2026.04.22

When a Multi Agent AI System Meets the EU AI Act

How ATHENA Agents, high-risk AI compliance, and blockchain-based digital notarization fit together in critical infrastructure scenarios.

EU AI Act — Short Introduction

The EU AI Act is the first comprehensive law regulating artificial intelligence in the European Union.
It establishes a common legal framework for developing and using AI systems.
Its goal is to ensure AI is safe, trustworthy, and respects fundamental rights.
It follows a risk-based approach, classifying AI systems by potential harm.

Risk levels:

Unacceptable risk — banned
High risk — strict requirements
Limited risk — transparency obligations
Minimal risk — mostly unregulated

The regulation also includes rules for general-purpose AI, applies to companies inside and outside the EU when EU users are affected, and introduces significant fines for non-compliance.

In short: The EU AI Act sets global standards for responsible and human-centric AI.

Official EU page:
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

What Are ATHENA Agents?

Screen 2: The ATHENA framework focuses on Cybersecurity

ATHENA Agents (https://www.athena-agents.ai) is an enterprise AI platform that designs and deploys custom, autonomous AI agents to automate business workflows end to end. It focuses on turning companies into AI-powered digital workforces, reducing manual effort, lowering costs, and improving operational efficiency.

Core Concept

The Brain (Central Intelligence)

Acts as the decision-making hub
Analyzes business data and creates execution plans
Provides a natural language interface for querying operations

AI Agents and Executors

Specialized agents for functions like Cybersecurity, sales, finance and manny others
Execute workflows autonomously
Integrate with existing tools like CRM, ERP, and APIs
Executors are the systems where the actual work takes place

Key Value Proposition

End-to-end automation of complex workflows
Digital workforce replacing repetitive manual tasks
Tailor-made solutions for each business
Increased efficiency and reduced operational costs
Human-in-the-loop control for critical decisions

Core Capabilities

Autonomous multiple AI agents that manage multi-step workflows and operate across departments.
Intelligent process automation that removes repetitive work and improves speed and accuracy.
Unified AI platform that connects departments, provides operational visibility, and enables natural language interaction with business data.

Business Use Cases

Cybersecurity (main use case) — pentesting, reverse engineering, embedded firmware analysis, and SOC monitoring
Sales — lead generation, qualification, and follow-ups
Customer Support — ticket handling, FAQs, and 24/7 responses
Finance & Accounting — invoicing, reporting, and data entry
Operations & Supply Chain — process automation and analytics
Logistics — planning and optimization
Legal & Compliance — risk mitigation with human oversight

ATHENA GUI — Screen 3: ATHENA running a reverse engineering task

Implementation Approach

Discovery — identify high-impact automation opportunities.
Blueprinting — design the AI strategy, workflows, and the required agent architecture.
Deployment & Scaling — build, integrate, deploy, and continuously optimize workflows and agents.

Differentiation

Data sovereignty (ATHENA strongly supports usage of local LLM systems)
Focus on full workflow automation rather than simple chatbots
Combination of central intelligence and specialized agents
Strong customization and integration potential
Can be integrated into existing software solutions and CI/CD environments

Bottom line: ATHENA Agents enable businesses to become AI-driven organizations by deploying coordinated systems of autonomous agents that plan, execute, and optimize workflows.

Where ATHENA Agents Meet the EU AI Act

Sample Scenario Overview

An imaginary electricity grid operator in the EU deploys ATHENA to autonomously plan and execute continuous cybersecurity scanning across infrastructure used in electricity supply. Financial institutions can also fall into comparable critical-infrastructure contexts.

Collect data on network topology, devices, and exposed services
Decide what to scan, when, and how within defined parameters
Identify vulnerabilities and misconfigurations
Propose security improvements such as segmentation and access controls
Feed recommendations into existing change-management processes

Because this system supports the safe operation of electricity infrastructure, ATHENA qualifies as a high-risk AI system under the EU AI Act.

Legal Classification under the EU AI Act

Under Article 6(2) and Annex III, AI systems are classified as high-risk if they are used as safety components in critical infrastructure.

This applies because:

The system meets the definition of an AI system under Article 3
It influences security and operational safety of electricity supply
Electricity infrastructure is explicitly listed as critical infrastructure

AI systems used as safety components in the management and operation of critical infrastructure, including electricity supply.

Recital 55 explains the rationale: failures in such systems can endanger public safety and disrupt essential services.

Core Obligations for High-Risk AI Systems

Once classified as high-risk, the system must comply with key requirements in Articles 9 to 17.

1. Data Governance

Use relevant, representative, and high-quality data
Document data sources such as configurations, logs, and incidents
Ensure coverage of normal and edge-case scenarios
Maintain validation and versioning processes

2. Technical Documentation

Document intended purpose, architecture, and components
Describe models, logic, and decision processes
Explain data characteristics and governance
Show compliance and robustness measures

3. Logging and Traceability

Record key actions and decisions
Log outputs and recommendations with context
Enable auditability and investigation

4. Transparency and Oversight

Provide clear instructions and known limitations
Ensure effective human oversight mechanisms
Allow review, validation, and override of critical outputs

5. Accuracy, Robustness, and Cybersecurity

The system must maintain a high level of reliability, withstand errors and attacks, and match its robustness to the critical role it plays in infrastructure.

Practical Implications

Careful integration into operational processes
Human review of critical outputs such as configuration changes
Strong monitoring, logging, and validation mechanisms
Protection against misuse and manipulation

Failure to comply can lead to significant legal and financial penalties.

Key References

How to Reliably Document and Store Data Produced by AI Systems

The Concept of Digital Data Certification and Notarization

Digital certification proves that data existed in a specific form at a specific time by anchoring its cryptographic fingerprint, or hash, on a blockchain.

Digital certification process — Screen 4: Sample overview of the digital certification process

Why Blockchains Are Immutable

Cryptographic chaining — each block contains the hash of the previous block, so changing one entry breaks the chain.
Decentralization — data is replicated across many nodes, so no single party can alter records alone.
Consensus mechanisms — changes require network agreement, making unauthorized edits impractical.
Append-only structure — records are added, not silently modified or deleted.

Advantages over Classic Digital Signatures

Blockchain Certification

Ensures the data itself cannot be altered unnoticed
Works without depending on a single central authority
Provides long-term verifiability
Allows independent verification

Classic Digital Signatures

Mainly verify authorship and integrity at signing time
Depend on certificate authorities
Can expire or become invalid
Rely more heavily on third-party trust infrastructure

Bottom line: Digital certification using blockchain makes data effectively immutable because the fingerprint is stored on a tamper-resistant, decentralized ledger, any modification becomes mathematically detectable, and verification remains permanent, transparent, and independent.

ATHENA Uses Digital Notarization for Robust AI Documentation

ATHENA uses the API interfaces provided by infinite trust digital GmbH (https://infinite-trust-digital.com/) for blockchain notarization.

While running, ATHENA stores every request to a local or cloud LLM API together with the corresponding data in a so-called manifest.

In the background, many thousands of data points and model requests are generated. In larger runs, this can easily exceed 100,000 records.

ATHENA command line — Screen 6: Sample ATHENA command-line processing view

To keep data consistent and preserved, these runs are compressed into ZIP archives.

Those ZIP files are then notarized in the Austrian PSBC (Private Sector Blockchain) using an API provided by Infinite Trust Digital. After notarization, the data is stored in a secure location. The ZIP files and their contents are never transmitted over the internet or stored outside the customer’s ATHENA servers.

Notarization of ZIP archive — Screen 7: Sample output of notarizing an ATHENA ZIP archive

At any later point, the files and their hashes can be verified locally or by using free online verification services.

Local verification — Screen 8: Sample local verification of a previously notarized ATHENA ZIP archive

Related Example

ATHENA is not the only cybersecurity firm using digital certification.

https://cyberdanube.com/

CyberDanube is an IT and OT infrastructure security consulting and testing company that uses the same blockchain for digital certification of critical user data.

CyberDanube homepage — Screen 10: Sample CyberDanube reference screenshot

More information on Cyberdanube s digital certifaction process: https://infinite-trust-digital.com/blog20230220.html

More background on the used Blockchain (Austrian private service Blockchain): https://www.bci-austria.com/

For more information on blockchain technology and how to implement blockchain applications in real-world scenarios, contact office@infinite-trust-digital.com.