BFT routing as EU AI Act Article 15 evidence

What Article 15 actually requires

Regulation (EU) 2024/1689, Article 15: high-risk AI systems must achieve appropriate accuracy, robustness and cybersecurity — including resilience to "attempts to alter their use, behaviour or performance" (data/model poisoning, adversarial examples). Article 12 requires automatic event logging over the system lifetime. Most teams answer with documents. Auditors increasingly ask for mechanisms.

The mechanism openmoe-bft gives you

• Art 15 robustness: every MoE routing decision is fanned to N router replicas; a token dispatches only on a 2f+1 quorum — up to f compromised routers cannot misroute. Krum / trimmed-mean fusion makes logit poisoning ineffective.
• Art 15 cybersecurity: the red-team module probes your own deployment and scores resilience 0..1 — continuous adversarial testing, not an annual pentest PDF.
• Art 12 record-keeping: hash-chained, tamper-evident receipts (HMAC-SHA256 / Ed25519) for every decision — an append-only log an auditor verifies offline.

From mechanism to signed evidence

Run the 19 built-in conformity checks (Articles 9–15), then turn the results into a cryptographically signed attestation with a public verify URL via proofof.ai — the CSOAI mesh's independent attestation layer. For certification-grade review: the CSOAI Watchdog Certification assessment (£4,950).

pip install openmoe-bft

Why this beats a compliance questionnaire

Assessment-only tools tell you where you stand today. Runtime enforcement keeps you compliant on every request — and produces the evidence trail as a side effect. That is the difference between preparing for the 2 August 2026 high-risk obligations and merely describing them.