2 Aug 2026 — first EU AI Act transparency obligations apply. Counting down.

Built for the EU AI Act.

MCX records map directly to the EU AI Act's disclosure obligations — risk classification, transparency, technical documentation, and conformity. One regulation, covered properly.

The first deadline is weeks away — and not deferred.

The bulk of Article 50 transparency duties apply 2 August 2026, as originally scheduled. A May 2026 proposal would push the high-risk deadlines back — but it is not yet law. Building the evidence early is the only safe assumption.

Don't bank on the delay.

The 7 May 2026 Digital Omnibus reached only a provisional agreement to defer high-risk deadlines — Parliament and Council still have to formally adopt it. The August 2026 transparency obligations were never part of that deferral. Credible compliance evidence takes 12–18 months to build, so starting now is the only position that holds either way.

2 Aug 2026
In force Article 50 transparency obligations — chatbot disclosure, deepfake and AI-content labelling — apply as originally scheduled.
2 Dec 2026
Proposed AI-content watermarking grace period for systems already on the market — pending formal adoption of the Omnibus.
2 Dec 2027
Proposed Annex III high-risk AI systems — credit scoring, biometric ID, employment, critical infrastructure — pending EU adoption.
2 Aug 2028
Proposed Annex I embedded high-risk products (medical devices, vehicles) — pending EU adoption.

Every field traces to a specific obligation.

A single MCX record documents an AI model against the EU AI Act articles that govern it. The schema enforces the required fields per risk class, so a high-risk record can't be published with the high-risk obligations missing.

Risk class
Art. 6 · 50 · 51

Risk classification

Every record declares its EU AI Act risk class, and the schema requires the right fields for that class.

prohibited high_risk limited_risk minimal gpai gpai_systemic
Article 13

Transparency & instructions for use

Intended purpose, intended users, out-of-scope uses, explainability, input/output guidance, human-oversight measures, and expected lifetime.

Annex IV

Technical documentation

Architecture and delivery form, training-data sources, scope, and known gaps, plus performance, bias, robustness, and cybersecurity results.

Art. 43 · 47 · 48

Conformity & CE marking

Records the conformity-assessment outcome and CE-marking status. MCX records the result — it is not a Notified Body and does not perform the assessment.

Art. 14 · 26

Human oversight & automation

Automation level and the human-oversight measures a deployer needs to operate the system within the law.

Art. 72 · 73

Post-market monitoring & incidents

Post-market monitoring approach, logging, and serious-incident records — kept current as the system changes.

Article 53

General-purpose AI (GPAI)

For GPAI models: training compute, copyright policy, and a training-data summary, with extra fields when a model is systemic.

Art. 16 · 22

Identity, role & attestation

Publisher identity, EU AI Act role (provider / deployer), contact, and a named human attestation accountable for the record.

The full field-by-field mapping is published openly. See the schema on GitHub →

A registry, not a certifier.

We validate structure

Not the truth of the content.

Validators confirm a record conforms to the schema. They do not confirm the disclosure is accurate — that accountability rests with the publishing provider's attestation.

We record outcomes

We are not a Notified Body.

Conformity assessments under Article 43 are performed by accredited bodies. MCX records the outcome where relevant; it does not produce a certificate.

We are infrastructure

Not legal advice.

Field mappings are best-effort community work, not a legal opinion. Deployers interpret records against their own compliance posture.

Start building audit-ready evidence.

The founding cohort shapes the schema before public launch. Credible compliance evidence takes 12–18 months — starting now is the only position that holds.