The EU AI Act came fully into force for high-risk AI systems in August 2026. If you work in healthcare, social care, employment, education, or critical infrastructure, and you are using or evaluating AI-powered tools, the Act creates obligations you need to understand. This article is not legal advice. It is our read of what the requirements mean in practice, based on building systems that fall within scope.
What is a high-risk AI system?
The Act classifies AI systems by the risk they pose. High-risk systems are those used in contexts where errors could harm people's health, safety, or fundamental rights. Healthcare is explicitly listed. So are systems used in employment decisions, educational assessments, law enforcement, and the administration of justice.
If you are using an AI tool in any of these contexts, including tools that assist with clinical documentation, care planning, or patient triage, you are likely dealing with a high-risk system under the Act's definition, even if the tool itself feels like an administrative assistant rather than a clinical decision-maker.
This matters because high-risk systems face substantially more demanding requirements than general-purpose or low-risk AI.
The key requirements for high-risk systems
For high-risk systems, the Act requires:
- Risk management: A documented process for identifying, evaluating, and mitigating risks throughout the system's lifecycle.
- Data governance: Training, validation, and testing data must be documented and must meet quality standards. The system must be able to demonstrate that its outputs are not discriminatory.
- Technical documentation: The system must be described in sufficient detail that a regulator can assess its compliance. This includes the model architecture, training approach, and performance metrics.
- Transparency: Users must be informed that they are interacting with an AI system. The system's capabilities and limitations must be documented and communicated.
- Human oversight: High-risk systems must be designed to allow effective human oversight, including the ability to intervene and override the system.
- Accuracy and robustness: The system must achieve appropriate levels of accuracy for its context and must be resilient to errors, faults, and attempts to manipulate its outputs.
- Logging: High-risk systems must be capable of automatically recording events throughout their lifecycle to allow for post-incident investigation.
What this means if you are buying AI tools
If you are an organisation in a regulated industry buying or deploying AI tools, the Act places obligations on you as the deployer as well as on the vendor. You cannot simply assume that because you bought a tool from a compliant vendor, you are compliant. You need to understand what the tool does, how it makes decisions, what data it processes, and how to override it.
The questions you should be asking any AI vendor operating in a regulated context include:
- Is this system classified as high-risk under the EU AI Act? If so, show me your technical documentation.
- Where is my data processed and stored, and for how long?
- What is the human override mechanism, and how is it documented?
- What does your logging cover, and can I access those logs?
- What happens if the system produces an error that affects a patient or service user?
A vendor that cannot answer these questions clearly is not ready to operate in a regulated environment, regardless of how capable their technology is.
How we approach compliance
We built Moai Care with these requirements in mind before the Act came fully into force. Human oversight is not a feature we added to comply, it is foundational to how the system works. Every action is logged. Every action can be overridden. The system identifies itself as AI-assisted. The technical documentation exists and is accessible to deploying organisations on request.
We are not going to claim that compliance is simple or that the Act's requirements are costless to meet. They are not. But we think the organisations that treat compliance as a baseline rather than a ceiling are the ones that will earn and keep the trust of the people they serve.
If you want to understand how the Act applies to a specific tool you are evaluating or using, or if you want to see Moai Care's compliance documentation, get in touch.