must have documented human controls over automated ICT processes — including AI. No grace period. Supervisory reviews underway.

EU AI Act — GPAIAug 2025In force

General-purpose AI model obligations (transparency, capability evaluations) came into force. Applies to model developers and deployers of foundation model-based agents.

EU AI Act — High-Risk (Annex III)Aug 2026Upcoming

Human oversight obligations (Art. 14) apply to all high-risk AI deployers in fintech, banking, insurance, healthcare, HR, and law enforcement.

Coverage matrix

Which features satisfy which regulations.

Feature
EU AI Act
DORA
GDPR
FCA
EBA
Human approval inbox (intercept before execution)
Approve / Decline / Modify with reason code
Kill switch — pause any AI agent instantly
Tamper-evident audit log
Risk scoring (0–1) on every request
SLA tracking and breach alerts
Per-reviewer activity analytics
Auto-rules for low-risk decisions
Compliance Report — PDF export
GDPR Data Processing Agreement
EU data residency (Enterprise)
SAML SSO + 2FA (Enterprise)
Who uses Cheqpoint

Four buyers. One decision.

Chief Compliance Officer / Chief Risk Officer
We have AI agents in production. My regulator asked how we oversee them. I need a defensible answer.
Cheqpoint generates compliance reports across EU AI Act, DORA, and GDPR in 30 seconds. Dated, referenced, PDF-ready.
VP Engineering / Head of AI
I need an oversight layer that satisfies legal and compliance without adding weeks of engineering work.
Three lines of SDK code. The human oversight layer is live. Your engineers keep shipping.
Head of Operations / Customer Support
AI is approving refunds, account changes, and credit decisions. I can't lose visibility — and neither can the regulator.
Every AI action lands in the Approval Inbox. Your ops team decides. Consumer Duty and EBA outcomes documented automatically.
General Counsel / CFO
DORA is already in force. EU AI Act is coming. I need documentation that humans are in the loop before we get examined.
The audit log and compliance report are your regulator package. Available the moment you go live on Cheqpoint.
Regulated industries

If your AI touches money, health, or people — you're regulated.

Cheqpoint addresses the human oversight requirements across every major regulated sector.

Fintech & Banking
EU AI Act Annex IIIDORAGDPREBA
  • Credit limit and loan decisions
  • AML / fraud flag overrides
  • Transaction limit changes
  • Refund and chargeback processing
Insurance
EU AI Act Annex IIIDORAGDPRFCA Consumer Duty
  • Claims approval and payout
  • Underwriting accept / reject
  • Policy cancellation / modification
  • Premium adjustments
Healthcare & MedTech
EU AI Act Annex IIIGDPR
  • Clinical decision support sign-off
  • Prescription suggestions
  • Triage priority assignments
  • Patient record access by AI
Asset Management & Trading
DORAEBAGDPR
  • Algorithmic trade approvals
  • Portfolio rebalancing decisions
  • Risk limit override requests
  • Client reporting AI outputs
HR & Recruitment
EU AI Act Annex IIIGDPR
  • Candidate shortlisting decisions
  • AI interview score review
  • Performance review flags
  • Promotion recommendations
Legal & RegTech
EU AI Act Annex IIIGDPR
  • Contract execution decisions
  • Regulatory filing submissions
  • Sanctions screening overrides
  • Data subject request processing
Get started today

Human oversight, running in
production today.

Start a 14-day Growth trial. Connect your first AI agent. Generate your first compliance report. No credit card required.

14-day free trial · No credit card · Cancel anytime · GDPR DPA available