AI compliance in industrial settings
EU AI Act and industrial maintenance: the 2026-2028 compliance guide for manufacturers
The Digital Omnibus agreement of 7 May 2026 confirmed the consolidated timeline: 2 December 2027 for stand-alone high-risk AI systems, 2 August 2028 for AI embedded in regulated products. Machinery Regulation 2023/1230 becomes the reference regulatory framework for AI in industrial machinery. Here is a clear summary and a concrete action plan for compliant industrial maintenance, with a level head.
Where does the AI Act stand in May 2026?
Three regulatory milestones shape the 2026 AI Act sequence.
26 March 2026: the European Parliament's position
The European Parliament voted 569 to 45 to adopt its negotiating position on the Digital Omnibus on AI, which proposes to push the application deadlines for high-risk rules back to December 2027 and August 2028 (European Parliament, official press release). This vote opened the trilogues between Parliament, the Council and the Commission.
7 May 2026: the trilogue agreement (Digital Omnibus on AI)
The Council of the European Union, the European Parliament and the Commission reached a provisional trilogue agreement on the Digital Omnibus on AI (Council of the EU, 7 May 2026 press release). Three major points: confirmation of the deadlines (December 2027 and August 2028), a new prohibition under Article 5 (generation of child sexual abuse material and non-consensual intimate imagery), and clarification of how the AI Act fits with the Machinery Regulation. For the detail of the trilogue agreement and its consequences for industrial maintenance, read the full decoding of the May 2026 AI Act and its impact on industrial maintenance.
Before 2 August 2026: formal adoption expected
The Omnibus text must now be formally adopted by the Parliament and the Council, before the original 2 August 2026 application date for high-risk obligations. The exact dates and wording may still shift marginally before final adoption, yet the direction is settled.
The consolidated 2026-2028 timeline for industrial maintenance
Four milestones to put on the calendar of a maintenance manager or an industrial IT manager. For each one: the applicable text, the exact scope and the concrete action to take.
Sources: Council of the EU, EU-OSHA Machinery Regulation, IAPP, EU agrees to amend AI Act.
Article 14 and human oversight, the central concept
Article 14 of Regulation (EU) 2024/1689 on AI sets out the principle of human oversight for AI systems classified as high-risk. It is the central concept of compliance, and it goes well beyond simply keeping a human in the loop.
What human oversight means in practice
Human oversight means that the decision to act on an AI recommendation stays with an identified person, able to understand the recommendation, judge its relevance, and reject it with a stated reason. This is not a human blindly validating a score: it is a human who understands why the AI proposes what it proposes, and who can argue against it.
Telling apart AI that decides and AI that proposes
An AI system that takes an action automatically (for example a machine shutdown on fault detection, with no human validation) falls directly within the scope of human oversight. An AI system that proposes a recommendation to the technician (for example a diagnostic hypothesis to validate) stays under human decision by design. The line is not in the technology, it is in the role granted to the machine.
Traceability and audit trail as a cumulative requirement
Human oversight has to be proven. A complete audit trail of the AI reasoning chain, the identifier of the technician who validated or corrected, a timestamp, the reason for any rejection. These elements will be required by the harmonised standards now being drafted and form the basis of a defensible compliance file. To go deeper into what trustworthy AI in industry actually means, read our complete guide to trustworthy AI in industry.
How Mimorian helps you reach compliance from today
Mimorian is an industrial intelligence platform that models equipment, structures fault diagnosis and captures the know-how of maintenance teams through a multi-agent AI architecture. Without prejudging the exact legal classification of the platform in any given customer use case, four design choices align Mimorian with the substance of the AI Act and the Machinery Regulation.
Native human oversight (human in the loop)
Each diagnostic hypothesis is ranked according to the machine context and presented to the technician. Validation, correction, reasoned rejection: the final decision stays human, and the stated reason enriches Mimorian's reasoning for later interventions. There is no automatic action on the machine and no decision without an identified human.
End-to-end traceability (prompt to answer to action)
The whole reasoning chain stays visible and auditable, from the source document to the displayed diagnosis. No black box: each recommendation is tied to the elements of the functional digital twin that produced it. The audit trail is native, not a module to buy on top.
European hosting and GDPR by design
Data stays in Europe, the architecture is GDPR-compliant by design, and the technical choices converge with the spirit of the AI Act on sovereignty and the protection of sensitive industrial data.
Structured reports and audit trail built in
Each intervention generates a structured report that includes the identified root cause, the components involved, the spare parts consumed, the time spent, the documentary sources consulted and the reasoning behind the technical choices. This fine-grained material feeds directly into the compliance file on the industrial side: an audit trail ready to use, with no extra layer.
Industrial maintenance action plan by deadline
Four working horizons to turn the timeline extension into a compliance advantage.
Now and until August 2026
- Map the AI uses already in place in the maintenance IT system (CMMS, diagnostic platform, vision, embedded modules).
- Pull the human-oversight criterion into supplier questionnaires: for each tool, does the technician see why the AI proposes a recommendation, and can they reject it?
- Track the formal adoption of the Omnibus by the Parliament and the Council, expected before 2 August 2026.
Before 20 January 2027 (Machinery Regulation date of application)
- For each AI safety component of a machine, identify the applicable conformity assessment category (self-assessment vs third party).
- Strengthen the technical documentation of AI modules performing a safety function (risk management, datasets, performance).
- Prepare the dialogue with notified bodies for categories requiring third-party assessment.
Before 2 December 2027 (Annex III)
- For each stand-alone AI system likely to fall under Annex III (biometrics, employment, essential services), formalise the Annex IV documentation.
- Put in place the complete audit trail of the AI reasoning chain and the human-oversight log.
- Prepare registration in the European database of high-risk AI systems.
Before 2 August 2028 (Annex I + Machinery Regulation delegated acts)
- Watch for the publication of the health and safety delegated acts that will integrate the AI requirements into Annex III of the Machinery Regulation.
- Align the technical documentation with the dual applicable regime (Machinery Regulation + AI delegated acts).
- Audit the AI supplier chain to confirm that each component holds its role in the sectoral compliance file.
3 questions to ask yourself when in doubt
If the answer to at least one of these questions is no, the compliance work deserves to start now.
Do I have a clear map of the AI tools already running in my maintenance IT system?
This is the first step, and it is rarely done properly. CMMS predictive module, line computer vision, documentary copilot, diagnostic platform, modules embedded on sensors. Without this map, it is impossible to assess the scope concerned by the AI Act or the Machinery Regulation. A 2-hour session with the IT department and the maintenance manager is usually enough to lay the groundwork.
Can my AI suppliers answer questions on human oversight and traceability?
A serious supplier knows which box it sits in and why. It does not promise full compliance (the final text does not exist yet), yet it can explain its architecture choices in light of the AI Act and the Machinery Regulation. If the supplier cannot, you will carry the regulatory risk in its place when the deadline arrives.
Am I able to prove the traceability of every AI decision today?
Audit trail, source of the recommendation, identifier of the technician who validated or corrected, timestamp, reason for any rejection. These elements will be required by the harmonised standards now being drafted. A tool that cannot produce them today will have to be replaced or rebuilt. A tool that produces them natively will absorb the standards like an update.
See Mimorian align with the AI Act and the Machinery Regulation
To discuss your compliance file, understand how Mimorian fits with your current stack and get a demonstration on a real case, request a demo. To go further in reading the AI Act, read the detailed decoding on the blog.