EU AI Act

How NAiOS, the platform developed by NETRETINA AI S.L., supports your compliance with Regulation (EU) 2024/1689 on Artificial Intelligence. EU datacenter, AIMLAPI Estonia by default, GPAI Code of Practice, cloud / on-premise / dedicated deployment options.

Regulation (EU) 2024/1689

What is the EU AI Act

The world's first horizontal law regulating artificial intelligence. It sets graduated obligations based on the risk level of the AI system and entered into force on 1 August 2024, with phased application through 2027.

The Regulation classifies AI systems into four levels: unacceptable risk (banned), high risk (strict obligations), limited risk (transparency obligations) and minimal risk (no specific obligations).

The vast majority of NAiOS deployments — chatbots, agents via WhatsApp, Telegram, email and phone, back-office automation, predictive analytics over ERP/CRM — fall under limited or minimal risk. Applicable obligations are primarily transparency (Art. 50) and, when NAiOS operates the system in managed mode, deployer obligations (Art. 26-27).

Key dates through 2027

Application timeline

1 August 2024

Entry into force of Regulation (EU) 2024/1689.

2 February 2025

Prohibitions take effect (Art. 5): mass biometric identification, social scoring, subliminal manipulation, among others.

2 August 2025

Obligations for providers of GPAI models (general-purpose). The AI Office's GPAI Code of Practice becomes relevant.

2 August 2026

General application: end-user transparency (Art. 50), deployer obligations and most of the Regulation.

2 August 2027

Full application, including high-risk systems embedded in regulated products.

Roles and responsibilities

Who does what under the Regulation

DEPLOYER

Your company

As a customer using NAiOS to automate processes or deploy agents, you are the deployer (Art. 26-27). Your main obligations: use the system according to its intended purpose, ensure adequate human oversight, keep logs where applicable, and inform end users when they interact with an AI.

Requisitos: Art. 26, 27, 50 — we provide templates and documentation

PROVIDER + DISTRIBUTOR

NETRETINA AI S.L.

NETRETINA AI S.L. (CIF B21924543, Barcelona) is the provider of the NAiOS system and distributor of the upstream GPAI models we route to. We apply the obligations of Art. 16-22 (provider), Art. 25 (distributor) and, when integrating GPAI models, the measures of the GPAI Code of Practice.

Requisitos: Technical documentation, upstream transparency, risk management

UPSTREAM PROVIDER

AIMLAPI (Estonia, EU)

Default model provider, hosted in Estonia, within the EU. Provider of the underlying GPAI models; NETRETINA AI redistributes their capacity orchestrated according to the client's territorial policies.

Requisitos: Models on EU infrastructure — no transfer outside the EEA by default

FAQ

How NAiOS supports each obligation

Regulation articles mapped to features

NAiOS provides technical documentation for each component: which model is used, which upstream provider, capabilities, known limitations and recommended human oversight. The deployer receives the information needed to use the system knowingly.

The App Builder's agentic flows let you configure human review points on critical operations. Agents via WhatsApp, Telegram, email and phone can escalate to a human operator according to client-defined rules.

NETRETINA AI S.L. verifies that the upstream GPAI models it routes (AIMLAPI Estonia by default) meet the Regulation's requirements and passes the information through to deployers. If the client opts for external platforms or BYOK, responsibility is allocated by contract.

We provide templates for fundamental rights impact assessments (FRIA, where applicable), acceptable use policies, logging mechanisms and serious incident notification procedures.

When an end user interacts with a NAiOS agent (chatbot, assistant, phone agent), the system informs them clearly and intelligibly that they are interacting with an AI, unless this is obvious from context. The message text is editable from the client panel.

The upstream provider AIMLAPI (Estonia, EU) directly assumes the GPAI obligations; NETRETINA AI S.L. passes them through in documentation. For GPAI models with systemic risk, the GPAI Code of Practice signed before the AI Office in July 2025 applies.

Pick the model that best fits your sovereignty and compliance needs

Three modes, one platform

EU PRODUCTION

NAiOS Cloud

NAiOS managed in a European datacenter (Germany), with AIMLAPI Estonia as the default model provider. Data and communications stay within the EEA. The fastest way to go live.

Requisitos: Instant production · data in EU · EU models by default

CLIENT INFRASTRUCTURE

On-Premise EU

NAiOS deployed inside the client's infrastructure or in their private cloud within the EU. The company keeps full control over data and communications; NETRETINA operates and maintains the system under contract.

Requisitos: Client infrastructure in EU · operational sovereignty · managed support

AI HARDWARE AT CLIENT

Dedicated on-site

Installation of modern AI hardware (GPU/NPU) inside the company's premises, evaluated case by case by NAiOS Labs. Maximum sovereignty: AI and data never physically leave the company.

Requisitos: Custom project · technical assessment by NAiOS Labs · associated investment

Models: Europe by default, external on demand

External (opt-in / BYOK)

OpenRouter, Fal.ai, Microsoft Azure OpenAI, direct OpenAI and others
Activated on explicit client request
Bring Your Own Key: the client supplies their own API key and assumes provider compliance
Changes documented and signed in the service contract
Per-provider traceability in the admin panel

AIMLAPI Estonia, EU (by default)

Provider activated by default in every NAiOS account
Infrastructure hosted in Estonia, within the European Union
No data transfer outside the EEA by default
Broad GPAI model coverage from a single European provider
Coherent orchestration per client territorial policies

To support your compliance

What documentation you receive

NAiOS Ai CORE Engine technical sheet with active upstream providers
Ready-to-integrate end-user transparency policy (Art. 50)
Risk assessment and FRIA templates where applicable
Serious incident management procedure (Art. 73)
Configurable logs aligned with the retention period the client defines
Model contract clauses when NETRETINA acts as delegated deployer

Request the full dossier

Important information

This page describes how the NAiOS platform, developed by NETRETINA AI S.L. (CIF B21924543, Av. Diagonal 131, 08018 Barcelona, Spain), is designed to support your compliance with Regulation (EU) 2024/1689 on Artificial Intelligence.

It does not constitute legal advice. The specific obligations that apply to your organisation depend on the use case, regulated sector and risk categorisation of each system. We recommend validation by your legal or compliance department before productive deployment.

Official text of the Regulation: EUR-Lex 32024R1689. GPAI Code of Practice: European Commission.

Last updated: May 2026.