Version Note

This text is a derived version of the original German analysis.
The German version remains the reference text.

1. Starting Point: Verification as a Capability

The AI Act shifts the evaluation logic of AI systems toward verification.

At the center is the question of whether the behavior of an AI system can be traced and assessed under risk conditions. AI systems are evaluated based on whether their outputs are reconstructable and whether intervention remains possible. It is also decisive whether their behavior can be stably assessed under changing conditions.

This shift changes the reference point of evaluation. Assessment is no longer primarily directed at the quality of individual outputs, but at whether an AI system can be reliably assessed under conditions of uncertainty.

This creates a new basis for the use of AI. Access depends on whether behavior can be reliably assessed under verification conditions.

2. Operationalization

This requirement is translated into operational structures. Verification emerges from the interaction of multiple elements. Documentation makes behavior reconstructable. Control mechanisms enable intervention. Conformity requirements link usage to these structures. These elements operate together and embed verification into ongoing operations.

This creates a central condition: AI systems must be able to maintain their own controllability in operation. Whether this structure is viable depends on how validation processes are designed. What is decisive is how independently the verification process is organized from the AI system being assessed.

With increasing integration of AI into both layers, this relationship changes. Validation can become part of the same AI system it is supposed to assess. The formal structure of verification remains intact, but its validity depends on whether the verification is actually independent.

3. Transition to Admission

At this point, the function of verification shifts. It becomes the object of decision-making. Organizations must determine whether an AI system is sufficiently controllable under risk to be deployed.

From this determination, admission emerges. It only operates where AI systems are actually integrated into this decision structure. Systems that are used outside of this structure - for example through shadow use or as embedded functions within existing products - evade this form of structured selection.

4. Admission as a Decision System

In practice, admission is distributed across multiple decision instances. This structure typically includes selection, approval, embedding, and operation. These instances operate in an overlapping and partially contradictory manner. Decisions can be revised, and responsibilities are distributed.

This leads to a fundamental shift. Access is no longer a one-time process, but a state that is continuously evaluated within these decision structures.

This structure only produces effects if decisions can be enforced. Without enforcement, formal decisions remain without operational consequence.

5. Object of Decision

At the center of the decision is not the performance of an AI system. What is decisive is whether uncertainty can be assigned to a specific instance and operationally managed by it.

An AI system remains admitted if it is clear who is responsible for the resulting uncertainty and can handle it in operation. This assignment forms the basis for whether a system can be operated in a responsible way.

If this assignment is missing, formal access becomes unstable. The AI system must then be reassessed within the decision structures.

6. Difference between Formal and Real Usage

A difference regularly emerges between formal admission and real usage. AI systems are used even when verification is incomplete, responsibility remains unclear, or formal admission is missing.

Such constellations can solidify and remain stable over longer periods of time. Formal and real layers therefore frequently diverge.

7. Pressure on the Difference

This difference rarely remains stable in practice. Selection emerges under pressure, not through automatic alignment. This pressure is potentially permanent, but often remains latent and is unevenly distributed. It becomes effective when concrete triggers occur, such as incidents, audits, scaling effects, or regulatory changes.

In such situations, the difference becomes visible and must be addressed. Pressure is then translated into decision pressure within the existing structures.

8. Decision Responses

Under this pressure, decision instances face three fundamental options.

They can carry the difference and continue operating the AI system despite existing deviations. Restriction occurs through adjustments, additional controls, or reduced use. Ultimately, access can be terminated.

Restriction is not unambiguous. It can mean that actual problems are reduced, or that only formal adjustments are made without changing the behavior of the AI system. In both cases, the AI system can initially remain admitted, but with different levels of stability under pressure.

Additionally, pressure can be absorbed. This occurs, for example, through documentation, formal risk assignment, or the shifting of responsibility, without changing the actual system behavior.

9. Selection Mechanism

Selection emerges when decision instances are forced to address this difference. An AI system remains admitted as long as uncertainty can be assigned to an instance and managed operationally. It falls out when this assignment disappears or no longer holds.

10. Conclusion

Verification is no longer solely a matter of formal requirements. It becomes the operational condition of access.

Admission defines the order in which uncertainty is assigned and decisions are made under pressure.

Ralf Brentführer

May 2026

Download full paper (PDF):

Open Analysis #02 - AI Governance as Admission

1.1MB ∙ PDF file

Download

Download the full analysis (PDF). The German version is the reference text. The English version is derived.

Download

Open Analysis #02 - KI-Governance als Zulassungsstruktur

1.1MB ∙ PDF file

Download

Vollständige Analyse als PDF. Die deutsche Fassung ist die Referenzfassung. Die englische Fassung ist abgeleitet.

Download

Version Note

This English text is a derived version of the original German analysis.
The German version remains the reference text.

This analysis examines how the AI Act restructures AI-related value chains through documentation, verification, and control requirements. Its focus is not on compliance as an isolated function, but on the organizational, economic, and labor effects of regulation as it moves through processes, operations, and market structures.

1. Regulatory Framing

The AI Act establishes a regulatory approach to AI systems that is primarily organized through product law. Regulation does not primarily target contexts of use, but system properties and their verifiability. This approach is complemented by a risk-based framework that differentiates requirements across defined risk categories and thereby produces varying intensities of regulatory intervention (cf. Art. 5, Art. 6, Annex III).

At its core lies a shift from functional evaluation to structural requirement: systems must not only function, but their operation, development, and behavior must be documentable, traceable, and verifiable. These requirements take concrete form in obligations related to technical documentation, record-keeping, and traceability (cf. Art. 11, Art. 12, Annex IV).

This results in a fundamental transformation of regulatory access: regulation no longer primarily addresses outcomes, but the conditions of their production and their verification. This structure is further reinforced by requirements concerning human oversight and post-market monitoring, extending regulatory reach beyond the point of market entry to the entire lifecycle of a system (cf. Art. 14, Art. 61).

As a consequence, the AI Act establishes a continuous verification requirement as a central condition of regulatory conformity. This marks the transition to the mechanism layer: what matters is not the existence of requirements, but how they are translated into operational processes.

2. Value Chain Structure

The effects of the AI Act unfold across the entire value chain of AI systems. For analytical purposes, this chain is functionally divided into four stages: upstream, integration, application, and maintenance. This segmentation does not seek to mirror specific corporate structures, but to distinguish analytically between different functions within the development and use of AI systems.

The upstream stage covers model development and the generation of underlying capabilities. It is here that core preconditions for regulatory conformity emerge, particularly with regard to data requirements and data provenance, which must already be addressed during the development process (cf. Art. 10). Regulation therefore acts at this level primarily through requirements concerning the conditions under which systems are created.

The integration stage covers the embedding of models into concrete applications and systems. At this stage, regulatory requirements are translated into operational environments. Requirements concerning technical documentation and logging directly shape integration processes (cf. Art. 11, Art. 12). Integration thereby becomes not only a technical function, but also a regulatorily structured one.

The application stage refers to the operational use of AI systems. At this level, requirements arising from risk classification, as well as obligations concerning human oversight and transparency, become directly effective (cf. Art. 13, Art. 14). Regulation thereby becomes a permanent operational condition and structures the ongoing use of systems.

The maintenance stage includes system upkeep, updates, and the continuous monitoring of systems over their lifecycle. Requirements such as post-market monitoring and incident reporting mean that regulatory obligations persist even after deployment (cf. Art. 61, Art. 62). Changes to systems are therefore not unconstrained, but tied to renewed verification and review processes.

These four stages are functionally distinct, but structurally interconnected. Regulatory requirements do not act in isolation on individual parts of the chain, but propagate across the value chain as a whole. Decisions and constraints introduced in earlier stages shape the room for maneuver in later stages, while requirements emerging in operation feed back into development and integration.

3. Mechanism Layer

The regulatory effects of the AI Act unfold as an operational mechanism. Between regulatory requirement and real-economic consequence lies a translation layer in which legal provisions are transformed into concrete process requirements. This layer is decisive, because regulation only becomes effective once it has to be built into operational workflows.

The central mechanism of this translation is the verification requirement. Systems must be designed in a compliant manner, and this compliance must be structurally demonstrable. This produces a shift from functionality to verifiable operation. Requirements such as technical documentation, logging, and conformity assessment create new operational conditions (cf. Art. 11, Art. 12, Art. 16–19).

This verification requirement is integrated into processes and thereby structurally embedded in them. Verification structures are incorporated from the outset into system architecture, development, integration, and operation. What might previously have appeared as a technical or organizational workflow thereby becomes part of a regulatorily ordered process logic.

This embedding gives rise to process expansion and constraints. Processes become longer, more segmented, and tied to additional conditions. New decision points, requirements for human oversight, and obligations of continuous observability through monitoring and logging increase the number of points at which a system must be built, used, reviewed, documented, and secured (cf. Art. 12, Art. 14, Art. 61).

This marks the first real transformation layer of regulation: the AI Act changes the conditions of development, integration, and use. At this level, it acts as a mechanism for reshaping operational workflows. The result is additional complexity and, at the same time, a new process logic in which control, verification, and intervention capacity become durable components of value creation.

4. Organizational Impact

Once regulatory requirements are translated into operational mechanisms, they begin to reshape the internal structure of organizations. The AI Act therefore affects not only technical systems, but also the way organizations internally organize responsibility, control, and execution.

The starting point of this effect lies in the process expansion and constraints described above. Once processes become longer, more documentation-bound, and tied to additional review conditions, existing organizational forms often no longer suffice. What could previously be organized within relatively compact development, integration, or operational logics must now be translated into additional responsibilities, review pathways, and approval structures.

This gives rise to a structural layering of organizations. Between development, integration, and operation, new layers of control and coordination emerge that are oriented toward regulatory assurance. This layering takes concrete form in compliance layers, additional control functions, and a growing number of internal interfaces at which systems, processes, and responsibilities are reviewed for conformity.

One immediate consequence of this layering is role expansion and fragmentation. New requirements create additional roles or reshape existing role profiles. Activities such as documentation, validation, monitoring, approval, or the exercise of human oversight become distinct areas of work. Organizations must therefore accommodate more functions while also managing more handovers, coordination points, and allocations of responsibility.

The regulatory effect thus becomes visible in the changing internal architecture of organizations. What begins as a primarily execution-oriented structure gradually turns into an organization in which control, verification, and regulatory coordination become integral parts of the operating model. The AI Act thus acts as a trigger of internal reorganization.

5. Transition Dynamics

The changes triggered by the AI Act unfold through a phased structural transition. Between existing organizational and process logics and the regulated target structure, an intermediate condition emerges that is marked by overlap, friction, and temporary inefficiency.

The starting point lies in the introduction of new process constraints and verification requirements, which are initially integrated only selectively into existing workflows. These interventions do not produce an immediate reordering, but first create an overlap of old and new logics. Existing processes remain in place, but are supplemented by additional review, documentation, and control steps.

In this phase, a condition of structural tension emerges: organizations operate simultaneously with a logic oriented toward speed and efficiency and a progressively dominant logic of control and verifiability. This overlap produces inconsistencies, increased coordination burdens, and temporary losses of efficiency.

A central transitional phenomenon is re-manualization. Automated or partially automated processes are temporarily supplemented or replaced by manual review, control, and decision structures. This development is both the result of organizational reordering and a direct response to uncertainty, the absence of established procedures, and the need to secure regulatory requirements in the short term. Human control functions in this phase as a bridge between existing systems and future formalized verification structures.

The result is a phase of temporary inefficiency in which processes take longer, resources are tied up, and parallel structures remain in place. This inefficiency is not a flaw of the system, but a structural component of the transformation: it enables the gradual adaptation of processes, roles, and responsibilities to the new regulatory conditions.

Only at a later stage does a systemic reordering take place, in which regulatory requirements are no longer added onto existing structures, but become integral parts of newly designed processes. The transitional phase thereby loses importance, and the frictions that emerged earlier are partially translated into stable organizational and operational routines.

The transformation does not unfold linearly. Its speed, intensity, and form differ depending on organization, risk class, and field of application. Adaptation strategies, technological support, and regulatory interpretive flexibility lead to different transition paths. Even so, the underlying dynamic remains stable: regulation first creates overlap, then friction, and finally structural reordering.

6. Economic Effects

The economic effect of the AI Act manifests itself in a structural shift in the cost structure across the entire value chain. It emerges from the accumulation of process expansion, additional control requirements, and the adaptation dynamics that become effective during the transition phase.

Once processes become documentation-bound, more control-intensive, and tied to additional approval and review mechanisms, the resource requirements per development step, integration process, operational workflow, and system change increase. The previously dominant logic of scaling and automation is thereby overlaid by requirements of verifiability, control, and regulatory assurance, which are directly reflected in the cost structure.

This leads to cost intensification that includes both fixed and ongoing costs. Fixed costs arise from the establishment of documentation, review, and governance structures. Ongoing costs emerge in operation through continuous monitoring, validation, incident, and update processes. The economic effect therefore lies not in a one-off adjustment, but in a durable expansion of the cost base across the entire lifecycle of systems.

A significant part of these costs serves regulatory assurance. Resources are deployed to establish, demonstrate, and maintain conformity. This shifts the internal allocation logic: a growing share of expenditures is directed toward stabilization, documentation, and control rather than the development of additional functionality.

These cost effects also appear with time lags and differ significantly across organizations. Some burdens arise early through setup and implementation, while others only become effective in ongoing operation, for example through post-market monitoring, incident reporting, or the revalidation of modified systems (cf. Art. 61, Art. 62). The economic dynamic is therefore cumulative and not confined to individual phases.

The economic logic of AI applications thus shifts from a structure primarily oriented toward speed and declining marginal costs to a model in which controllability, verifiability, and regulatory robustness become distinct and durable cost factors. The question of cost thereby becomes the central mechanism through which regulatory requirements are translated into market and labor effects.

7. Market Mechanisms

The shift in cost structure described in the previous step does not remain confined to the level of individual organizations, but changes the conditions of market access and competitiveness. This marks the actual reordering of the market: regulation now acts no longer only within organizations, but on the structure of the field itself.

The central driver of this shift is the growing significance of regulatory costs and process requirements. Once the capacity for regulatory assurance becomes a prerequisite for development, integration, and operation, the conditions of market entry begin to change. New or smaller actors must not only build technological capability, but also the ability to meet and demonstrate regulatory requirements in a reliable manner.

This gives rise to entry barriers that are shaped not primarily by capital requirements in the classical sense, but by organizational, documentary, and process-related demands. Access to the market thereby becomes more tightly tied to structural resilience, internal coordination capacity, and regulatory maturity. Regulation thus produces not merely an additional requirement, but a change in the conditions of legitimate participation in the market.

This shift changes the market structure as a whole. Larger or already structurally resilient actors enjoy advantages because they can absorb regulatory requirements more easily, integrate them into existing governance structures, and distribute them across multiple process layers. At the same time, the attractiveness of standardized solutions, specialized intermediaries, and external support services increases, as these can partially externalize or bundle regulatory complexity.

The internal logic of competition is thereby altered. Alongside technological capability and innovation speed, the ability to integrate regulation gains strategic importance. Those who can translate requirements into operational processes more quickly, more stably, and more cost-effectively gain structural advantages in the market. Regulation thus becomes a competitive factor in its own right.

These market effects are not fully deterministic. Adaptation strategies, standardization, tooling, and new service segments can mitigate or redistribute some of the burdens. Even so, the direction of movement remains stable: the market shifts from a relatively open innovation logic toward a structure in which verifiability, organizational resilience, and regulatory compatibility become central conditions of economic positioning.

8. Changes in Work

Changes in market structure and internal organizational logic feed directly back into the structure of work. As processes become increasingly driven by verification requirements, not only tasks change, but also the distribution of responsibilities, roles, and qualification demands along the value chain.

The starting point is the combination of structural layering and changing market conditions. Once additional requirements for control, documentation, and validation are permanently integrated into processes, new areas of activity emerge, while existing tasks are redefined or expanded. Work shifts along existing functions and becomes more tightly coupled to regulatory requirements.

This development leads to task shifts. Activities that were previously organized in purely technical or operational terms are supplemented by elements of documentation, review, and assurance. At the same time, distinct areas of work emerge, for example in connection with monitoring, validation, documentation, and the exercise of human oversight. Work thereby becomes more fragmented and is broken down into more specialized components.

On this basis, capability profiles begin to shift. What is required is no longer solely technical expertise or domain knowledge, but increasingly hybrid capabilities that combine technical, regulatory, and organizational requirements. The ability not only to develop or operate systems, but also to document, explain, and situate their behavior within a regulatory context becomes more important.

This shift does not unfold uniformly. Depending on organization, sector, and risk class, different patterns of task distribution and qualification requirements emerge. In some areas, existing roles are expanded, while in others new specialized functions are created. At the same time, parts of the work induced by regulatory requirements can be externalized or supported through standardized tools, leading to further differentiation within the structure of work.

The AI Act therefore does not primarily transform the world of work through substitution, but through a reorganization of tasks and capability profiles. Work becomes more deeply embedded in processes oriented toward verifiability, control, and regulatory stability. The central shift thus lies not in the disappearance of work, but in its structural reordering along regulatory requirements.

9. Cross-Layer Logic

The preceding sections describe the individual layers of the transformation. Their full effect, however, only becomes visible when considered in their interconnection. The cross-layer logic captures the continuous causal structure that links regulatory requirements with organizational, economic, and labor-related changes.

At the center lies a vertical chain of derivation that extends from regulatory access to changes in work. The starting point is product law, which establishes a verification requirement through control-related obligations. This requirement is translated into operational processes and leads to the embedding of verification structures, which in turn produce process expansion and additional constraints. As a result, organizational structures change, structural layering emerges, and re-manualization appears as a transitional phenomenon.

This dynamic condenses into a distinct cost logic that, through entry barriers, shapes the structure of the market. The resulting market conditions then feed back into the organization of work and lead to shifts in tasks and capability profiles.

Alongside this vertical chain, feedback structures emerge that reinforce and stabilize the dynamics of the system. Requirements arising at the application stage, for example through monitoring or incident reporting, feed back into decisions at the development stage, as systems must be designed from the outset to meet verification and regulatory requirements. At the same time, market changes exert pressure on organizations to further adapt their internal structures and processes.

Across all layers, the logic of verification acts as the unifying principle. It is the common denominator that connects regulatory requirements, operational processes, organizational structures, cost dynamics, and market mechanisms. What emerges is not a loose collection of effects, but an interconnected system in which each layer prepares and reinforces the next.

The cross-layer logic thus shows that the AI Act cannot be understood as a collection of isolated rules. Its effect arises from the chaining of mechanisms that unfold along the value chain and stabilize one another. In this model, regulation acts as a continuous transformation pathway rather than a discrete intervention.

10. Reality Anchor

The reconstructed logic of effects describes the structural direction of the transformation. It does not, however, claim uniformity across all real-world contexts. The reality anchor marks the boundary between analytical coherence and empirical variability and thereby preserves the model’s applicability across different organizational, regulatory, and economic settings.

The effects of the AI Act do not unfold with identical intensity in all cases. Differences in risk class, field of application, organizational scale, sectoral context, and regulatory interpretation mean that individual mechanisms appear with varying strength. The chain described above therefore does not represent a uniform reality, but a structural pattern whose concrete expression can vary.

The transformation does not unfold linearly in practice. Between regulatory requirements and organizational or economic effects, there are often time lags, adjustment loops, and transitional phases in which old and new logics coexist. Real-world development is therefore characterized by temporal offsets and uneven transitions, without this undermining the overall direction of the transformation described.

Actors do not respond passively to regulation. Firms, service providers, integrators, and other market participants develop strategies to absorb, standardize, or partially externalize regulatory burdens. Such adaptation dynamics can mitigate, redistribute, or reshape individual effects. They do not, however, alter the underlying mechanism that regulatory requirements must be translated into processes, costs, and market structures.

The reality anchor thus fulfills a dual function: it limits the scope of the model while increasing its robustness. The analysis does not describe a mechanical necessity in every individual case, but a structurally plausible transformation logic that explicitly incorporates real-world variation, temporal shifts, and strategic adaptation. In this way, the reconstruction remains analytically precise without ignoring the variability of actual developments.

11. Systemic Condensation

The preceding analysis unfolds the effects of the AI Act across multiple layers and mechanisms. Systemic condensation reduces these elements to their underlying directional movements. The aim is to make the structural transformation visible through a small number of overarching shifts without abandoning the causal logic developed earlier.

The primary movement can be described as a transition from an execution logic to a verification logic. In the initial structure, the development, integration, and use of AI systems are primarily oriented toward functionality and performance. Under regulatory conditions, the ability to make these processes verifiable, controllable, and auditable becomes central. Verifiability thus becomes an independent organizing principle of value creation.

A second movement concerns the structure of systems themselves. Flexible systems, characterized by rapid iteration, adaptability, and low formal constraint, evolve into structured systems with clearly defined process steps, control points, and documented procedures. Flexibility is not eliminated, but becomes increasingly bound to formal requirements.

The third movement concerns the distribution of capabilities within the market. A relatively broad and low-threshold capacity to develop and use AI systems is replaced by a reconfigured distribution of capabilities. Capabilities concentrate where regulatory requirements can be integrated, sustained, and scaled. At the same time, new forms of specialization and support structures emerge that address these requirements.

These three movements are not independent, but interlinked. The dominance of verification logic produces structured systems, and structured systems, in turn, favor a different distribution of capabilities within the market. Systemic condensation thus makes visible that the transformation does not consist of isolated effects, but of a coherent reordering of central principles of value creation.

12. Core Relation

The entire analysis can be condensed into a central relation of effects. Its starting point is the verification requirement established by the AI Act, which acts as the unifying principle structuring all downstream layers. From this follows process expansion, as development, integration, operation, and maintenance must all be supplemented by additional review, documentation, and control steps.

This process expansion does not remain confined to the level of individual workflows, but leads to the structural layering of organizations. New roles, interfaces, control functions, and coordination demands arise as a direct consequence of the regulatory logic of verification. Organizations thereby become not only more complex, but internally configured in different ways.

This internal reorganization produces a shift in cost structure. The capacity to meet, demonstrate, and maintain regulatory requirements across the lifecycle of a system becomes a distinct cost factor. This cost structure, in turn, feeds back into the conditions of market access and competitiveness.

At the end of this chain lies a reconfiguration of the market, in which the conditions of legitimate participation, the distribution of capabilities, and the logic of competition are altered. The core relation thus shows in compressed form where the actual effect of the AI Act lies: not in isolated obligations or prohibitions, but in the structural translation of verification requirements into changes in process, organization, cost, and market structure.

13. Source Architecture

The present analysis is based on a clear distinction between externally grounded regulatory concepts and model-internal terminology. External concepts and mechanisms are traced, where central to the structure of the argument, to the relevant regulatory components of the AI Act. Model-internal terms, by contrast, serve the purpose of analytical reconstruction and do not claim direct grounding in the wording of the regulation itself.

The central regulatory basis consists of the provisions relating to risk classification, prohibited practices, the requirements for high-risk AI systems, as well as technical documentation, record-keeping, human oversight, conformity assessment, post-market monitoring, and incident reporting (cf. Art. 5, Art. 6, Art. 8–15, Art. 16–19, Art. 61, Art. 62; Annex III, Annex IV).

For individual lines of argument, adjacent regulatory and technical frameworks may also be drawn upon, for example in the area of product liability or in standards that further specify auditability, traceability, and risk management. These supplementary references do not serve to expand the model, but to sharpen its regulatory applicability.

The function of sources is therefore clearly limited: they anchor central mechanisms, but do not replace analytical derivation. The analysis should accordingly not be understood as a commentary on the legal text, but as a structural reconstruction of its likely logic of effects along the value chain.

Ralf Brentführer

April 2026

Download full paper (PDF):

Open Analysis #01 - AI Regulation As Value Chain Reconfiguration (EN)

1.13MB ∙ PDF file

Download

Download the full analysis (PDF). The German version is the reference text. The English version is derived.

Download

Open Analysis #01 - KI-Regulierung als Umbau der Wertschöpfungskette (DE)

1.14MB ∙ PDF file

Download

Vollständige Analyse als PDF. Die deutsche Fassung ist die Referenzfassung. Die englische Fassung ist abgeleitet.

Download

1. Executive Summary

A. Organizational regulation instead of technology regulation

The EU AI Act regulates less the technology itself than the organizational conditions of its deployment.

B. New governance and decision structures

Risk classification, documentation requirements and human oversight reshape processes, responsibilities and organizational control mechanisms within organizations.

C. Transition frictions and emerging markets

The adjustment phase introduces temporary remanualization of processes and longer development cycles, while new markets for governance, certification and infrastructure emerge simultaneously.

2. Perspective Framework

The EU AI Act establishes a comprehensive legal framework for the development and deployment of AI systems within the European internal market.

Public discourse often frames the AI Act as a technology regulation. For organizations, its primary impact lies in the governance and decision structures within which AI systems are deployed.

The AI Act therefore operates less as a regulation of technology itself and more as a regulation of the organizational conditions of its deployment. Organizations must define responsibilities, document decision processes and establish organizational control mechanisms for AI-assisted decisions.

This analysis examines the AI Act from a real-economy perspective: which organizational adjustments emerge within organizations, which transition frictions occur and which economic structures develop around the regulated deployment of AI systems.

3. Regulatory Mechanism

The EU AI Act governs the deployment of AI systems through a combination of risk classification, documentation requirements, human oversight and conformity assessment (Art. 6–7, Art. 14, Art. 43). This structure generates concrete organizational requirements.

The classification of AI systems into risk categories is the central regulatory element. Systems with higher risk are subject to stricter requirements regarding transparency, documentation and human oversight (Art. 6–7).

For organizations, three operational requirements follow:

• Documentation to ensure traceability: development processes, training data, model changes and decision processes are documented in a traceable manner

• Human oversight: AI-assisted decisions remain subject to human review and potential override (Art. 14)

• Conformity assessment: organizations must demonstrate compliance with regulatory requirements for certain systems (Art. 43)

This regulatory mechanism shifts the focus from the technical development of individual models to the organizational conditions of their deployment.

Regulatory mechanism:

The regulatory logic of the AI Act operates through a clear sequence: risk classification, documentation requirements and human oversight shift requirements for AI systems from technical performance to organizational integration. This results in new governance structures, additional review and approval processes and expanded organizational control mechanisms. During the transition phase, these adjustments create frictions and extended development cycles, while simultaneously enabling new markets for governance, audit and infrastructure services.

Example:

An AI system for credit risk assessment requires more than technical performance. Organizations must document training data, decision processes and control mechanisms that enable human review.

4. Organizational Adjustments

The primary adjustments triggered by the EU AI Act occur not within the technology itself, but within the organization of its deployment: defined responsibilities, documented decision processes and regulatory control mechanisms.

Responsibilities for AI systems

Organizations must define regulatory responsibility for each AI system, a function that often lacks clear allocation.

New interfaces emerge between:

• AI development teams

• operational business units

• risk and compliance functions

Example:

An AI system for credit risk assessment is developed by a data science team, deployment by a credit department and overseen by risk and compliance functions.

New review and approval processes

Organizations must assess whether an AI system falls under a regulated risk category and which requirements apply.

Typical adjustments include:

• internal approval processes for new AI systems

• regulatory assessments prior to deployment

• additional reviews for model changes

These processes extend the time between technical development and operational deployment.

Example:

A newly developed credit risk model must undergo risk classification, documentation and internal approval before deployment.

Integration into risk and compliance structures

AI systems integrate more strongly into existing control structures. Risk management, compliance and internal audit functions gain influence over their deployment.

AI systems thereby become organizationally comparable to other regulated decision infrastructures.

Example:

An AI system for prioritizing incoming medical findings in a hospital integrates into clinical workflows. Decisive is process integration: defined human review at specific thresholds, documented overrides of automated prioritization and clear responsibilities for monitoring and incident handling.

5. Transition Regime

Between existing AI deployment and full regulatory integration, organizations operate within a transition phase. Existing systems undergo review, processes adapt and governance structures emerge.

These adjustments introduce temporary review layers, organizational frictions and partial constraints on automation.

System inventory and retrospective documentation

Organizations must establish a structured inventory of existing AI systems. Applications previously treated as technical tools require reclassification and documentation within a regulatory context.

Typical steps include:

• systematic identification of existing AI systems

• retrospective documentation of training data and model logic

• internal assessment of regulatory risk classification

Example:

A fraud detection system in long-term deployment must undergo retrospective documentation of training data, model changes and monitoring responsibilities.

Temporary remanualization of decisions

Organizations may temporarily limit automated processes until regulatory requirements are fully implemented.

Remanualization refers to the temporary shift of automated decisions back to human review and decision-making processes during regulatory adjustment phases.Typical situations include:

• additional human review of automated decisions

• parallel manual assessments during transition phases

• temporary restriction of automated decision-making

This particularly affects decisions with direct impact on individuals.

Example:

An automated applicant screening system continues to operate, but each decision undergoes human review until documentation and control processes are fully implemented.

Extended development and deployment cycles

Regulatory documentation and review requirements extend development and deployment cycles of AI systems.

Additional coordination and review phases emerge between technical completion and operational deployment.

Example:

A credit risk model must undergo documentation, risk classification and internal approval before deployment.

Stabilization after the adjustment phase

These frictions primarily occur during the integration of regulatory requirements. With increasing experience and established governance processes, they become established organizational processes.

6. Emerging Market Mechanisms

When organizations simultaneously establish governance, control and documentation structures for AI systems, new markets emerge for services and infrastructure.

Phase 1 – Governance and implementation consulting

Initial demand focuses on regulatory implementation.Typical services include:

• inventory of existing AI systems

• assessment of regulatory risk classification

• development of internal AI governance structures

Example:

An organization using multiple AI systems receives external consulting for systematic identification and regulatory classification of these systems.

Phase 2 – Audit and certification structures

With increasing regulatory integration, formal audit and certification structures emerge. Organizations must demonstrate that certain AI systems comply with regulatory requirements (Art. 43).

Markets develop for:

• conformity assessments

• independent auditing bodies

• specialized certification services

Phase 3 – Infrastructure markets

Technical infrastructure emerges to support monitoring, documentation and traceability of AI systems.

Typical solutions include:

• monitoring systems for AI-assisted decisions

• platforms for documenting model changes

• software for managing regulatory documentation

Temporal dynamics of market formation

The development of these markets typically unfolds over several years:

• 0–2 years: governance and implementation consulting

• 2–4 years: audit and certification structures

• 3–6 years: technical infrastructure markets

7. Conclusion

The AI Act reshapes not only the deployment of individual AI systems, but also the organizational and economic conditions of their deployment. Organizations establish new governance structures and control mechanisms, while new markets for services and infrastructure emerge.

The AI Act operates less as a regulation of technology itself and more as a regulation of the organizational and economic structures surrounding AI deployment.

8. Legal References

EU AI Act

• Art. 6–7 – Risk classification of AI systems

• Art. 9 – Risk management system

• Art. 14 – Human oversight

• Art. 43 – Conformity assessment

Download full paper (PDF):

Full paper (EN)

1.11MB ∙ PDF file

Download

Download the complete reference framework (PDF).

Download

Full paper (DE)

1.11MB ∙ PDF file

Download

Download the complete reference framework (PDF).

Download

Related analysis: OA #01 - AI Regulation as Value Chain Reconfiguration