Este artigo está disponível apenas em inglês no momento.
AI Governance in Manufacturing and Supply Chains: Regulatory Obligations and Practical Governance
Manufacturing and supply chain AI — predictive maintenance, quality control, demand forecasting, robotics — sits at the intersection of EU AI Act Annex I product safety law, OT cybersecurity obligations, and employment law. Here is the complete governance picture.
Key Takeaways
AI embedded in manufactured products (machinery, industrial equipment) falls under EU AI Act Annex I — the Machinery Regulation and other EU product safety laws intersect with AI Act obligations.
The EU AI Act Omnibus (May 2026) partially resolved the Annex I tension: the Machinery Regulation receives a direct carve-out; AI in machinery will be governed through delegated acts under that Regulation rather than the AI Act directly.
Predictive maintenance AI, quality control AI, and production scheduling AI are not inherently high-risk under the EU AI Act if they do not directly control safety-critical functions — but OT cybersecurity obligations apply regardless.
Supply chain AI for demand forecasting and inventory management creates concentration risk — dependence on single algorithmic platforms creates systemic supply chain vulnerability that governance frameworks must address.
AI in manufacturing employment — automated performance monitoring, robot-coworker assignment, algorithmic scheduling — triggers employment law obligations in all major manufacturing jurisdictions.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
Manufacturing AI governance: the regulatory stack
Manufacturing is one of the most complex sectors for AI governance because it sits at the intersection of multiple regulatory frameworks simultaneously: EU AI Act product safety obligations, OT (operational technology) cybersecurity requirements, employment law covering the manufacturing workforce, sector-specific safety regulations, and supply chain governance obligations. None of these frameworks was designed with manufacturing AI specifically in mind, which means careful mapping is required to understand which obligations apply to which AI systems.
EU AI Act and the Annex I product safety intersection
The EU AI Act's Annex I lists EU product safety legislation whose scope intersects with AI. This includes the Machinery Regulation, the Radio Equipment Directive, the Low Voltage Directive, and others. The original AI Act created a complex compliance challenge for manufacturers: an AI system embedded in a machine might need to comply with both the Machinery Regulation (for safety certification) and the EU AI Act (for AI governance), with unclear overlap between requirements.
The May 2026 Omnibus partly resolved this. The Machinery Regulation receives a direct carve-out from the AI Act: AI within machinery governed by the Machinery Regulation is exempted from direct AI Act application, with AI-specific safety requirements being introduced through delegated acts under the Machinery Regulation instead. For manufacturers, this means Machinery Regulation compliance — not AI Act Annex III conformity assessment — is the primary compliance mechanism for AI embedded in machinery. The deadline for embedded AI systems under other Annex I regulations is August 2028.
Process AI: predictive maintenance, quality control, scheduling
AI systems that assist manufacturing process management — predictive maintenance models that flag equipment failure risk, quality control vision systems that detect defects, production scheduling AI that optimises throughput — are generally not classified as high-risk under EU AI Act Annex III. They are not directly controlling safety-critical functions, not making decisions about people in consequential ways, and not embedded in products subject to Annex I safety law. The EU AI Act's transparency and minimal risk provisions apply, but not the full high-risk compliance obligations.
This does not mean they are ungoverned. OT cybersecurity obligations under the NIS 2 Directive (for critical infrastructure operators) and sector-specific industrial safety regulations apply to AI systems that interface with operational technology. An AI that incorrectly predicts equipment health and triggers premature maintenance shutdowns can have significant production and safety consequences — not as a regulatory AI failure, but as an operational one that falls under existing industrial safety frameworks.
Supply chain concentration risk
One of the most significant and least discussed AI governance risks in manufacturing is supply chain concentration in AI platforms. Manufacturers that have deployed common AI platforms for demand forecasting, production optimisation, or procurement management have created single points of algorithmic failure across their operations. The COVID-19 pandemic demonstrated that AI demand forecasting models trained on pre-pandemic data failed at scale during demand shocks. Governance must address algorithmic concentration risk as a supply chain resilience issue.
Manufacturing employment AI
AI systems that monitor manufacturing employee performance, allocate tasks between human workers and robots, schedule shifts, or assess productivity create employment law obligations across major manufacturing jurisdictions. EU AI Act Annex III explicitly includes "employment, workers management and access to self-employment" as a high-risk AI category — AI used for task allocation, performance monitoring, and access to employment in manufacturing falls within this. Combined with works council rights in Germany and similar employee representation rights across Europe, deploying monitoring and scheduling AI in manufacturing plants requires careful governance of the employment dimension alongside the technical compliance requirements.