Subscribe
, ,

Who watches the AI Act’s watchers?

Europe’s AI Act now faces its hardest operational test yet.

7 minutes

Read Time

Who watches the AI Act’s watchers?
Summary
  • The European Commission has appointed a Scientific Panel and Advisory Forum to support AI Act enforcement.
  • The AI Act’s credibility now depends on supervisory capacity, technical expertise, and consistent interpretation across member states.
  • Businesses selling AI systems into Europe face a practical compliance challenge shaped by standards, documentation, classification, and enforcement behaviour.

Passing the EU AI Act gave Europe a regulatory framework that few other markets have attempted at comparable scale. Enforcing it will require something more difficult than legislative ambition: a supervisory system able to absorb technical evidence, commercial pressure, national enforcement differences, and fast-changing model behaviour without turning the regime into either paperwork or paralysis.

On 1 June 2026, the European Commission appointed a Scientific Panel and an Advisory Forum to support enforcement of the Artificial Intelligence Act. The two bodies will advise the Commission’s AI Office and national authorities, with members serving two-year terms. The Scientific Panel brings together 60 independent experts with experience in frontier AI, engineering, technical auditing, industry, and societal impact. Its remit covers general-purpose AI models and systems, systemic risks, model classification, evaluation methods, and cross-border market surveillance.

The Advisory Forum has a wider base, drawing in expertise from academia, civil society, industry, SMEs, startups, and EU agencies. Its role is to provide the AI Board and the Commission with technical and policy input across areas covered by the Act. By adding these bodies to the enforcement structure, Brussels is acknowledging that AI supervision cannot be reduced to legal interpretation. The rules will have to be translated into decisions about systems that are probabilistic, adaptable, commercially sensitive, and often difficult to inspect from the outside.

Technical judgement will shape enforcement

AI supervision is not a conventional product-safety exercise in which regulators inspect a fixed object against a stable specification. When a provider says a model does not pose systemic risk, or when a vendor argues that an application sits outside a high-risk category, authorities need enough technical depth to interrogate the evidence. That means understanding evaluation methods, training documentation, cybersecurity safeguards, deployment context, post-market monitoring, and the ways model behaviour can change once a system is integrated into real workflows.

The European AI Office sits at the centre of that work. Its tasks include supporting coherent application of the Act across member states, developing tools and benchmarks for evaluating general-purpose AI models, classifying models with systemic risks, drawing up codes of practice, preparing guidance, monitoring compliance, investigating possible infringements, assessing model capabilities, and requesting corrective action from providers. Taken together, those responsibilities place the office closer to a technical supervisor than a conventional policy unit.

A risk-based framework only works if risk categories are interpreted with enough consistency to be commercially usable and enough flexibility to respond to evidence. An AI system used in recruitment, education, healthcare, welfare, policing, or critical infrastructure may raise different issues depending on how it is procured, configured, monitored, and challenged by the organisation deploying it. Legal definitions provide the structure, but supervisory judgement will decide whether the structure holds under operational pressure.

The compliance calendar will shape behaviour

The implementation timetable gives companies time to prepare, although not always the same kind of clarity. The AI Act generally applies from 2 August 2026, with some chapters and obligations already phased in and others following later. Chapters I and II applied earlier, while some provisions, including Article 6(1) and corresponding obligations, follow in 2027. During that period, guidance, standards, market expectations, and enforcement practice will develop alongside one another.

Companies selling AI systems into Europe therefore face a practical compliance exercise rather than a simple legal checklist. They must decide whether their products fall into high-risk categories, document testing and governance processes, define human oversight in operational terms, monitor systems after market entry, and understand how obligations apply when general-purpose models are embedded inside sector-specific products. Smaller vendors may struggle to carry that burden without clearer templates, while public-sector buyers and regulated industries will need enough expertise to assess suppliers without becoming passive recipients of compliance claims.

The market will also respond to perceived enforcement signals. If regulators appear slow or inconsistent, some providers may treat documentation as the main deliverable. If enforcement becomes heavy but unclear, companies may delay deployments or focus their compliance effort on legal defensibility rather than technical quality. A credible regime depends on a middle ground in which companies can understand the rules well enough to build against them, while regulators retain enough independence and technical skill to challenge weak evidence.

Expertise is becoming regulatory infrastructure

Europe’s institutional model offers depth, but it also creates coordination risk. A central AI Office can develop expertise and common guidance, while national competent authorities bring local enforcement capacity and sector knowledge. Scientific advisers can help regulators examine frontier systems, while the Advisory Forum can expose practical concerns from industry, civil society, academia, and smaller companies. The same layered structure can also slow decisions if responsibilities blur or national authorities develop diverging interpretations.

The demand for technical expertise will be one of the hardest constraints. Model evaluation, systemic-risk assessment, security testing, and classification decisions depend on people who understand both machine learning systems and the environments in which they are deployed. Europe will be competing for those people with AI labs, cloud companies, cyber vendors, consultancies, universities, and national governments. A supervisory regime with weak technical capacity may still generate guidance, but it will struggle to assess whether provider documentation reflects real system behaviour.

Expert-led enforcement also needs transparency. Scientific advice can improve the quality of supervision, but decisions affecting market access, compliance costs, and public protection cannot appear to emerge from an opaque expert layer. The AI Act’s legitimacy will depend on how clearly the Commission and national authorities explain their reasoning, how they manage conflicts of interest, and how consistently they apply decisions across member states and sectors.

Documentation has to meet deployment reality

Providers will produce technical documentation, risk registers, model evaluations, logs, conformity assessments, governance processes, and audit trails. Some of that work will improve safety and accountability, especially where companies use the compliance process to examine how systems perform in context. The weakness comes when documentation becomes a proxy for understanding, allowing organisations to demonstrate process without showing that the system behaves safely once deployed.

The problem becomes harder as AI moves through supply chains. A general-purpose model may be adapted into a product the original provider did not fully anticipate, while an application that appears low-risk in one context may become consequential when embedded in hiring, credit, education, or public administration. Updates, integrations, fine-tuning, and changes in deployment setting can alter a system’s risk profile after the initial assessment. Supervisors will have to follow AI through procurement, adaptation, monitoring, and use, rather than treating compliance as a single moment before market entry.

The Act’s credibility will rest on whether people affected by AI in work, public services, finance, health, education, and policing have meaningful protection when systems fail, discriminate, or are misused. Large providers filing documents on time will not be enough. Nor will a regime that creates cost without confidence. The new expert bodies give Europe a stronger institutional base, but the quality of enforcement will be decided in the slower work of classification decisions, technical guidance, investigations, standards, and cross-border supervision.

Europe has written a rulebook that many other jurisdictions will study. Its influence will depend on whether the institutions interpreting that rulebook can keep pace with the systems it is meant to govern.

Latest News

View All

You May Have Missed

View All