Rogo has aligned its practices with the European Union's Artificial Intelligence Act. We've conducted a rigorous internal assessment under the EU AI Act framework, validated by external auditors.

It has mapped our platform, processes, and documentation against the Act’s requirements, ahead of full enforceability in August 2026. We have decided to establish readiness ahead of this deadline per a strong commitment to our clients’ and partners’ global presence and as a reflection to our commitment on AI safety and compliance.

Why Now

The EU AI Act introduces a risk-based classification system, with requirements around transparency, data governance, human oversight, and technical documentation. Penalties can reach €35 million, or 7% of global annual turnover. For the financial institutions we serve, who operate under the most demanding and complex regulatory landscapes in the world, this is the baseline expectation for technology partners.

Rogo recently opened a London office to bolster our European expansion efforts. Our clients and partners in Europe and globally need to know that deploying Rogo at scale won’t create regulatory exposure, and this work gives them that confidence.

What We Did

Technical documentation.

We’ve built end-to-end documentation of our AI systems – covering model architecture, training data governance, intended use, capabilities, and known limitations – all structured to meet the Act’s traceability requirements. This goes beyond our existing SOC 2, ISO 27001, ISO 42001, and GDPR documentation.

Risk management. 

We conducted a formal risk assessment aligned with the Act’s framework. We identified potential harms, evaluated likelihood and severity, documented mitigations, and established residual risk acceptance criteria. This is separate from our existing security program. It’s specifically focused on AI-specific risks like output reliability, bias, and misuse.

Human oversight.

Rogo is designed to augment financial professionals, not replace their judgment. Every output is sourced, cited, and auditable. The Act’s human oversight requirements formalize what our clients already demand.

Data governance.

We don’t use client data to train or update our models. Our siloed architecture and strict access controls were built for regulated finance, and the Act’s data governance requirements validated an approach we already had in place.

What This Isn’t

This isn’t a rebrand of our existing security program under a regulatory headline. Our SOC 2 certification, penetration testing, zero-trust architecture, and encryption standards are important, but they address different risks than what the EU AI Act targets. The Act is focused on AI-specific concerns: how models are built, how they behave, how they’re documented, and how humans stay in the loop.

What’s Next

EU AI Act compliance is now part of how we operate, not a one-time project. As enforcement mechanisms and harmonized standards continue to take shape, we’ll update our documentation and controls accordingly. For our European clients, this means Rogo is ready to deploy today under the regulatory framework that will govern AI across the EU.