The EU AI Act came fully into force for high-risk AI systems in August 2026. If you work in healthcare, social care, employment, education, or critical infrastructure, and you are using or evaluating AI-powered tools, the Act creates obligations you need to understand. This article is not legal advice. It is our read of what the requirements mean in practice, based on building systems that fall within scope.

What is a high-risk AI system?

The Act classifies AI systems by the risk they pose. High-risk systems are those used in contexts where errors could harm people's health, safety, or fundamental rights. Healthcare is explicitly listed. So are systems used in employment decisions, educational assessments, law enforcement, and the administration of justice.

If you are using an AI tool in any of these contexts, including tools that assist with clinical documentation, care planning, or patient triage, you are likely dealing with a high-risk system under the Act's definition, even if the tool itself feels like an administrative assistant rather than a clinical decision-maker.

This matters because high-risk systems face substantially more demanding requirements than general-purpose or low-risk AI.

The key requirements for high-risk systems

For high-risk systems, the Act requires:

What this means if you are buying AI tools

If you are an organisation in a regulated industry buying or deploying AI tools, the Act places obligations on you as the deployer as well as on the vendor. You cannot simply assume that because you bought a tool from a compliant vendor, you are compliant. You need to understand what the tool does, how it makes decisions, what data it processes, and how to override it.

The questions you should be asking any AI vendor operating in a regulated context include:

A vendor that cannot answer these questions clearly is not ready to operate in a regulated environment, regardless of how capable their technology is.

How we approach compliance

We built Moai Care with these requirements in mind before the Act came fully into force. Human oversight is not a feature we added to comply, it is foundational to how the system works. Every action is logged. Every action can be overridden. The system identifies itself as AI-assisted. The technical documentation exists and is accessible to deploying organisations on request.

We are not going to claim that compliance is simple or that the Act's requirements are costless to meet. They are not. But we think the organisations that treat compliance as a baseline rather than a ceiling are the ones that will earn and keep the trust of the people they serve.

If you want to understand how the Act applies to a specific tool you are evaluating or using, or if you want to see Moai Care's compliance documentation, get in touch.