Agentic AI in Compliance with the EU AI Act
Agentic AI in Compliance with the EU AI Act (2 days)
Why this training is so important
Agentic AI is exploding in capability and adoption—tools that plan, call functions, trigger workflows, and act across your stack & processes. The EU AI Act doesn’t name “agentic AI” explicitly (it’s too new as a label), but that doesn’t mean you’re out of scope. If your system fits the Act’s definition of AI and touches EU users, your agentic setup is fully covered by the same obligations as any other AI system—from transparency and logging to risk management, human oversight, and (for in-scope uses) conformity assessment and CE marking.
This course is designed to turn that reality into practice. Using a concrete e-commerce returns & goodwill scenario, we’ll show you both a high-risk path and a medium-risk path for an agentic workflow—what that classification changes in your obligations, which controls you must implement, and how to evidence them. You’ll see how an agent orchestrates a private LLM, an MCP server, governed tools, and a CLV decision model—with a human-in-the-loop approval process where it matters—all anchored in a rigorous, governance-first AI Management System (heavy on controls, light on surprises).
By the end, you won’t just understand the rules—you’ll have working patterns, artifacts, and checklists you can lift into your environment: system descriptions, model cards, decision logs, XAI summaries for reviewers and customers, RBAC and change control, and a CE-readiness pack. In short: build ambitious agentic AI—without flying blind on compliance.
All hands-on exercises are demonstrated on the AltaSigma AI Management Platform to showcase enterprise-grade governance and auditability. Concepts are vendor-agnostic and transferable.
Course Outline & Learning Trajectory
This two-day course is structured as a sequence of tightly coupled modules that interleave theoretical lectures with a continuous, hands-on case study. We begin by examining the architectural constituents of an agentic AI system and progressively layer governance, decision-making, and oversight mechanisms in accordance with the EU AI Act.
Module 0 — System Architecture and Components
We introduce the reference architecture of an agentic system: an orchestrating agent, privately hosted language models, a tool/connector layer (e.g., MCP servers), governed external functions, data stores (ticketing/CRM), and the surrounding AI Management System (logging, RBAC, version/change control, and post-market monitoring). Emphasis is placed on data minimization, traceability, and interface contracts between modules.
Module 1 — Policy-First Baseline (Deterministic Control)
We operationalize a policy-driven baseline in which the agent executes context gathering and rule-based recommendations with explicit rationales. Lectures cover design patterns for safe prompting, deterministic fallbacks, and the role of transparent decision logs. The lab implements this baseline on the case study to demonstrate strengths and limitations of rule-only control.
Module 2 — Governance of Data Flows and Access
We examine artifacts and controls required to make the architecture auditable: system descriptions, data maps, logging strategies (training vs. inference), access control models, and change-management records. Practical exercises instrument the case system to emit reviewable evidence while adhering to data-protection principles.
Module 3 — Decision Modeling and Thresholding
We extend the baseline with a lightweight customer-lifetime-value (CLV) model to enable proportionate decision-making. Lectures address model scope, thresholds, uncertainty, and risk amplification. In the lab, we implement thresholded policies (approve/deny/human review bands) and evaluate how these alter the system’s risk profile and documentation needs.
Module 4 — Human-in-the-Loop Oversight and Explainability
We formalize human oversight as an approval workflow with clear hand-off criteria. Lectures cover fit-for-purpose explainability (global vs. local), reviewer UIs, override capture, and accountability. The exercise instruments explanations for both internal reviewers and external transparency, ensuring the audit trail supports contestability and redress.
Module 5 — Regulatory Mapping and Evidence Production
We systematically map the evolving system to EU AI Act obligations based on deployment context (e.g., medium- vs. high-risk classifications), deriving provider/deployer duties and corresponding controls. Participants produce a compact evidence pack: AI system description, model card, risk assessment, user transparency notice, testing/validation records, role-based access snapshots, change logs, and an initial post-market monitoring plan, alongside a pragmatic view of conformity assessment, CE-readiness, and (where applicable) EU database registration.
Integration of Theory and Practice
A single end-to-end use case—an e-commerce returns and goodwill process—serves as the running laboratory for the course. Each module’s lecture segment establishes concepts and regulatory rationales; each practical segment incrementally implements those concepts in the case system, allowing participants to observe how architectural choices, governance controls, and decision models interact to produce a compliant agentic workflow.
Learning Outcomes
By the conclusion of the course, participants will be able to
(i) design a modular, auditable agentic architecture,
(ii) implement rule-based and model-mediated decisions with calibrated thresholds and human oversight, and
(iii) compile the documentary evidence and operational controls required for EU AI Act alignment, including preparation for conformity assessment where in scope.
Who should attend
- Product owners, business leaders, and project managers deploying Agentic AI solutions.
- Compliance, legal, risk, and DPO teams responsible for EU AI Act alignment.
- Data/ML/AI Engineers, Data Scientists, and MLOps Practitioners who must implement the controls.
- Customer service / operations leaders running returns, warranty, or goodwill processes.
Did not find the training you are looking for? Please feel free to ask for any other Advanced Analytics training.