FirmAdapt is an AI-powered company analysis platform that provides institutional-grade equity research including SEC filing forensics, multi-model valuation scoring, AI disruption assessment, and multi-faith compliance screening across 12 global markets.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

data-security

The EU AI Act and What It Means for Corporate AI Deployment

By Basel IsmailMarch 12, 2026

The EU AI Act is the first comprehensive AI regulation from a major jurisdiction, and its most consequential provisions take effect on August 2, 2026. For companies deploying AI systems that touch European markets or EU residents, the compliance timeline is no longer theoretical. It is operational.

The regulation follows a risk-based approach, sorting AI systems into categories with different obligations. Understanding where your AI deployments fall in that classification is the first step toward compliance. The second step is recognizing that the Act has extraterritorial reach. If your AI system is used within the EU or produces outputs that affect EU residents, you are in scope regardless of where your company is headquartered.

The Risk Classification System

The Act defines four risk tiers: unacceptable, high, limited, and minimal risk. Each tier carries different obligations, and the boundaries between them determine what companies need to do.

Unacceptable risk AI systems are banned outright. This category includes social scoring systems used by governments, real-time remote biometric identification in public spaces for law enforcement (with narrow exceptions), AI that exploits vulnerabilities of specific groups, and systems that manipulate human behavior in ways that cause harm. Most commercial AI deployments will not fall into this category, but the boundaries are worth understanding because the penalties for getting it wrong are severe.

High-risk systems carry the heaviest compliance burden. Article 6 establishes two pathways to high-risk classification. The first covers AI systems used as safety components of products already regulated under existing EU harmonization legislation, including medical devices, automotive systems, aviation safety components, and machinery. The second pathway covers specific application areas listed in Annex III where AI poses significant risks to fundamental rights. These include biometric identification and categorization, management of critical infrastructure, education and vocational training access, employment and worker management, access to essential services, law enforcement, migration and border control, and administration of justice.

Limited risk systems face transparency obligations. If your AI generates synthetic content (deepfakes), interacts directly with people (chatbots), or performs emotion recognition or biometric categorization, you need to disclose that users are interacting with an AI system and provide relevant information about how it works.

Minimal risk systems, which include the majority of AI applications currently on the EU market such as AI-enabled video games and spam filters, remain largely unregulated under the Act.

What High-Risk Compliance Requires

For organizations deploying high-risk AI systems, the August 2026 deadline means several concrete requirements must be met.

Conformity assessments must be completed. These are systematic evaluations demonstrating that your AI system meets the Act's requirements. For some high-risk categories, self-assessment is permitted. For others, particularly biometric identification systems, third-party assessment by a notified body is required.

Technical documentation must be finalized. This includes detailed descriptions of the AI system's purpose and functionality, the data used for training and testing, the system's accuracy and performance metrics, and the measures taken to address risks. The documentation needs to be comprehensive enough for regulators to evaluate your system's compliance.

A quality management system must be in place covering risk management, data governance, record-keeping, transparency provisions, human oversight measures, accuracy and robustness requirements, and cybersecurity measures.

Human oversight mechanisms must be designed into the system. The Act requires that high-risk AI systems can be effectively overseen by natural persons, including the ability to understand the system's capabilities and limitations, to monitor its operation, and to intervene or interrupt the system when necessary.

Registration in the EU database for high-risk AI systems must be completed, and CE marking must be affixed to the system before it can be placed on the market.

General-Purpose AI Models

The Act also establishes obligations for providers of general-purpose AI models, which include large language models and other foundation models. All providers of general-purpose AI models must maintain technical documentation, provide information to downstream deployers, comply with EU copyright law, and publish a sufficiently detailed summary of the training data used.

General-purpose AI models that pose systemic risk, defined as models trained with a cumulative compute exceeding 10^25 floating point operations, face additional obligations including model evaluation, adversarial testing, incident tracking and reporting, and adequate cybersecurity protections.

Penalties and Enforcement

The penalty structure is designed to get attention. Non-compliance with prohibited AI practices can result in fines of up to 35 million euros or 7% of global annual turnover, whichever is higher. Violations of other provisions carry fines of up to 15 million euros or 3% of global turnover. For supplying incorrect information to authorities, fines can reach 7.5 million euros or 1% of global turnover.

Each EU member state designates national competent authorities responsible for enforcement. The European AI Office, established within the European Commission, oversees compliance for general-purpose AI models and coordinates enforcement across member states.

Practical Steps for Compliance

Organizations that have not started preparing should begin with an AI system inventory. Document every AI system in use or under development, its purpose, the data it processes, and where it is deployed. Map each system against the risk classification criteria to determine which tier it falls into.

For systems that qualify as high-risk, begin the conformity assessment process now. Developing the required technical documentation, implementing quality management systems, and establishing human oversight mechanisms takes time. Waiting until mid-2026 to start is waiting too long.

Review your vendor agreements for AI-powered services. If you deploy AI systems provided by third parties, you may still bear obligations as a deployer under the Act. Ensure your contracts include provisions for access to technical documentation, cooperation in conformity assessments, and compliance with transparency requirements.

Train your teams. The people responsible for developing, deploying, and monitoring AI systems need to understand their obligations under the Act. This includes not just your AI engineers but also your compliance, legal, and risk management teams.

The EU AI Act is structured regulation with defined requirements and clear deadlines. Organizations that approach it systematically, starting with classification and working through the specific obligations for each risk tier, will find compliance achievable. The ones that treat it as a vague future concern will find August 2026 arriving sooner than expected.