Digital Transformation

The EU AI Act and Critical Infrastructure: What Regulated Organisations Need to Do Right Now

Blue icon of a person with a gear, representing user settings or account configuration.
Prabal Laad
Blue calendar icon with a grid representing days and two rings at the top.
July 9, 2026

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, and for organisations operating in or supplying critical infrastructure across Europe, it is now a live compliance obligation. The phased implementation that has been unfolding since February 2025 is approaching its most operationally demanding milestone. High-risk AI system obligations under Annex III, covering infrastructure management and operation, are enforceable from 2 December 2027 under the AI Omnibus agreement reached in May 2026, though the transparency requirements of Article 50 take effect from August 2026. For organisations that have been waiting for regulatory clarity before acting, the clarity has arrived.

This article sets out what the Act requires of critical infrastructure operators, who is in scope, what the compliance obligations specifically involve, and what the most practical path to readiness looks like for organisations that are not starting from zero.

Who Is In Scope and What Counts as High-Risk

The EU AI Act applies to any organisation that places AI systems on the EU market, operates high-risk AI systems within the EU, or whose AI outputs are used in the EU. The last category is the one that catches many non-European organisations by surprise. A UK or US-based infrastructure operator whose AI system produces outputs affecting EU operations, customers, or data is within the Act's extraterritorial reach.

Annex III defines the categories of AI systems classified as high-risk. For critical infrastructure operators, the directly relevant category is explicit: AI used in the management or operation of critical digital infrastructure, road traffic, water, gas, heating, and electricity supply. The Act does not require that the AI make autonomous decisions to be classified as high-risk. It is sufficient that the AI assists in or influences the management of these systems.

The Act distinguishes between providers, organisations that develop or place AI systems on the market, and deployers, organisations that use AI systems in a professional context. Most large infrastructure operators fall into the deployer category when using third-party AI platforms. If a deployer makes a substantial modification to a high-risk AI system or deploys it under their own name, they may be reclassified as a provider, with significantly expanded obligations.

The penalty framework

Non-compliance with high-risk AI system obligations carries fines of up to 15 million euros or 3 per cent of global annual turnover, whichever is higher. For prohibited AI practices, the ceiling is 35 million euros or 7 per cent. The penalty framework under Article 99 has been in effect since August 2025.

The Seven Core Compliance Obligations

The obligations for high-risk AI systems under Articles 9 through 17 and Article 26 are substantial and operationally specific. Policy statements and documented intent do not satisfy them. The compliance work is in the architecture, the processes, and the evidence trail.

Article 9 requires a continuous risk management system. This is not a one-time assessment at deployment. It must run throughout the system's operational lifecycle, identifying and addressing risks on an ongoing basis. For infrastructure operators, this means building risk monitoring into the operational governance of AI systems, not treating it as a pre-deployment checklist.

Article 10 governs data governance for AI systems. Training, validation, and testing datasets must meet quality standards relevant to the system's intended purpose. Relevant statistical properties must be maintained. Appropriate data governance and management practices covering data collection, labelling, storage, and processing must be documented and operational.

Article 11 requires technical documentation that must be drawn up before a high-risk AI system is placed on the market or put into service. For deployers operating systems already in production, this means retroactively establishing documentation that may not have been required under previous governance frameworks. The documentation must describe the system's intended purpose, the categories of persons and data involved, hardware and software requirements, training methodologies, and performance metrics.

Article 12 requires automatic event logging throughout the system's operational lifetime. For deployers, this means ensuring that the systems they operate produce logs that allow post-hoc reconstruction of the system's operation, particularly around high-risk decisions or outputs. Log retention is specified at a minimum of six months for high-risk systems.

Article 14 mandates human oversight. High-risk AI systems must be designed and deployed so that natural persons can effectively oversee, understand, and where necessary intervene in or halt the system's operation. For infrastructure operators deploying AI agents with autonomous action capabilities, this requires explicit architectural design of the escalation and override mechanisms, not an assumption that humans can intervene if needed.

Article 15 requires robustness, accuracy, and cybersecurity. High-risk AI systems must be resilient against adversarial attacks across their entire action layer. For systems where AI agents invoke APIs, including internal services and third-party platforms, the API layer is explicitly in scope. This is the provision that security teams need to understand most carefully.

Article 17 requires a quality management system covering all aspects of the AI system's development, deployment, and monitoring. For organisations that already operate an ISO 27001 certified information security management system, the quality management system for AI can be integrated into that existing framework rather than built as a parallel structure.

What Deployers Specifically Must Do Under Article 26

Article 26 sets out the obligations specific to deployers of Annex III high-risk systems, and it is operationally specific in ways that many compliance programmes have not yet addressed.

  • Assign human oversight responsibility: deployers must assign human oversight to individuals who have the competence, authority, and resources to exercise it. This is not a job title assignment. It requires that the assigned person can genuinely understand what the AI system is doing and intervene when necessary.
  • Use systems according to instructions: deployers must use high-risk AI systems in accordance with the accompanying instructions for use. For organisations that have modified or integrated third-party AI systems, this requires careful review of what those instructions specify and whether current deployments remain within scope.
  • Monitor system performance: deployers must monitor the operation of high-risk AI systems based on instructions for use and report to providers any serious incidents or malfunctions. A monitoring process with defined escalation paths to the provider is a compliance requirement, not an operational best practice.
  • Conduct fundamental rights impact assessments: deployers in the public sector or operating public infrastructure must carry out a fundamental rights impact assessment before deploying certain high-risk AI systems. For infrastructure operators, this assessment needs to consider the populations whose access to essential services could be affected by AI decision-making.
  • Register high-risk systems: deployers must register their high-risk AI systems in the EU AI database before deployment. The database is operational, and registration is a mandatory precondition for lawful deployment of Annex III systems.

Shadow AI creates compliance exposure at scale

Research from mid-2026 found that more than 80 per cent of employees use unapproved AI tools. Of the sensitive data being entered into unapproved tools, source code accounts for 30 per cent, legal work product for 22 per cent, and merger and acquisition data for 12 per cent. Each unapproved AI interaction involving regulated data or infrastructure systems is a potential compliance event under the Act.

The Connection to Existing Frameworks

Organisations that have invested in ISO 27001, GDPR compliance, or NIS2 preparedness are not starting from scratch. The AI Act was designed to integrate with rather than duplicate these frameworks, and the compliance infrastructure that already exists across identity governance, data protection, incident reporting, and audit documentation provides a meaningful foundation.

ISO 42001, the international standard for AI management systems published in 2023, provides a framework that satisfies Article 17's quality management system requirement and is already being used by organisations seeking a certifiable governance structure. Twenty-eight per cent of organisations in a 2026 survey now require suppliers to be ISO 42001 certified, up from 2 per cent in 2024. That shift in procurement requirements is a market signal: AI governance certification is becoming a qualification criterion, not just a best practice.

For organisations in the Microsoft ecosystem, the technical documentation, data governance, and logging requirements of the Act align directly with the capabilities available through Microsoft Purview, Defender, and Agent 365. The governance infrastructure that satisfies internal IT governance requirements can, with appropriate configuration and documentation, serve double duty as the compliance evidence the Act requires.

The Most Practical Path to Readiness

For infrastructure operators that have not yet begun structured AI Act compliance work, the sequencing that produces a defensible compliance posture without disproportionate disruption to existing operations is consistent across organisations that have worked through it effectively.

  • Inventory first: the compliance work cannot begin until the organisation knows what AI systems it operates, which of them fall under Annex III, and what role the organisation plays as provider or deployer for each. Many organisations discover more AI systems in production than they expected, including systems deployed informally by operational teams without IT visibility.
  • Classify against Annex III: not every AI system in an infrastructure operator's environment is high-risk. The risk classification determines which systems require the full compliance programme and which require only the transparency obligations. Performing this classification early prevents the compliance programme from being designed for a universe of systems that is larger than required.
  • Integrate with existing governance rather than building parallel: the quality management system, data governance requirements, and logging obligations should be built into and on top of existing frameworks, not alongside them. Parallel compliance structures create administrative overhead and produce inconsistencies that regulators will find.
  • Build the human oversight architecture before it is tested: the Article 14 requirement for effective human oversight of high-risk AI systems needs to be designed into the operational model. An AI system that has been deployed without defined oversight responsibilities and intervention mechanisms is not compliant, regardless of what the policy documentation says.
  • Treat the documentation requirement as ongoing: Article 11 technical documentation is not a one-time deliverable. As systems are updated, retrained, or extended, the documentation must be updated to reflect current operation. Building documentation maintenance into the system change management process prevents the compliance drift that accumulates silently between formal reviews.

How VE3 Supports EU AI Act Readiness

VE3 works with regulated-sector organisations navigating the practical compliance requirements of the EU AI Act. Our work covers the full compliance programme: AI system inventory and Annex III risk classification, technical documentation support, human oversight architecture design, data governance alignment, and the integration of AI Act obligations into existing ISO and regulatory frameworks.

As a Microsoft-aligned partner, we bring specific expertise in configuring the Microsoft security and governance stack to produce the logging, data access governance, and audit trail that Act compliance requires. For organisations already invested in Microsoft Purview, Defender, and Agent 365, we work with the infrastructure that is already in place rather than introducing additional tooling.

The AI Act's compliance requirements are operationally demanding but achievable for organisations that approach them with the same rigour they apply to other regulatory obligations. We help organisations build compliance infrastructure that is defensible to regulators, integrated into operational governance, and proportionate to the actual risk profile of their AI deployments.

Woman sitting on couch wearing a white cable-knit sweater and blue jeans, holding a phone with one hand.
  • © 2026 VE3. All rights reserved.
LinkedIn logo in white on a gray circular background.Facebook social media icon with white f on a gray circular background.Gray circle with white X symbol, indicating a close or cancel button.Gray play button icon within a rounded square with a subtle drop shadow on a white background.