Writing  /  AI Governance
AI Governance/Jun 21, 2026

The EU AI Act Is Not a Legal Problem. It Is a Technical One.

Most organisations are approaching the EU AI Act as a compliance checklist. That is the wrong starting point. Genuine conformity requires technical governance infrastructure that most AI environments do not yet have.

The EU AI Act is not an automotive safety standard. It covers the entire AI deployment spectrum: recommendation engines, credit scoring tools, hiring algorithms, medical decision support, customer interaction systems, business intelligence. Wherever AI makes or influences decisions that affect people, the Act applies.

The normative governance framework across all these domains is ISO/IEC 42001:2023, the international management system standard for responsible AI. It defines what organisations must put in place to govern AI throughout its lifecycle, from design and validation through deployment to monitoring and incident response.

The obligations become broadly binding across almost all applicable domains on 2 August 2026. For the last year, prohibitions such as social scoring and obligations for foundation models have been phased in. On that date, the full weight of the Act lands for nearly every organisation deploying AI in an operational context.

The homologation challenge familiar from SOTIF in autonomous driving is not unique to ADAS. It is the same structural obstacle that appears across every regulated AI domain: demonstrating that system behaviour is intentional, bounded, verifiable, and that you know what you are validating against. Purely probabilistic systems make this structurally difficult, not because of poor performance, but because of a deficit that more training data will not fix.

No context, no semantics, no function

Probabilistic systems learn patterns. Patterns are everywhere. Given enough data, a model will find statistical regularities across almost any input, including patterns that carry no semantic meaning in the domain it is supposed to operate in. The system will hallucinate: not as a bug, but as a predictable structural consequence of how it works.

Without a defined context, there is no semantics. Without semantics, there is no function, because it is no longer clear what problem the system behaviour is supposed to solve, or whether a given output is valid, irrelevant, or dangerous in that situation.

Without context you would have to validate against an effectively infinite space of input combinations. But even that misses the point, because without a semantically defined operating domain, you do not know what you are validating against in the first place. Adding more training data treats the symptom. It does not close the structural gap.

What actually works

Two credible paths exist. The first is a formal validation structure: a model that constrains AI behaviour within an explicitly defined, bounded operating context that follows physical rules and can be verified against defined criteria. The second is neurosymbolic AI: systems that combine statistical inference with formal reasoning, enabling the system to ground its outputs in explicit symbolic logic that can be examined and validated.

A purely probabilistic AI system without either of these is a safety risk in regulated or safety-critical domains. Not in theory. By structure.

In short

The EU AI Act covers the full AI deployment spectrum, from business intelligence and HR tools to customer interaction systems. ISO/IEC 42001:2023 provides the governance standard across all these domains.

Full enforcement begins 2 August 2026. The Act demands demonstrable conformity, not documentation, and organisations that have not assessed their AI systems are already running out of time.

Purely probabilistic systems cannot be homologated: without a defined context there is no semantics, and without semantics no verifiable function. The system cannot prove it is doing the right thing, only that a pattern matched.

More training data improves coverage. It does not close the structural validation gap.

Two credible paths forward: formal validation structures with a physically bounded operating context, or neurosymbolic AI that grounds statistical inference in explicit, verifiable reasoning.

[Link on import: whitepaper, EU AI Act and Technical AI Governance, PDF.]

The mathematical argument: Hume, Popper, and Gödel

The limitation of purely probabilistic systems is not merely engineering intuition. It has a rigorous theoretical basis across three independent traditions.

Hume's problem of induction establishes that no number of observed instances can logically guarantee future behaviour. A model trained on billions of examples cannot, by inductive logic alone, certify that its next output will be valid. This is not a data volume problem. It is epistemologically insoluble within a purely statistical framework.

Popper's falsifiability criterion requires that a scientific claim be testable against a defined domain of potential failure. A context-free probabilistic system has no clearly bounded set of conditions under which it should fail, making systematic falsification structurally impossible. You cannot test what you have not defined.

Gödel's incompleteness theorems show that no sufficiently expressive formal system can prove its own consistency from within. A system attempting to self-validate without external formal grounding, as pure black-box models must, cannot establish the completeness of that validation. There will always be statements about its own behaviour that it cannot prove or disprove.

However, this limitation primarily binds context-free formal systems operating in complete isolation. By explicitly defining and bounding an external context, a system introduces semantic rules and relational constraints that reduce the infinite variance of arbitrary states. This contextual framing establishes finite operational boundaries, transforming an otherwise unresolvable, self-referential paradox into a bounded, solvable problem space.

Physical reality offers a way out

The arguments of Hume, Popper, and Gödel hold fully only within a context-free definition space, one with no a priori constraints on the range of possible inputs or behaviours. Physical reality does not work that way. Physical reality is undercomplex relative to an unbounded logical space. Objects have mass. Motion is continuous. Causality is local.

This means a context can be defined that obeys physical laws, and within that context, system behaviour becomes bounded, verifiable, and to a meaningful degree deterministically manageable. A car at an intersection operates under Newtonian mechanics. A pedestrian's motion is constrained by physiology and spatial geometry. The operating domain is not infinite. It is finite and formalizable.

This is the path toward homologable AI: not eliminating statistical inference, but grounding it within a formally defined, physically constrained context that can be validated against explicit criteria.

[Link on import: research paper, Formal Validation Structures for Safety-Critical AI Systems, Zenodo.]

Schedule an intro call All writing
Related

More in writing

Computer Vision/Jul 10, 2026

Your Perception Stack Is a Snapshot Machine

Most perception stacks reason one frame at a time. The network detects, tracking is bolted on afterwards, and the system never really carries the world forward. A snapshot machine cannot validate cleanly, because the thing that would make its output trustworthy is the thing it discards between frames: continuity.

Cognitive Science/Jun 28, 2026

Gödel Is Not a Death Sentence for Reason

Gödel's incompleteness theorem, Hume's induction problem, the halting problem, and AI hallucination are not isolated failures of reason. They point to the same missing term: context.

Autonomy/Jun 25, 2026

Why Autonomous Perception Needs More Than Flat Object Lists

Most ADAS perception stacks classify what they already know. The real world is combinatorial, contextual, and full of unknowns. Semantic fallback systems are needed when flat object lists fail.