Is Your AI Agent EU AI Act Ready? A Developer Checklist

August 2, 2026 is the compliance deadline for high-risk AI in financial services. If your agent spends money, here's what the EU AI Act infrastructure requirements look like in practice.

What the EU AI Act actually requires for financial AI agents

The EU AI Act classifies certain AI systems used in financial contexts as high-risk under Annex III — notably those used for creditworthiness assessment, credit scoring, and related financial decision-making. If your agent autonomously makes purchase decisions or manages spend, you may fall in scope depending on your use case and the degree of autonomy involved. Consult your legal team to determine whether your specific deployment triggers high-risk obligations.

For those who are in scope, four articles are most operationally relevant for agent developers:

Non-compliance after August 2 carries fines up to €15M or 3% of global annual turnover (Article 99(3)) — whichever is higher.

The five controls you need

Here's the developer-facing checklist for the core infrastructure requirements. Note that full EU AI Act compliance also requires technical documentation, conformity assessment procedures, and a quality management system — work with your legal and compliance teams on those obligations.

1. Audit trail

Every financial transaction your agent takes must be logged with:

• Agent identifier (not just the user account)
• Merchant name, MCC code, and amount
• Timestamp (UTC)
• Decision context (what the agent was trying to accomplish)
• Outcome (approved, declined, escalated)

Retention period: minimum 2 years under EU financial regulation.

Common mistake: logging at the application layer and calling it done. If your agent key gets compromised, your application logs can be tampered with. The audit trail needs to be at the payment infrastructure layer.

2. Spend limits

The risk management requirement (Article 9) translates directly to spend controls. You need:

• Per-transaction limit — the max any single charge can be
• Daily/monthly limit — aggregate exposure cap
• Limits must be enforced at the infrastructure layer, not just application logic

If you're enforcing limits in your agent's code, that's not compliant — a prompt injection or logic error bypasses it. Limits need to be enforced by the payment infrastructure itself.

3. Merchant controls

Your agent should only be able to transact with an approved category of merchants. This means:

• Allowlist of MCC (Merchant Category Codes) your agent legitimately needs
• Blocklist for categories your agent should never touch (quasi-cash, gambling, etc.)
• Enforcement at card/payment level — not application logic

For a SaaS-purchasing agent, allowed MCCs might be 7372 (Prepackaged Software), 7371 (Computer Programming, Data Processing, and Other Computer Related Services), 5734 (Computer and Computer Software Stores). Blocking 7995 (Gambling) and 6051 (Quasi-Cash) by default.

4. Human escalation path

Article 14 requires that humans can "effectively oversee" the AI. For financial agents, this means a real escalation path — not just the ability to revoke API keys after the fact.

Compliant escalation pattern:

• Transactions above a threshold require human approval before execution
• Escalation has a timeout and a safe default (decline if no response in N seconds)
• The escalation event is logged
• Humans can pause/freeze the agent card instantly

5. PCI DSS compliance

You're handling payment card data. Your stack needs to be PCI DSS compliant. This means:

• Card numbers are never stored or logged in your application
• Tokenization is handled by PCI-certified infrastructure
• Your vendor holds a current PCI DSS attestation

If you're building your own card infrastructure, PCI Level 1 certification takes 6–12 months and costs $50K–$200K. Most teams should use a compliant payment primitive instead.

How limit.md checks each box out of the box

limit.md is a virtual card and spend control API purpose-built for AI agents, built on PCI DSS Level 1 certified infrastructure. (Your application still needs to avoid logging or storing card numbers — the infrastructure compliance covers limit.md's systems.)

None of this requires you to build compliance infrastructure. It's all available via REST API.

Code walkthrough: provisioning a compliant agent card in 10 minutes

limit.md uses a REST API. Get your API key from the dashboard and set it as LIMIT_API_KEY.

Step 1: Create an agent card with spend and merchant controls

curl -X POST https://limit.md/api/v1/cards \
  -H "Authorization: Bearer $LIMIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "purchasing-agent-v1",
    "display_name": "EU-Compliant Purchasing Agent",
    "spend_limit": { "amount": 20000, "interval": "DAILY" },
    "merchant_config": {
      "allowed_mcc": ["7372", "7371", "5734"],
      "blocked_mcc": ["7995", "6051"]
    }
  }'

Step 2: Gate a transaction with a policy check

Before your agent makes any purchase, call the policy check endpoint. This creates the audit-trail entry and enforces your configured controls:

const response = await fetch('https://limit.md/api/v1/actions/check', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.LIMIT_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    agent_id: 'purchasing-agent-v1',
    action_type: 'purchase',
    merchant: 'AWS Marketplace',
    amount_usd: 149,
    reason: 'Monthly compute instance for CI pipeline',
  }),
});

const result = await response.json();
// result.decision: 'approved' | 'declined' | 'escalated'
// result.event_id: reference this in the audit log

Step 3: Handle escalation

If a transaction exceeds your threshold, limit.md delivers a webhook to your escalation endpoint:

// POST /webhooks/limit-escalation
app.post('/webhooks/limit-escalation', async (req, res) => {
  const { event_id, agent_id, merchant, amount_usd, expires_at } = req.body;

  await notifyOps({
    message: `Agent ${agent_id} wants to charge $${amount_usd} at ${merchant}`,
    approve_url: `https://your-app.com/escalations/${event_id}`,
    expires_at,
  });

  res.json({ received: true });
});

// POST /escalations/:eventId — ops team resolves from the notification link
app.post('/escalations/:eventId', async (req, res) => {
  const decision = req.body.approved ? 'approve' : 'decline';
  await fetch(`https://limit.md/api/v1/events/${req.params.eventId}/decide`, {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${process.env.LIMIT_API_KEY}` },
    body: JSON.stringify({ decision }),
  });
  res.json({ ok: true });
});

Default timeout is 30 seconds — if no decision is received, the transaction is declined automatically (safe default per Article 14).

Step 4: Pull the audit log

const events = await fetch(
  'https://limit.md/api/v1/audit?agent_id=purchasing-agent-v1&from=2026-01-01&to=2026-08-02',
  { headers: { 'Authorization': `Bearer ${process.env.LIMIT_API_KEY}` } }
).then(r => r.json());

// Each event: { event_id, timestamp, agent_id, merchant, mcc, amount_usd, outcome, reason }

Your agent now has Article 9 spend controls, Article 12 audit logging, Article 14 human oversight, and MCC restrictions — all enforced at the payment infrastructure layer, not in application code that can be bypassed.

Verifying compliance: a quick self-assessment

Before August 2, run through this checklist:

• ☐Every financial transaction logs agent ID, merchant, amount, timestamp at the infrastructure layer
• ☐Audit logs are retained for at least 2 years and are tamper-evident
• ☐Spend limits are enforced by payment infrastructure, not just application logic
• ☐Merchant category controls are in place
• ☐There is a real human escalation path for high-value transactions (not just "we can revoke the key")
• ☐Your card infrastructure is PCI DSS compliant
• ☐You can produce an audit report on demand for any agent, any time range

If you can check all seven, your infrastructure requirements are in good shape. Also coordinate with your compliance team on the non-infrastructure obligations: technical documentation, conformity assessment, and quality management systems.

Get compliant today

limit.md's sandbox is free. You can provision your first compliant agent card in under 10 minutes, test your escalation webhook against simulated transactions, and validate your audit log format before you're anywhere near production.

Questions about specific compliance requirements for your use case? Join the limit.md Discord and ask in #compliance.