SuperLocalMemory Logo
SuperLocalMemory
Regulation 2024/1689

EU AI Act Compliance

Data sovereignty by architecture, not by policy. Mode A processes everything locally — your data never leaves your machine.

Compliance is an Architecture Decision

Most AI memory systems achieve privacy through policies and agreements. SuperLocalMemory V3 Mode A achieves it through engineering — zero cloud calls is not a setting, it is how the system is built.

0
Cloud API calls in Mode A
Not configurable — architectural
0
Bytes transmitted externally
Mode A: all storage is local SQLite
74.8%
LoCoMo with data staying local
Highest local-first score reported

Architecture Layers

Layer 3 AI Application (Claude, Cursor, etc.) Their compliance
Layer 2 MCP Interface (query/response protocol) Transport only
Layer 1 SLM Memory System (our product) Our compliance

Mode A is a data processing system. A database does not become non-compliant because an AI application queries it.

Article-by-Article Analysis

How each relevant EU AI Act and GDPR requirement maps to Mode A and Mode C architecture.

Art. 10 — Data Governance

Data quality, relevance, and representativeness requirements for training and operation.

Mode A: All data local. User controls data quality. No external training data.
Mode C: Query data sent to cloud provider. Requires DPA.

Art. 13 — Transparency

Users must understand how the AI system works and makes decisions.

Mode A: Every retrieval decision is auditable: 4-channel scores visible, no black-box LLM.
Mode C: LLM synthesis adds opacity. Channel scores still visible.

Art. 14 — Human Oversight

Humans must be able to understand, intervene, and override AI decisions.

Mode A: Full dashboard visibility. Trust gates. Manual memory management.
Mode C: Same oversight tools. Cloud LLM output can be reviewed before use.

GDPR Art. 15 — Right of Access

Data subjects can request all data held about them.

Mode A: All data in local SQLite. Full export via slm export.
Mode C: Local data exportable. Cloud provider logs are separate.

GDPR Art. 17 — Right to Erasure

Data subjects can request deletion of their personal data.

Mode A: slm forget — immediate local deletion. No cloud logs to chase.
Mode C: Local deletion immediate. Cloud provider logs require separate request.

Frequently Asked Questions

Does the EU AI Act apply to AI memory systems?

+
The EU AI Act (Regulation 2024/1689) takes full effect August 2, 2026. It classifies AI systems by risk level and imposes obligations on data governance (Article 10), transparency, and human oversight. Memory systems that process personal data as part of AI applications fall within its scope. The specific risk classification depends on the use case.

How does Mode A achieve compliance by architecture?

+
Mode A operates as a local data processing system with zero cloud dependency. All storage, encoding, retrieval, and lifecycle management execute on the user's device. No data is transmitted to external servers under any circumstance. This architectural guarantee satisfies data sovereignty requirements without requiring additional compliance infrastructure.

What about Mode C — is it EU AI Act compliant?

+
Mode C sends query data to a cloud LLM provider for answer synthesis. This requires a Data Processing Agreement (DPA) with the provider and adequate data protection mechanisms under GDPR. Mode C is designed for use cases where cloud access is organizationally approved. The choice is yours — Mode A for full sovereignty, Mode C for maximum accuracy.

Can I switch from Mode C to Mode A without losing data?

+
Yes. All modes use the same local database. Switching from Mode C to Mode A is instant (run 'slm mode a') and does not affect stored memories. The only change is that retrieval no longer uses cloud LLM calls.

Privacy is not a feature. It is an architecture.

Start with Mode A — zero cloud, zero configuration, zero compliance risk. Upgrade when your organization is ready.

Compare Modes Get Started