What is KlarvoEngine?

KlarvoEngine is Klarvo's regulatory intelligence engine. It analyses your AI system through a 3-pass classification pipeline and produces an article-cited compliance memo with obligations, deadlines, and recommended controls — in under 60 seconds.

What is the EU AI Act?

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on providers and deployers of AI systems operating in the EU.

Any organisation that provides or deploys AI systems affecting people in the EU — regardless of where the organisation is based. This includes websites with AI chatbots, companies using AI analytics, and businesses integrating AI models into their products.

Prohibited AI practices have been enforceable since February 2025. GPAI model obligations since August 2025. Article 50 transparency and most remaining obligations apply from August 2, 2026.

What are the penalties?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for transparency and other violations. For SMEs, the penalty is whichever amount is lower.

Assigning Ownership & Oversight

Under the EU AI Act, deployers of high-risk AI systems must assign competent human oversight to persons with the necessary competence, training, and authority (Article 26). Even for non-high-risk systems, clear ownership is essential for governance and accountability.

Why Ownership Matters

Every AI system in your inventory needs clear answers to three questions:

Who is accountable? (Primary Owner) — receives all compliance notifications, owns the classification, and is responsible for evidence completeness

Who is the backup? (Backup Owner) — steps in when the primary is unavailable; ensures continuity

Who has oversight authority? (Oversight Owner) — the person with the competence and authority to monitor, intervene, and if necessary pause or stop the system

For high-risk AI systems, these assignments are not optional — they're a regulatory requirement.

Role Definitions

Role

Responsibility

Article 26 Relevance

Primary Owner

Overall accountability for the system's compliance posture

Must ensure system is used according to instructions

Backup Owner

Business continuity; acts when primary is absent

Ensures no gap in oversight coverage

Oversight Owner

Human oversight authority — monitors operation, can intervene

Must have competence, training, and authority to pause/stop

Privacy Owner (DPO)

Data protection aspects; DPIA linkage

Ensures GDPR alignment alongside AI Act

How to Assign Owners

During the Wizard

Steps 0 and 3 of the AI System Wizard prompt you to assign:

Primary owner (Step 0 — required)

Backup owner (Step 3 — recommended)

Oversight owner (Step 12 — required for high-risk candidates)

After Creation

Open the AI System detail page

Click the Ownership section

Use the people picker to assign or change each role

Changes are logged in the audit trail

Oversight Owner Requirements

For high-risk AI systems, the oversight owner must meet specific criteria:

Competence: Understands how the AI system works, its limitations, and potential failure modes

Training: Has completed AI literacy training relevant to the system's domain

Authority: Has the organizational authority to pause or stop the system if it poses risk — this must be explicitly documented in an oversight SOP

Independence: Ideally not the same person who built or procured the system (separation of duties)

Auto-Generated Tasks

When owners are assigned, Klarvo automatically creates tasks:

Assignment

Auto-Generated Task

Primary Owner assigned

"Complete classification" (if pending)

Oversight Owner assigned

"Create oversight SOP"

Oversight Owner assigned

"Complete AI literacy training"

No Backup Owner

"Assign backup owner"

Best Practices

🏷️ Assign early: Set ownership during the wizard, not after — it establishes accountability from day one

👥 Separate roles: Avoid making one person both the primary owner and oversight owner for high-risk systems

📋 Document authority: The oversight owner's stop/pause authority should be written into an SOP

🔄 Review quarterly: Ownership changes when people change roles — review assignments each quarter

🎓 Train oversight owners: They must have demonstrable competence; link their training records to the system