Much of the current discussion around AI remains focused on models, documentation, and upstream compliance.
Yet in critical environments, the real question is far more concrete: what actually governs an AI decision at the exact moment it becomes effective?
This question already applies across multiple sectors.
In healthcare, AI can influence decisions directly affecting safety and continuity of care.
In industry, it can shape maintenance, safety, and operational continuity.
In finance, it can intervene in sensitive decisions or high-impact flows.
In critical infrastructure and the public sector, reliability, traceability, and resilience cannot remain theoretical.
These environments do not simply require high-performing AI.
They require AI systems that are controlled under real execution conditions.
This is precisely the layer we are working on with OBELISK.
OBELISK is being developed as a strict runtime execution layer, focused on:
→ execution control
→ proof of execution
→ technical traceability
→ real-time anomaly and drift detection
→ forensic reconstruction of decisions
The goal is not only to observe AI systems, but to make their behaviour governable, auditable, reconstructable, and operationally reliable.
From this perspective, the discussion cannot be limited to the AI Act.
The AI Act already establishes key requirements for high-risk systems, including:
→ automatic logging
→ effective human oversight
→ robustness and cybersecurity across the lifecycle
However, in real-world deployment, AI execution also directly intersects with broader regulatory pressures:
- NIS2 → risk management, incident handling, business continuity, supply chain security, vulnerability handling, and cryptography requirements
- DORA → continuous monitoring, anomaly detection, ICT risk management, as well as backup, restoration, recovery, and incident reporting mechanisms in the financial sector
- Cyber Resilience Act → secure-by-design principles, lifecycle-wide cybersecurity requirements, and continuous vulnerability management
OBELISK is therefore not positioned as a declarative compliance tool.
It aims to establish a concrete technical bridge between:
→ AI deployment
→ digital resilience
→ operational governance
The potential benefits are direct:
- Innovation → accelerating the transition from prototype to production through better control of operational risk
- Cybersecurity → improving the detection, containment, and documentation of anomalous or malicious behaviours in real conditions
- Operations & maintenance → enabling more reliable, contextualised, and actionable AI-driven decisions in real workflows
- Auditability → producing usable, verifiable evidence beyond documentation alone
- Resilience → aligning AI systems with European requirements for continuity, recovery, and risk control
My conviction is clear:
Europe will not be able to industrialise trustworthy AI based on model performance alone.
It will require execution layers capable of controlling, proving, and if necessary interrupting the behaviour of critical systems.
The question then becomes:
how can these execution principles be translated into concrete, shared technical standards at the European level?
- Taggar
- Trustworthy AI cybersecurity
- Logga in för att kommentera