EU AI Act — What it means for code analysis
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.
What it is
EU regulation establishing risk tiers and obligations for AI systems placed on the EU market.
Why it's useful
Defines what you must disclose, log, and control when AI touches your codebase or pipeline.
How Decoder implements it
BYOK keeps the data plane under the customer's chosen provider; local inference via Ollama / LM Studio keeps code on-device.
When to use it
Procurement reviews, DPIA, vendor questionnaires.
When NOT to use it
As a substitute for legal advice — this is engineering context, not counsel.
Practical example
Compliance asks where source goes during AI explain — answer: only to the provider whose key you configured, or nowhere if you run locally.
FAQ
Glossary
- DPIA
- Data Protection Impact Assessment.
- Risk tier
- EU AI Act category (minimal, limited, high, unacceptable).
Related
GDPR governs personal data in the EU. Even code can carry personal data (logs, fixtures, PII in test files). Decoder's defaults minimise exposure.
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
Local AI lets you use Decoder's explain and chat features against a model running on your own hardware via Ollama or LM Studio — useful when code cannot leave your environment.
AI-Origin Detection estimates whether a code artefact was likely produced by an LLM, and explains why. The goal is informed review, not gatekeeping.