One platform.
Every AI regulation.
Every major AI regulation shares the same core requirement: humans must remain in control of AI decisions that affect people, money, or data. Cheqpoint is the oversight layer that satisfies all of them — in a single integration.
Human oversight is the common denominator.
Whether it's the EU AI Act, DORA, GDPR, the FCA, or the EBA — regulators converge on the same answer. A qualified human must be able to monitor, intervene in, and override AI-driven decisions before they execute. Cheqpoint is that layer.
Every AI action is held for human review before it runs. Nothing executes automatically unless you explicitly allow it.
Reviewers can approve, decline, or modify any action. Any AI Assistant can be paused instantly from the dashboard.
Every request, decision, actor, and timestamp is immutably recorded — searchable, filterable, and CSV-exportable.
Generate dated compliance reports for any period. Downloadable as PDF, referenced by document ID.
What each regulation requires — and how Cheqpoint covers it.
- Art. 14(4)(a)Real-time monitoring of AI operation by designated humans
- Art. 14(4)(c)Ability to override, halt, or modify AI output before execution
- Art. 14(4)(d)Prevent automation bias — humans must make deliberate decisions
- Art. 12Automatic logging of all AI decisions and human interventions
- Art. 9Ongoing risk management system across the AI lifecycle
Fine: up to €15 million or 3% of global annual turnover.
- Approval Inbox gives designated humans real-time visibility of every pending AI action
- Approve / Decline / Modify with reason code required — no rubber-stamping
- Kill switch pauses any AI Assistant instantly
- Every decision immutably logged with actor, timestamp, and reason
- Auto-generated Article 14 Compliance Report, PDF-exportable for regulators
- Art. 11ICT response and recovery — automated processes must have documented human controls
- Art. 15ICT-related incident classification and reporting to competent authority
- Art. 28ICT third-party risk management — oversight of vendor AI systems you rely on
- Art. 30Contractual arrangements must include access rights and audit provisions for AI systems
Fine: up to 2% of total annual worldwide turnover. Already in force — no runway left.
- Human approval gates on all AI-driven ICT decisions — documented, auditable controls
- Every AI action classified by risk score and action type for incident identification
- Tamper-evident log provides the audit trail DORA requires for third-party AI systems
- Compliance reports demonstrate continuous oversight — shareable with your competent authority
- Webhook and Slack notifications for SLA breaches satisfy incident-reporting readiness
- Art. 22Right not to be subject to solely automated decisions — meaningful human involvement required
- Art. 5(2)Accountability principle — demonstrate compliance with documented controls
- Art. 25Data protection by design — oversight mechanisms built into the system, not bolted on
- Recital 71Meaningful human oversight of any automated profiling or decision-making
Fine: up to €20 million or 4% of global annual turnover.
- Every AI decision affecting a data subject requires explicit human approval before execution
- Audit log provides the accountability record Art. 5(2) requires — who decided, when, why
- Oversight is architectural — it cannot be bypassed, satisfying data-protection-by-design
- GDPR Data Processing Agreement available for all Cheqpoint customers
- EU data residency option on Enterprise plan for data localisation requirements
- PRIN 12Act to deliver good outcomes for retail customers — AI decisions must be explainable and overridable
- PRIN 2A.2Consumer understanding — customers must know when AI is making decisions about them
- PRIN 2A.4Consumer support — humans must be accessible when AI decisions affect customer outcomes
- SUP 15Regulatory reporting — document AI-related incidents and escalations to the FCA
FCA enforcement: unlimited fines + public censure + individual accountability for senior managers.
- Customer-impacting AI decisions (credit, insurance, claims) are reviewed by a named human before executing
- Every decision includes an explicit reason code — produces the explainability record Consumer Duty requires
- Modify option lets reviewers change AI output to better serve the customer's interest
- Per-reviewer activity in the audit log satisfies senior manager accountability requirements
- SLA tracking ensures response time targets for customer-affecting decisions are met
- EBA/GL/2021/05Model risk management — banks must validate, monitor, and maintain human controls over material AI models
- EBA/GL/2020/06Loan origination guidelines — AI credit decisions must be subject to human review and override
- SR 11-7 (equivalent)Model governance — documented human approval for model outputs in regulated decisions
- ECB Guide 2024Internal model framework — ongoing human oversight of AI model performance
Supervisory expectations enforced through on-site inspections and capital add-ons for poor governance.
- Every material model output (credit, fraud, pricing) is gated by a human reviewer before action
- Risk score and AI Certainty badge on every request supports the model validation evidence trail
- Analytics dashboard tracks approval rates, response times, and override frequency by AI Assistant
- Per-agent audit trail satisfies the individual model monitoring requirement in EBA guidelines
- Auto-rules for low-risk, policy-compliant decisions — human bandwidth preserved for material decisions
Most of these regulations are already live.
The EU AI Act deadline gets the headlines, but four of the five regulations on this page are already in force. If your AI agents are in production, the clock started years ago.
Automated decision-making rights (Art. 22) and accountability obligations — have applied to all EU personal data processing for seven years.
UK financial firms must demonstrate good consumer outcomes from AI-assisted decisions affecting retail customers. Already being enforced.
EU financial entities must have documented human controls over automated ICT processes — including AI. No grace period. Supervisory reviews underway.
General-purpose AI model obligations (transparency, capability evaluations) came into force. Applies to model developers and deployers of foundation model-based agents.
Human oversight obligations (Art. 14) apply to all high-risk AI deployers in fintech, banking, insurance, healthcare, HR, and law enforcement.
Which features satisfy which regulations.
Four buyers. One decision.
If your AI touches money, health, or people — you're regulated.
Cheqpoint addresses the human oversight requirements across every major regulated sector.
- Credit limit and loan decisions
- AML / fraud flag overrides
- Transaction limit changes
- Refund and chargeback processing
- Claims approval and payout
- Underwriting accept / reject
- Policy cancellation / modification
- Premium adjustments
- Clinical decision support sign-off
- Prescription suggestions
- Triage priority assignments
- Patient record access by AI
- Algorithmic trade approvals
- Portfolio rebalancing decisions
- Risk limit override requests
- Client reporting AI outputs
- Candidate shortlisting decisions
- AI interview score review
- Performance review flags
- Promotion recommendations
- Contract execution decisions
- Regulatory filing submissions
- Sanctions screening overrides
- Data subject request processing
Human oversight, running in
production today.
Start a 14-day Growth trial. Connect your first AI agent. Generate your first compliance report. No credit card required.
14-day free trial · No credit card · Cancel anytime · GDPR DPA available