LLM Bastion Docs

Appearance

EU AI Act Compliance at LLM Bastion

The LLM Bastion Governance Gateway ensures that any LLM usage within your organization meets the transparency and risk-management requirements of the EU AI Act.

Transparency Obligations (Art. 52)

LLM Bastion automatically fulfills transparency requirements across three areas:

  1. AI Interaction Notification: All traffic via Bastion automatically injects X-AI-Generated: true headers into the response streams.
  2. AI Content Labeling: We provide automatic watermarking and response markers to inform end-users they are interacting with an AI system.
  3. Deepfake Disclosure: Bastion detects potential adversarial use-cases and applies stricter audit logging for risk management.

Risk Management

The EU AI Act classifies AI systems based on risk tiers. LLM Bastion provides:

  • Audit Logs for High-Risk Systems: Time-partitioned, immutable logs in our secured database for conformity assessments.
  • Human Oversight Hooks: Routing policies that require manual approval (human-in-the-loop) for specific high-stakes model outputs.
  • Adversarial Detection: Built-in logic to detect and prevent "Prompt Injection" and "Adversarial Examples" that might lead to prohibited AI practices.

Conformity Assessment

LLM Bastion acts as a Conformity Enforcement Point, ensuring all downstream LLM calls (OpenAI, Anthropic, etc.) are filtered through your organization's approved security posture.

🔌 Transparence & En-têtes HTTP de Réponse

Lorsque les règles de transparence de l'EU AI Act sont actives sur votre clé d'API, le gateway injecte automatiquement des en-têtes de réponse normalisés :

http
HTTP/1.1 200 OK
Content-Type: application/json
X-AI-Generated: true
X-Compliance-Notice: EU-AI-ACT-TRANSPARENCY-V1
X-Bastion-Request-ID: f47ac10b-58cc-4372-a567-0e02b2c3d479

Ces en-têtes permettent à vos applications clientes de détecter automatiquement si le contenu provient d'une IA générative afin d'afficher la mention requise par la loi à l'utilisateur final. Pour en savoir plus sur l'activation de ces contrôles, consultez le Guide des En-têtes HTTP de Contrôle.