EU AI Act, GDPR & ANSSI
for production LLMs
Five months out from the Commission's GPAI enforcement powers becoming effective on 2 August 2026 (AI Office, Implementation Timeline), most European SaaS teams are in the same position: a chatbot, a copilot or an agent already in production, a DPA that does not mention LLMs, and a question from the board on what "AI Act ready" actually means in code.
This page is the technical answer for one specific class of system: a B2B SaaS feature that calls a third-party LLM (OpenAI, Anthropic, Mistral, Gemini, OpenRouter) at runtime. Senthex is the runtime proxy that sits between your app and that provider. Below is exactly which obligations the proxy can absorb, which it cannot, and how that maps line-by-line to the regulations your DPO will ask about.
Download the compliance brief (PDF, 15 pages)
Or download directly (PDF, 15 pages) without entering your email.
1. The dates that actually trigger procurement
GPAI obligations have been applicable since 2 August 2025, but the AI Office's supervision and enforcement powers (document requests, evaluations, fines up to 3 % of global turnover or €15 million) only switch on 2 August 2026 (DLA Piper analysis; AI Act Service Desk FAQ). Two weeks later, the Cyber Resilience Act triggers reporting duties for actively exploited vulnerabilities and severe incidents on 11 September 2026 (European Commission, CRA timeline).
For a B2B SaaS shipping an LLM feature, the practical consequences are narrower than the headlines suggest:
- If you operate a high-risk AI system as defined in Annex III (recruitment, credit scoring, education ranking, critical infrastructure, justice, etc.), Article 15 on accuracy, robustness and cybersecurity is now an enforceable duty against your deployer posture.
- If you are a deployer of a third-party GPAI model (the typical case), you inherit duties through the AI value chain (Article 25) and you must be able to demonstrate that the model's documentation reaches your downstream users.
- If your product is consumer-facing, Article 50 transparency duties (telling end-users they are interacting with an AI system) have been applicable since 2 February 2025.
What every SaaS in scope needs by 2 August 2026 is a defensible answer to four questions: what does the model see, what does it return, who can prove it, and what happens when something is exploited?
2. What a runtime proxy can absorb — feature × regulation mapping
The table below maps each Senthex feature to the specific article it helps satisfy. Coverage means the proxy provides the technical control; it does not mean you are exempt from documenting the control in your risk register or DPIA.
| Senthex feature | EU AI Act | GDPR | ANSSI-PA-102 | What it covers — and what it doesn't |
|---|---|---|---|---|
| Zero-data-retention by default | Recital 69 (privacy by design) | Art. 5(1)(c) data minimisation; Art. 25 by-design | R7 (data confidentiality by design) | Request and response bodies are never written to storage. Metadata (timestamp, latency, shield verdicts, token counts) is. Does not address upstream caching by the model provider — that's their DPA. |
| EU-only inference path (Hetzner Falkenstein, Germany) | Recital 134 (cybersecurity throughout lifecycle) | Chapter V (third-country transfers) | R11 (host in environments aligned with security needs) | Senthex compute and metadata stay in Germany. Your downstream model provider's location is your decision — Senthex routes to it but cannot make a US provider European. |
| 26 input/output shields (prompt injection, jailbreak, PII, secrets, toxicity, off-topic, hallucination markers, etc.) | Art. 15(5) cybersecurity — "resilient against attempts… to alter use, outputs or performance" (Article 15) | — | R27 (limit automatic actions on untrusted inputs); R33 (harden controls for internet-exposed AI) | Per-call detection with optional blocking. Each shield's verdict, score, and rule version are exposed in the audit log. Not a guarantee — the OWASP LLM Top 10 lists prompt injection as LLM01 precisely because no filter is exhaustive (OWASP GenAI). |
| Audit log (Business and Enterprise tiers) | Art. 12 (record-keeping for high-risk AI) | Art. 30 (records of processing) | R23 (security audits before production) | Per-request: timestamp, route, shield verdicts, token cost, response status. Raw I/O excluded by design. You still own the link between an audit entry and a data subject in your own systems. |
| Real-time dashboard + alerts (Slack, webhook, email) | Art. 14 (human oversight) | — | R26 (control and secure interactions with other applications) | Operational signal for the human-in-the-loop your high-risk system is required to have. Not a substitute for documented oversight procedures. |
| OWASP LLM Top 10 posture report (Business and Enterprise tiers) | Art. 9 (risk management system) | — | Annex (residual risks) | Monthly, per-app posture summary. Helps populate the risk register. Doesn't write the risk register for you. |
| Multi-provider routing | Art. 25 (responsibilities along the AI value chain) | Art. 28 (processor) | R26 (control and secure interactions with other applications) | Senthex behaves as a controller-aware processor relative to your downstream model provider. We pass through, never re-purpose, model traffic. |
Sources: EU AI Act consolidated text, Article 15, ANSSI-PA-102 (English, 29 April 2024), GDPR Chapter V.
3. What Senthex does not do (and why it matters)
Three classes of duty are out of scope for a runtime proxy. Pretending otherwise is how vendors lose buyers in the first technical review.
Model documentation and conformity assessments. If your system falls under Annex III high-risk, you owe technical documentation per Article 11 and conformity assessment per Article 43. A proxy cannot fill those forms. We can hand you the operational evidence (logs, posture reports, shield definitions) you'll cite in section 4 of Annex IV, but the document itself is on you.
Training-data lineage and bias testing. Article 10 on data governance applies to providers of high-risk systems, not to a runtime hop. If your team fine-tunes a model, you own that lineage end-to-end.
Joint-controller analysis with your model provider. GDPR Articles 4(7) and 26 are a legal exercise between you and OpenAI/Anthropic/Mistral/Google. Senthex's DPA covers our processor relationship to you; it does not adjudicate your relationship with the model vendor.
4. The honest part — what we are not yet certified for
Senthex is an early-stage company shipping a production product. The infrastructure is built to compliance standards; the certification paperwork is not all in place yet. Stating this explicitly avoids the awkward call later.
- SOC 2 Type II: not certified at the corporate level. Roadmap target — late 2026 / early 2027 once paid customer count justifies the audit cost.
- ISO 27001: not certified at the corporate level. Same window. Hetzner Falkenstein, our hosting layer, is ISO 27001-certified independently (Hetzner ISO certificate) — but corporate ISO is a separate scope and we don't conflate the two.
- HDS (French health hosting): not held. Senthex is not appropriate for clinical-data flows that require HDS hosting. Use a HDS-certified provider for those routes.
- GPAI provider obligations: not applicable — Senthex does not train or distribute a model.
- EU AI Act conformity assessment: not applicable to a runtime proxy at the time of writing; we monitor harmonised standards (CEN-CENELEC JTC 21) and will publish a position when they are finalised.
If a vendor in this category tells you they are "100 % AI Act compliant" today, ask them which conformity assessment body issued their certificate. There isn't one yet for runtime LLM controls — the harmonised standards are still in draft.
5. Why this looks different from an edge gateway
Generic edge AI gateways were designed for observability and cost control. They proxy LLM traffic, log it, cache it, and apply basic content filters. That serves a real need. The compliance gap shows up in three places:
- Hosting jurisdiction. Edge gateways execute on a global anycast network. For a buyer subject to GDPR Chapter V, that means the request transits whichever PoP is closest, with the legal mechanics that follow. Senthex runs in a single EU region.
- Per-shield evidence. A guardrail that says "blocked: harmful content" is not enough for an Article 15 audit. We expose the rule fired, the score, the version of the shield, and the reasoning trace per call.
- Audit log scope. Generic gateway logs are operational. A compliance audit log is per-request, retained on a defined schedule (90 days standard, unlimited on Enterprise), tamper-evident, and exportable to your SIEM.
This is not a comparison-by-name exercise. Use whichever proxy answers your specific risk register. If your buyer is a US enterprise customer asking for a SOC 2 Type II vendor today, an edge gateway from a public-cloud incumbent or a US runtime-security platform will close that gap faster than we can. If your buyer is a European DPO who needs a compliance-mapped runtime story before 2 August 2026, this page is what we built for them.
6. FAQ — the questions a CISO actually asks before signing a Pro plan
Why would I pay €49/month for this when Cloudflare AI Gateway is free with my Workers plan?
Cloudflare AI Gateway is excellent at observability, caching, rate-limiting and basic guardrails on the global edge. It is not built around an EU-only inference path, an Article 15-grade audit log, or a per-shield evidence trail. If your buyer is a European DPO asking for a compliance-mapped runtime story, the free plan won't survive the questionnaire. If you don't have that buyer and you want simple observability, use Cloudflare. The €49 plan is for teams whose deal cycle is gated by a Schrems-aware DPO.
You said you are not SOC 2 yet. Why should I trust you with my prompts?
Because we never store them. The DPA-relevant artefact is not the certification — it is what enters our storage layer. Senthex operates as a stateless reverse proxy: the request body is forwarded to the model provider in-flight, never persisted. Our hosting (Hetzner Frankfurt/Falkenstein) holds ISO 27001 independently. The corporate certifications are work-in-progress and we are explicit about it on this page rather than in a footnote.
Are you actually a “data processor” under GDPR, or do you become a controller when shields rewrite my prompts?
We are a processor. Shields can flag, score or block — they do not silently rewrite content. If a shield rewrites (currently only the secrets-redaction shield, opt-in), the rewrite is logged with the original-vs-rewritten diff retrievable by you, and the legal basis stays with your controller posture. Our DPA documents this explicitly; it is available on request before signature.
My LLM provider already has Bedrock Guardrails / Azure Content Safety / Vertex Safety Filters. What does Senthex add?
Provider-side guardrails sit inside the provider's trust boundary. They are useful and we recommend keeping them on. Senthex sits before that boundary, so we (a) apply controls before any token leaves your jurisdiction, (b) give you a single audit log across providers when you use more than one, and (c) detect attacks that exploit the integration layer (prompt injection via document upload, tool-call abuse, agent loop budget exhaustion) which provider guardrails generally don't see.
We are an Annex III high-risk system. Does using Senthex make us compliant with Article 15?
No single vendor makes you compliant with Article 15. Article 15 is a system-level duty. Senthex provides technical controls that map to Article 15(5) cybersecurity (resilience to alteration), Article 15(3) robustness (consistent performance via monitoring) and supports Article 9 risk management evidence. The conformity assessment, the technical documentation, and the residual-risk acceptance are still your work. We give you the evidence to cite, not a certificate to wave.
What happens to our audit logs if Senthex disappears?
Logs are exportable at any time via the API and via signed S3-compatible archives on Enterprise. Standard retention is 90 days on Business; longer on Enterprise. Our DPA commits to the standard processor obligation under Article 28(3)(g) GDPR — “delete or return all personal data after the end of the provision of services” — with the export tooling making that commitment operational rather than just contractual.
Where exactly does the request go?
Your app → Senthex (Hetzner Falkenstein, DE) → the model provider you configured. The Senthex hop is EU-resident. The model-provider hop is whatever you configured — for OpenAI's EU data residency, that's their EU PoP; for Mistral, France; for Anthropic, the region you chose at sign-up. We don't make a US-only provider European.
7. Next steps
If you have a specific vendor questionnaire on the desk, the compliance brief PDF (request it via the form above) maps each row to the article number your DPO will reference.
If you want to validate the technical claims before talking to anyone, the Free plan (1,000 requests/month, no credit card) gives you the same shields and dashboard. The €49 Pro plan adds 90-day log retention; Business at €199 adds the AI Act audit trail and the OWASP LLM Top 10 report.
For high-risk Annex III deployments or HDS-adjacent flows, contact us — those engagements need a scoped DPIA before the proxy is the right answer.