The EU AI Act is rolling out in stages. Prohibited practices are in effect since February 2025, GPAI rules since August 2025. High-risk AI system obligations apply from August 2026, with full enforcement across all risk categories in August 2027.
What does this mean for the proxy layer sitting between your apps and the models? We spent time understanding this for VoidLLM. Here’s where we stand, as of Q2 2026.
Under the AI Act, responsibilities are split across the value chain:
graph TD U[End User] -->|request| A[Your Application] A -->|API call| P[Proxy - VoidLLM] P -->|forward| M[Model Provider] M -->|response| P P -->|stream back| A P -.->|metadata only| L[(Usage Log)] style U fill:#1a1a24,stroke:#333,color:#e2e8f0 style A fill:#1a1a24,stroke:#22c55e,color:#e2e8f0 style P fill:#8b5cf6,stroke:#6366f1,color:#fff style M fill:#1a1a24,stroke:#333,color:#e2e8f0 style L fill:#12121a,stroke:#8b5cf6,color:#e2e8f0
| Layer | Who | Responsible for |
|---|---|---|
| Model | OpenAI, Anthropic, or self-hosted (vLLM, Ollama, fine-tunes) | Model safety, training data, GPAI obligations |
| Proxy | VoidLLM, LiteLLM, or similar gateway | Secure infrastructure, access control, usage tracking |
| Application | You (if exposing AI to users) | Use case, risk classification, transparency, monitoring |
| End user | Your customer | Using the service within terms |
VoidLLM doesn’t train models or determine how outputs are used. Our responsibility is secure, well-documented infrastructure. If you expose AI capabilities to end users, the use case, risk classification, and transparency are yours.
That said, we’re not a completely neutral pipe. RBAC controls who accesses which models, rate limits constrain usage, routing determines which provider handles a request. These are infrastructure decisions, not AI decisions - but they shape the compliance landscape.
The legal classification of AI infrastructure providers is not yet fully settled. This is our position.
Most LLM gateways log prompts and responses for debugging, analytics, or fine-tuning. Some do it by default.
Under GDPR, prompt content is likely personal data the moment a user types a name, email, or anything identifiable. If your proxy logs that:
ℹVoidLLM's approach
There’s no prompt logging to disable because there’s no prompt logging code. The proxy reads one field (model) for routing, streams bytes, and forgets. Your DPA covers metadata only: who, which model, how many tokens.
This is active data minimization under GDPR Article 5(1)(c) and Privacy by Design under Article 25.
Risk classification depends on the use case, not the proxy. Using GPT-4o for internal summarization is different from using it for credit scoring. The proxy doesn’t change the classification.
Transparency obligations. If end users interact with AI-generated content, they may need to be informed. This is an application-level concern.
Logging and monitoring. Article 12 requires “automatic recording of events” for traceability - primarily for high-risk systems. This targets metadata (who, when, which model, how many tokens), not conversation content.
| Capability | Needed for compliance | VoidLLM | Typical proxy |
|---|---|---|---|
| Usage tracking (who, when, which model) | Yes | Built-in | Varies |
| Rate limiting per user/team | Recommended | Built-in | Some |
| Audit logs for admin actions | Yes (high-risk) | Enterprise | Varies |
| Model access control | Recommended | RBAC built-in | Basic or none |
| Prompt content logging | Not the baseline requirement | Never | Often default |
| Cost tracking | Recommended | Built-in | Some |
In certain high-risk deployments, more detailed documentation may be needed for incident investigation or audit trails. But even then, that obligation sits with the deployer’s application architecture - the proxy doesn’t have the context to make that call.
⚠A useful principle
Log content only where you understand and take responsibility for it. That’s your application, not your proxy.
Without any enterprise license:
With enterprise license:
When your proxy logs prompt content, the GDPR obligations stack up: processing records, retention policies, data subject requests, breach notifications, cross-border transfer rules, and a DPA covering content specifically.
With VoidLLM, none of that applies to the proxy layer. The compliance surface area is metadata only.
Some regulated industries may actively want content logging for their own reasons - that’s a legitimate choice. The point is it should be a conscious decision based on risk assessment, not a proxy default.
💡Questions worth asking your proxy vendor
(1) Does your proxy store prompt or response content? (2) Where is it stored? (3) Can it be fully disabled, or just hidden behind a toggle?
We’re engineers, not lawyers. VoidLLM was designed to minimize the compliance surface area - not because regulation forced us, but because zero-knowledge is the right architecture for a proxy that handles other people’s data.
If you’re evaluating proxies for a regulated environment, the architecture matters more than the feature list.
How VoidLLM enforces privacy at the code level - no content logging, no opt-out, no exceptions.
Existing LLM gateways are bloated, cloud-only, or charge per request. We built a self-hosted alternative that doesn't compromise on privacy or performance.
VoidLLM's Code Mode lets AI agents orchestrate multiple MCP tool calls in a single WASM-sandboxed JavaScript execution. No round-trips, no latency penalty.
MCP tools advertise inputs but not outputs. We taught Code Mode to learn return types from the first successful call and surface them as TypeScript on the next discovery.