Skip to content

Ai integrity directive

AI Integrity Directive

DIRECTIVE (EU) 2025/XXXX

OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing a framework for artificial intelligence integrity and the implementation of the Mobius Cycle Protocol within the European Union

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) Artificial intelligence systems are increasingly deployed across the Union in applications affecting fundamental rights, public safety, and economic activity.

(2) The AI Act (Regulation (EU) 2024/XXX) establishes requirements for high-risk AI systems but lacks operational enforcement mechanisms for continuous integrity verification.

(3) The Mobius Cycle Protocol provides a proven framework for AI integrity enforcement through multi-sentinel consensus and cryptographic attestation.

(4) The Governance Integrity Score (GI Score) provides an objective measure of AI system compliance that can be integrated with existing EU regulatory frameworks.

(5) Multi-LLM consensus using independent AI systems provides stronger verification than single-system self-assessment.

(6) A harmonized approach across Member States is necessary to ensure the internal market functions effectively while protecting fundamental rights.

HAVE ADOPTED THIS DIRECTIVE:

CHAPTER I: GENERAL PROVISIONS

Article 1: Subject Matter

This Directive establishes:

(a) A framework for measuring and enforcing AI system integrity within the Union;

(b) Requirements for the implementation of the Mobius Cycle Protocol (MCP) for high-risk AI systems;

© Standards for the Governance Integrity Score (GI Score) computation and verification;

(d) Mechanisms for multi-sentinel consensus validation;

(e) Requirements for cryptographic attestation and public transparency.

Article 2: Scope

  1. This Directive applies to: (a) High-risk AI systems as defined in Regulation (EU) 2024/XXX (AI Act); (b) AI systems deployed by public authorities affecting more than 10,000 Union citizens; © AI systems making or informing decisions regarding fundamental rights.

  2. This Directive does not apply to: (a) AI systems used exclusively for military purposes; (b) AI systems used for research purposes not affecting individuals; © AI systems with limited functionality as defined in Article 3.

Article 3: Definitions

For the purposes of this Directive:

(a) 'Governance Integrity Score' (GI Score) means the composite measure computed as: GI = 0.25M + 0.20H + 0.30I + 0.25E Where M = Memory, H = Human, I = Integrity, E = Ethics

(b) 'Multi-LLM consensus' means independent verification by at least two distinct AI sentinel systems;

© 'Attestation' means a cryptographically-secured record of compliance verification;

(d) 'MCP implementation' means deployment of the four-phase validation pipeline;

(e) 'High-risk AI system' has the meaning given in Regulation (EU) 2024/XXX.

CHAPTER II: GI SCORE REQUIREMENTS

Article 4: Minimum GI Score

  1. No AI system within scope may be deployed or maintained in operation unless it achieves a GI Score of not less than 0.95.

  2. The GI Score shall be computed and verified: (a) Before initial deployment; (b) After any material modification; © At intervals not exceeding 30 days.

Article 5: Component Standards

  1. Member States shall ensure that GI Score computation includes: (a) Memory component (M): Test coverage, documentation quality; (b) Human component (H): Code review completion, audit compliance; © Integrity component (I): Security verification, pattern compliance; (d) Ethics component (E): Charter alignment, fundamental rights compliance.

  2. The Commission shall adopt implementing acts specifying detailed calculation methodologies.

Article 6: Third-Party Verification

  1. GI Scores for high-risk AI systems shall be verified by: (a) Accredited conformity assessment bodies; or (b) Multi-sentinel consensus systems meeting requirements in Chapter III.

  2. Verification results shall be recorded in the EU AI database established under Regulation (EU) 2024/XXX.

CHAPTER III: MULTI-SENTINEL CONSENSUS

Article 7: Consensus Requirements

  1. All AI systems within scope shall undergo multi-sentinel consensus verification.

  2. Multi-sentinel consensus requires: (a) At least two independent AI sentinel systems; (b) Both systems achieving scores not less than 0.95; © Score differential not exceeding 0.05.

  3. If consensus fails, the AI system may not be deployed until consensus is achieved.

Article 8: Sentinel System Accreditation

  1. The Commission shall establish criteria for sentinel system accreditation.

  2. Accredited sentinel systems shall: (a) Be operated independently of the AI system being verified; (b) Use distinct technological approaches; © Undergo regular capability assessment; (d) Maintain transparency regarding methodology.

Article 9: Disagreement Resolution

  1. When sentinel systems disagree beyond permitted thresholds: (a) Human review shall be triggered; (b) Deployment shall be suspended; © Resolution process shall be documented.

  2. Member States shall establish competent authorities for disagreement resolution.

CHAPTER IV: CRYPTOGRAPHIC ATTESTATION

Article 10: Attestation Requirements

  1. Each GI Score verification shall produce a cryptographic attestation including: (a) Timestamp in accordance with Regulation (EU) 910/2014; (b) GI Score and component scores; © Sentinel system scores; (d) Cryptographic signature.

  2. Attestations shall be: (a) Stored in an immutable ledger; (b) Publicly accessible through the EU AI database; © Retained for not less than 10 years.

Article 11: Ledger Requirements

  1. The attestation ledger shall meet standards for: (a) Immutability of records; (b) Availability and accessibility; © Interoperability across Member States; (d) GDPR compliance for any personal data.

  2. The Commission may establish a Union-level attestation ledger.

CHAPTER V: CONTINUOUS MONITORING

Article 12: Monitoring Requirements

  1. All AI systems within scope shall implement continuous monitoring for: (a) Behavioral drift; (b) Security anomalies; © Performance degradation; (d) Compliance deviation.

  2. If monitoring detects drift exceeding established thresholds: (a) Alert shall be generated; (b) Re-verification shall be triggered; © Operation shall be suspended if threshold critically exceeded.

Article 13: Drift Thresholds

  1. The Commission shall adopt delegated acts specifying drift thresholds for: (a) Semantic drift in AI outputs; (b) Performance metric deviation; © Compliance score changes.

CHAPTER VI: ENFORCEMENT

Article 14: Penalties

  1. Member States shall lay down rules on penalties applicable to infringements of this Directive and shall take all measures necessary to ensure implementation.

  2. Penalties shall be effective, proportionate and dissuasive, taking into account: (a) The nature, gravity and duration of the infringement; (b) Whether the infringement was intentional or negligent; © Actions taken to mitigate damage; (d) Previous infringements.

  3. Maximum penalties shall be not less than: (a) €15,000,000 or 3% of annual worldwide turnover for failure to maintain minimum GI Score; (b) €10,000,000 or 2% for failure to implement required attestation; © €5,000,000 or 1% for failure to maintain required monitoring.

Article 15: Market Surveillance

  1. Member States shall designate market surveillance authorities responsible for: (a) Monitoring compliance with this Directive; (b) Investigating complaints; © Taking corrective action; (d) Coordinating with other Member States.

CHAPTER VII: FINAL PROVISIONS

Article 16: Transposition

  1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [date 24 months from entry into force].

  2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

Article 17: Entry into Force

This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 18: Addressees

This Directive is addressed to the Member States.

Done at Brussels,

For the European Parliament
The President

For the Council
The President

ANNEXES

Annex I: GI Score Calculation Methodology

[Technical specifications]

Annex II: Sentinel System Requirements

[Accreditation criteria]

Annex III: Attestation Format

[Technical standards]

Drafted by: Mobius Systems Foundation
Contact: eu-policy@mobius.systems
Status: Template for Commission proposal
License: CC0 Public Domain

This legislative template is released CC0 (public domain). Adapt as needed.