What EU Non-Compliance Actually Costs
Recall
Market Withdrawal
Regulators can pull your product from 450M consumers with no fine ceiling and no guaranteed timeline for reinstatement.
The outcome that ends quarters.
€35M
Maximum Fine
The ceiling for prohibited AI practices, or 7% of annual global turnover, whichever is higher. For a $1B company, that's $70M, For a $10B company, that's $700M.
€15M
High-Risk Violations
For data governance failures on high-risk AI systems. If your AI touches healthcare, employment, law enforcement, or infrastructure, this tier applies to you.
€7.5M
Documentation Failures
Triggered by missing audit logs, incomplete technical documentation, or inability to prove what data trained your model. €7.5M for paperwork you could have automated.
NIST AI RMF
De Facto Enterprise Standard
Requires documented governance, traceability, and human oversight of AI outputs. Already required by most Fortune 500 procurement teams and all federal contractors. Not law yet — but failing it costs you the deal.
Colorado AI Act · In Effect 2026
Algorithmic Accountability
Requires developers and deployers of high-risk AI to disclose algorithmic decision-making to consumers, conduct annual impact assessments, and maintain documentation of model inputs and outputs. Enforced by the Colorado AG.
California SB 53 · Passed
AI Safety & Transparency
Requires covered AI developers to establish and publish safety and security protocols, maintain incident reporting procedures, and document the measures taken to prevent critical harms. Effective January 2026.
Industry Leaders Agree
The Need for Database
Version Control Is Inevitable
Andrej Karpathy
If an agent has a diff where it made some change, we suddenly have all this code already that shows all the differences to a code base using a diff. It's almost like we've pre-built a lot of the infrastructure for code.
Dwarkesh Podcast (Oct 2025)
Steve Yegge
Tim Sehn and his team built exactly the thing we needed before we knew we needed it. Dolt is a SQL database with Git semantics. Fork it, branch it, merge it, send pull requests — on structured data.
Creator of Beads & Gastown
11 min read
Sualeh Asif
I feel like everything needs branching... So maybe the AI agents will use branching, they'll test against some branch, and it's sort of going to be a requirement for the database to support branching.
Cursor Co-founder, on Lex Fridman
UC Berkely CS Department
We need new concurrency mechanisms that exploit similarity across branches... This is analogous to MVCC on steroids: forking possibly thousands of near-identical snapshots.
"Supporting Our AI Overlords" paper, 2025
The Law
Two Articles. Your Immediate Compliance Gap.
The EU AI Act's data requirements center on two articles that most teams can't satisfy with traditional databases.
Article 10, DATA GOVERNANCE
Prove Your Training Data is Clean
You must demonstrate the exact data used to train each model, prove it was free from bias, document its origin, and provide an audit log of every transformation applied.
Identify the exact dataset for every deployed model
Query historical data at any point in time
Audit every row-level change with author + timestamp
Document labeling and cleaning operations
Prove absence of protected-class bias via SQL queries
Article 14, HUMAN OVERSIGHT
Build a Human Override Into Your AI
High-risk AI systems must be designed so humans can review, override, and roll back AI outputs. You cannot satisfy this with application-level logic alone — it must be at the data layer.
Present AI changes for human review before accepting
Allow rejection of any AI output without data loss
Rollback any AI-generated change at any granularity
Maintain audit trail of human approval decisions
Support "not to use" decision at any moment
The Solution
How Dolt Closes the Gap
1
Tag Your Training Data at Model Time
Every model training run records a Dolt tag — a named, immutable snapshot of the exact data used. You can query this snapshot forever, just like current data. Article 10 compliance is automatic.
2
Detect and Audit Every Data Change
When a biased or erroneous record enters your training set, Dolt's diff tables tell you exactly who added it, when, and in which commit. Investigations that once took weeks take minutes.
3
Human Review via Pull Request Workflow
AI systems write changes to a branch. A human reviews the diff and either merges or rejects it. Nothing reaches production without explicit approval. Article 14, satisfied by design.
4
Rollback Any AI Change Instantly
If an AI-generated change causes harm, you can revert it surgically with a single SQL call — no full backup restore, no data loss, no downtime. This is the "override and reverse" requirement in Article 14.
Every Agent Write
Logged
Diffed
Auditable
Forever
Real-World Application
Flock Safety: Law Enforcement AI, Made Compliant
Flock Safety builds license plate recognition AI for law enforcement.
Here's how Dolt answers their hardest compliance questions.
Every agent write needs
an audit trail.
Start building yours today. MySQL-compatible, and production-ready.
Free and Open Source
View Documentation

