AI
EU AI Act and the Machinery Directive: can both be satisfied with a layer of reliability?
An industrial system integrator delivers a robotic cell equipped with a deep learning-based vision system. The contract is fixed-price, with a performance obligation. A few months later, the client asks them to justify the reliability of the AI component — not the overall performance, but the reliability of every single decision made in real time on the line.
They cannot answer.
This is not a hypothetical. It is the daily reality of hundreds of system integrators across Europe since the EU AI Act set its compliance timeline in motion and the Machinery Regulation 2023/1230 clarified the obligations for machines embedding artificial intelligence.
The question here is straightforward: can both regulatory texts be satisfied with a single technical device? And if so, which one?
What Both Texts Actually Require
The EU AI Act and High-Risk Systems (Annex III)
The EU AI Act classifies AI systems used in critical industrial contexts automated quality control, robotics, detection systems, as "high-risk" when they influence consequential decisions affecting people or safety-critical processes.
For these systems, the text sets out specific obligations: document robustness and reliability before deployment, establish continuous post-market surveillance, guarantee traceability of data and decisions, and demonstrate that the system remains reliable under real operational conditions.
The legal reference date remains August 2, 2026. A political agreement was reached on May 7, 2026 between co-legislators (European Parliament and Council) on the Digital Omnibus on AI package, which would push Annex III obligations back to December 2, 2027, but that agreement has not yet been formally adopted (final vote and Official Journal publication still pending). Until formal adoption occurs, the baseline AI Act timeline (Art. 113) remains the applicable law. Kennedys Law, "The EU AI Act Implementation Timeline"
What stands out in the EU AI Act is the demand for granular traceability. According to Datenschutz-Notizen, "the compliance infrastructure for high-risk systems depends on the ability to log and reconstruct every individual AI decision". In other words: proving that the model performs well on average is not enough. You need to prove that every prediction is traceable and that its reliability is measurable.
According to a 2026 Bureau Veritas / AWS survey, 68% of companies struggle to interpret the EU AI Act. And 60% lack the governance infrastructure to respond to it. The European Commission estimates compliance costs at up to €319,000 for an SME. DQ India, "45 Industry Associations Sign Joint Statement"
The Machinery Regulation 2023/1230 and Integrator Liability
The Machinery Regulation 2023/1230, which replaces Directive 2006/42/EC, changes one fundamental point: it explicitly addresses the problem created by integrating AI systems, particularly deep learning into robotic cells.
This text places the CE marking and risk analysis for the complete machine on the system integrator, not the AI model provider, not the OEM. The integrator bears the performance obligation toward the end client. And if the vision system causes an incident, they must prove they had properly assessed and controlled the reliability of the AI component.
As Robotics & Automation News puts it, the shift from "freeze" (qualification on a fixed version) to "continuous assurance" (ongoing surveillance) is now what regulation requires for software embedded in robotic systems. Robotics & Automation News, "From Freeze to Flow: New EU Regulation Redefines Robotics Software Qualification"
Together, these two texts create what can be described as a dual regulatory pressure on the system integrator: prove the AI component's reliability under the EU AI Act, and guarantee the safety of the delivered machine under the Machinery Regulation. Two distinct obligations. But they share a common denominator: the reliability of every individual AI decision must be measurable and documentable.
What Post-Mortem Monitoring Cannot Provide
This is where most current approaches fall short.
The dominant AI monitoring solutions on the market, MLOps platforms, observability tools, performance dashboards, operate on a single principle: analyze model behavior after execution, across aggregated sets of predictions. They compute average metrics (accuracy, AP, global drift rate) over time windows.
This works for detecting slow degradation. It does not meet regulatory requirements for one simple reason: by the time an aggregated metric signals a problem, hundreds of decisions have already been made, actions have already been taken on the line, and the risk has already traveled through the system.
The EU AI Act requires traceability at the decision level. The Machinery Regulation requires proof of reliability for the delivered machine, not its average statistical performance. Aggregated, post-mortem monitoring satisfies neither.
Regulatory Criterion | Post-Mortem Monitoring | Per-Prediction Reliability |
|---|---|---|
Per-decision traceability (EU AI Act) | ❌ No aggregated metrics only | ✅ Yes, reliability metrics per prediction |
Real-time model drift detection | ❌ Partial delayed signal | ✅ Yes immediate signal |
Documentation for risk analysis (Machinery Reg.) | ❌ Average data insufficient | ✅ Per-prediction log, directly usable |
Black-box compatibility (no access to client model) | Variable | ✅ Yes plug-and-play |
Execution latency | N/A (post-mortem) | ✅ 20ms on Edge |
The gap is not a minor detail. It is a question of granularity: the regulatory texts reason at the level of the individual decision. Most available tools reason at the level of the cohort.
How a Reliability Layer Addresses Both Obligations Simultaneously
For the EU AI Act: Traceability and Model Drift Detection
A per-prediction reliability layer generates, for every output of the AI model, a set of confidence metrics in real time. For industrial 2D vision, this means uncertainty values σx, σy, σw, σh on every produced bounding box.
What this delivers concretely for EU AI Act compliance:
Every prediction carries an exploitable reliability measurement, logged and traceable. If an auditor asks to reconstruct a past decision, what The Recursive calls "the replayability test", the data is available at the inference level, not just in aggregate.
Model drift is detectable continuously: when confidence metrics degrade on an unusual input distribution, the signal appears before overall performance drops. This is what the early-warning system for out-of-distribution (OOD) situations enables.
In practice, this means the technical file required by the EU AI Act can be populated automatically, without any additional manual process.
For the Machinery Regulation: Documenting Reliability Before Delivery
The system integrator delivering an AI robotic cell must produce a risk analysis demonstrating that the AI component's reliability has been assessed under real operational conditions.
The classic problem: the vision model is a black-box, either provided by an OEM or developed in-house. The integrator has no access to the model weights, cannot modify its architecture, for legitimate intellectual property reasons does not want the reliability layer provider to access their data or IP.
A plug-and-play reliability layer addresses exactly this constraint. It connects in parallel with the existing model, with no modification to the original AI module, no access to client data, and can be activated with no changes to the production line process.
This changes the nature of the proof available for the risk analysis: the integrator can now quantify the reliability of the AI component under real operational conditions, using production data, before the machine is delivered to the end client.
That is a direct response to the performance obligation imposed by the Machinery Regulation 2023/1230.
What This Looks Like in Practice: The VEDECOM PoC
The results from a real-world case, the proof of concept conducted with Institut VEDECOM on cooperative perception for autonomous vehicles, provide a useful benchmark.
By adding a per-prediction reliability layer on top of an existing vision model, with no retraining of the client model, the results measured on production data were:
-83% false positives eliminated
-65% position errors (from 1.44m to 0.51m)
-63% orientation errors (from 6.28° to 2.35°)
Real-time execution: 20ms on edge
These results were benchmarked against 7 alternative fusion methods [Fadili et al., IRCE 2025] and published. They are not projections: they come from validation on real data.
For a system integrator, -83% false positives translates directly into avoided line stoppages, reduced unjustified rejection rates, and usable reliability documentation for the risk analysis file. These are measurable arguments in the technical dossier submitted for CE marking.
FAQ
Does the EU AI Act apply to system integrators, or only to AI model developers?
The EU AI Act applies to all actors who place high-risk AI systems on the European market, including integrators. If you integrate a vision or detection AI component into a robotic cell delivered to an industrial client, you are subject to documentation and surveillance obligations. The model provider is not the sole responsible party: the integrator who deploys the system carries a share of the regulatory obligations, particularly around traceability and risk management.
What is the difference between standard AI monitoring and per-prediction reliability for regulatory compliance purposes?
Standard monitoring measures aggregated metrics across batches of predictions useful for detecting slow degradation, but insufficient for individual traceability. Per-prediction reliability generates confidence metrics for every single inference, in real time. This is the level of granularity the EU AI Act requires for logging high-risk systems. Without it, you cannot reconstruct an individual decision in the event of an audit or an incident.
Is the Machinery Regulation 2023/1230 compatible with the EU AI Act, or do they create conflicting obligations?
The two texts are not contradictory, they are complementary. The Machinery Regulation places the performance obligation on the integrator for the safety of the delivered machine and the risk analysis documentation. The EU AI Act mandates traceability and continuous surveillance of AI components. A per-prediction reliability layer satisfies both: it provides the technical documentation for CE marking and generates the reliability log required for EU AI Act compliance. One device, two obligations addressed.
How much does EU AI Act non-compliance cost an industrial integrator?
Penalties under the EU AI Act can reach up to 3% of global turnover for non-compliance on high-risk systems. But the most immediate operational cost lies elsewhere: an incident on a delivered machine, without AI reliability documentation, can trigger contractual and civil liability under the Machinery Regulation. The European Commission estimates compliance costs at up to €319,000 for an SME, which makes plug-and-play approaches, deployable without modifying the existing architecture, particularly relevant.
How quickly can a reliability layer be deployed on an existing system?
A plug-and-play reliability layer that is black-box compatible requires no modification to the existing AI model and no access to client IP. It connects in parallel with the existing architecture. In practice, a typical deployment cycle includes a specification phase (2 weeks), a validation phase (1 week), and a 2-week PoC roughly 5 weeks to a first validation on real data.
Share
Related articles
