This is exactly where it becomes difficult in practice.
The regulation is effect-based - but most implementations still rely on documentation, intent, or post-hoc assessment.
So even if a system ends up violating Article 5, the only thing we can prove is that it happened - not prevent it structurally.
I’ve been working on a different approach where the constraint doesn’t sit at the level of policy, but at the level of when a system is allowed to act at all.
Not limiting outcomes, but limiting action under epistemically insufficient conditions.
Still early — but it seems like the only way to actually bridge that gap.
The gap you’re describing — effect-based standard, documentation-based proof — is exactly what makes Article 5 enforcement so difficult in practice. Moving the constraint to the action level rather than the outcome level is a genuinely different approach. Would that sit within existing conformity assessment structures, or does it require something new?
That framing — compliance during operation rather than only before or after — is actually where the AI Act’s post-market monitoring obligations (Article 72) are trying to go, but they stop short of what you’re describing. They require providers to track and report, not to constrain action in real time. Runtime constraint as a compliance mechanism would be a meaningful extension of that logic — and honestly a more honest match for how these systems actually behave in deployment.
This is exactly where it becomes difficult in practice.
The regulation is effect-based - but most implementations still rely on documentation, intent, or post-hoc assessment.
So even if a system ends up violating Article 5, the only thing we can prove is that it happened - not prevent it structurally.
I’ve been working on a different approach where the constraint doesn’t sit at the level of policy, but at the level of when a system is allowed to act at all.
Not limiting outcomes, but limiting action under epistemically insufficient conditions.
Still early — but it seems like the only way to actually bridge that gap.
The gap you’re describing — effect-based standard, documentation-based proof — is exactly what makes Article 5 enforcement so difficult in practice. Moving the constraint to the action level rather than the outcome level is a genuinely different approach. Would that sit within existing conformity assessment structures, or does it require something new?
That’s a really good question.
I don’t think it replaces conformity assessment - it probably sits alongside it, but changes what can actually be enforced in practice.
Right now, most conformity structures are built around classification, documentation, and evaluation.
This would introduce something closer to a runtime constraint - where certain actions are no longer possible under defined epistemic conditions.
So instead of only demonstrating compliance before or after deployment, it would allow part of that compliance to be enforced during operation.
Which might require some extension of current frameworks - but not necessarily a completely new one.
That framing — compliance during operation rather than only before or after — is actually where the AI Act’s post-market monitoring obligations (Article 72) are trying to go, but they stop short of what you’re describing. They require providers to track and report, not to constrain action in real time. Runtime constraint as a compliance mechanism would be a meaningful extension of that logic — and honestly a more honest match for how these systems actually behave in deployment.
That’s exactly how it’s been feeling to me as well.
Tracking and reporting are important - but they still assume that the system can act freely, and we deal with the consequences afterward.
What I’m trying to explore is what happens if part of that responsibility moves into the moment of action itself.
Not replacing post-market monitoring, but complementing it with something that can actually constrain behavior as it unfolds.
It feels like that’s the missing link between governance and what these systems actually do in practice.