EU AI ACT — COMPLIANT
EU AI Act Positioning Note
Summary
Sovereign Git's AI features (AI code review, issue triage) are designed to be EU AI Act compliant by architecture. The platform itself is not a high-risk AI system under Annex III of the EU AI Act. The BYO-LLM architecture ensures customers retain full control over their AI processing and can document their own AI system risk classifications independently of the platform.
Risk Classification of Sovereign Git AI Features
| AI Feature | EU AI Act Classification | Rationale |
|---|---|---|
| AI Code Review (F1) | Not high-risk (advisory tool) | Output is advisory only — human developer reviews and decides. No automated decision-making affecting employment, safety, or fundamental rights. Does not appear in Annex III high-risk categories. |
| Issue Triage (F6) | Not high-risk (advisory tool) | Suggests issue labels and priority. Human assigns final label. Advisory only, no consequential automated decision. |
| BYO-LLM (per-repo keys) | Platform infrastructure, not AI system | Secure routing and key management for customer-specified LLM endpoints. The AI system classification applies to the LLM provider, not our routing layer. |
BYO-LLM and AI Training Opt-Out
- No training on customer code: Customer repository data is never used to train or fine-tune any AI model operated by Elite AI Empire LLC.
- Per-repo LLM key isolation: Code review requests are routed to the customer-specified LLM endpoint via AES-256/Fernet-encrypted BYO keys. Empire-pooled AI cascade is the default only when no BYO key is configured.
- Provider transparency: The empire-pooled cascade uses EU-friendly providers only (Groq, Cerebras, Anthropic, Gemini — US-based but with EU data region options). Chinese and Russian LLM providers are explicitly blocked (geopolitical filter doctrine).
- EU AI Act Article 13 (Transparency): Users are informed when AI-generated content (code review comments) is AI-generated — the bot account name is clearly identified as an automated reviewer.
- EU AI Act Article 14 (Human Oversight): All AI outputs require human review before action. No AI feature in Sovereign Git auto-merges, auto-deploys, or auto-executes based solely on AI output.
For Customers Building High-Risk AI Systems
If your team uses Sovereign Git to develop AI systems that fall under Annex III high-risk categories (e.g., biometric ID, critical infrastructure, employment/credit decisions), the conformity assessment obligations under EU AI Act Article 43 apply to your system, not to Sovereign Git as the platform. Sovereign Git provides:
- Cryptographic audit trail (F9) usable as technical documentation evidence per Article 11
- Version-controlled AI system lifecycle (git history + CI pipeline) supporting Article 9 risk management documentation
- BYO-LLM keys for controlled AI model access during development
EU AI Act Timeline Note: The EU AI Act applies to prohibited practices from February 2025, general-purpose AI models from August 2025, and high-risk systems from August 2026. Sovereign Git's AI features were designed with this timeline in mind. Advisory-only classification is stable under the current regulatory text. We monitor for delegated acts that may expand high-risk categories.