Architectural Governance of Autonomous Systems under the EU AI Act

This paper presents an architectural governance framework for autonomous systems that operationalizes compliance with the EU AI Act through system-level design principles. It demonstrates how capability lifecycle governance, non-bypassable execution control, and runtime safety enforcement can be integrated to ensure that autonomous systems comply with regulatory requirements by design. Related works: - A Governance Architecture for Safe and Bounded Autonomous Systems - Non-Bypassable Execution Control in Autonomous Systems - Capability Lifecycle Governance in Autonomous Systems - Safety-Bounded Autonomy in Distributed Autonomous Systems This paper serves as the regulatory and architectural reference within a broader research program on governance and execution control for autonomous systems. Autonomous systems increasingly integrate artificial intelligence capabilities operating in dynamic and partially unpredictable real-world environments. As these systems scale across logistics, manufacturing, mobility, and service domains, regulatory frameworks such as the EU Artificial Intelligence Act introduce strict requirements for governance, risk management, human oversight, monitoring, and lifecycle control of high-risk AI systems. This paper proposes an architectural approach for embedding regulatory compliance directly into system design. Rather than treating compliance as an external or post-hoc process, the proposed framework maps regulatory requirements to enforceable system-level control mechanisms. The architecture introduces a structured governance model based on three core layers: - Capability lifecycle governance, defining what the system is authorized to do - Non-bypassable execution control, ensuring that all system actions are mediated through enforceable control mechanisms - Runtime safety enforcement, continuously validating system behavior against safety and regulatory constraints Execution of all system actions is strictly mediated through non-bypassable control mechanisms that enforce compliance with predefined safety and regulatory constraints at runtime. This establishes a direct mapping between regulatory requirements and enforceable architectural control structures, enabling deterministic, auditable, and verifiable system behavior. The architecture extends naturally to distributed autonomous systems and multi-agent environments, where governance and safety enforcement may be coordinated across multiple system components or agents. The framework is intentionally defined at the architectural level. It does not prescribe specific technical implementations but defines enforceable structural constraints that can be realized through different system-level mechanisms, including software-based control logic, hardware-assisted enforcement, or distributed governance infrastructures. By embedding governance directly into the system architecture, this approach enables bounded, trustworthy, and regulation-compliant operation of autonomous systems. It provides a scalable foundation for aligning advanced AI capabilities with regulatory requirements in safety-critical and real-world deployments. This work is part of a broader research program on governance and execution control for autonomous systems, including capability lifecycle governance, safety-bounded autonomy, and non-bypassable execution control architectures.