Manufacturing AI Hits 98% With No EU Compliance Plan
By Stephanie GoodmanMarch 30, 2026
Nearly every manufacturer has embedded AI into core operations, but the EU AI Act high-risk compliance deadline of August 2, 2026 requires 8 to 14 months of work and most have not started. This article maps the collision between manufacturing AI adoption speed, EU regulatory readiness, and new NDAA defense supply chain restrictions.
Controlling AI BehaviorAI Agents In BusinessAI Powered InfrastructureEnterprise AI ImplementationNews
Manufacturing AI Hits 98% With No EU Compliance Plan
A January 2026 survey of manufacturers by Redwood Software found that 98% are exploring or implementing AI-driven automation. Only 20% said they feel prepared to use it at scale. That contrast has been an industry talking point for years. What makes it urgent now is a date: August 2, 2026, when the EU AI Act's requirements for high-risk AI systems take full effect.
Manufacturing AI for quality control, predictive maintenance AI, safety monitoring, and production scheduling all fall under the EU AI Act's Annex III high-risk classification. Companies using these systems in or selling into European markets will need to demonstrate conformity — documented risk management, human oversight mechanisms, data governance, and third-party assessment where required. The realistic compliance timeline, according to analysis from Modulos, runs 8 to 14 months. With roughly four months left before enforcement begins, most manufacturers who have not started a compliance program are already past the point where they can finish one.
Adoption Without Architecture
Redwood describes the manufacturers it surveyed as "trapped in mid-stage automation maturity." Most have automated fewer than half of their core operations. Exception handling is rarely automated. Data transfers between systems remain largely manual. The automation that exists tends to live inside individual applications — a machine learning model for visual inspection here, a scheduling optimizer there — without the connective tissue that would let those systems share data, hand off decisions, or produce a unified audit trail.
A parallel report from Fictiv and MISUMI, surveying senior manufacturing and supply chain leaders, reinforces the adoption side: the vast majority say AI is embedded across core workflows and consider it a requirement for future competitiveness. But the same respondents report that supplier sourcing is becoming more time-consuming and more expensive year over year, suggesting that the factory automation AI embedded in these operations has not yet fixed fundamental procurement friction. The tools exist. The integration between them does not.
The pattern across both surveys is the same. Manufacturers adopted industrial automation AI tools faster than the governance, documentation, and cross-system integration those tools require to operate compliantly. The challenge mirrors what enterprises across sectors are discovering: deploying AI agents at scale without centralized policy infrastructure creates compliance debt that compounds over time.
Deloitte's 2026 State of AI in the Enterprise report adds context on governance readiness. Most organizations pursuing AI transformation are either redesigning individual processes or applying AI at a surface level with minimal structural changes. For oversight of autonomous agents specifically, Deloitte found that mature governance structures remain rare, even as most organizations expect to deploy agentic AI across multiple business areas within two years. The gap between deployment velocity and governance readiness is widening, not closing.
What the EU AI Act Requires From Manufacturing
The EU AI Act classifies AI systems by risk tier. Manufacturing AI used for quality inspection, robotic safety controls, predictive maintenance, and workforce monitoring falls into the high-risk category under Annex III. Systems in this tier must meet requirements spanning risk management, data quality, technical documentation, record-keeping, transparency, human oversight, accuracy, robustness, and cybersecurity.
Compliance is not a single filing. Modulos breaks the realistic timeline into four stages: system inventory and gap analysis, technical modifications to existing systems, documentation production, and conformity assessment by a notified body. Those notified bodies — the third-party auditors authorized to certify conformity — are already booking into Q2 2026, compressing the available assessment window further. Enterprises navigating similar compliance-driven deployment timelines across sectors are finding that the operational work of meeting regulatory deadlines far exceeds the technical work of building the AI itself.
The EU AI Act does not exist in isolation. Manufacturers selling into Europe are simultaneously navigating the Carbon Border Adjustment Mechanism (CBAM), which took effect in January 2026; the Cyber Resilience Act (CRA), with reporting obligations starting September 2026; and the EU Deforestation Regulation (EUDR), applying in December 2026. Each regulation carries its own documentation, supplier oversight, and data requirements. The compliance burden is cumulative, and the teams responsible for it are often the same small group inside each company.
Defense AI Supply Chains Add a Second Layer
Manufacturers embedded in U.S. defense supply chains face an additional regulatory front. The 2026 National Defense Authorization Act (NDAA) mandates strict controls over AI used in defense and intelligence agency contracts. The law specifically prohibits "Covered AI" — defined to include AI from DeepSeek, High Flyer, and entities owned, funded, or controlled by them, as well as AI from companies domiciled in or controlled by China, Russia, Iran, or North Korea.
The scope is broad. The prohibition covers indirect ownership structures, entities on the Commerce Department's Consolidated Screening List, and companies on the civil-military fusion list.
The NDAA also creates new governance structures: an AI Futures Steering Committee co-chaired by the Deputy Secretary of Defense and the Vice-Chairman of the Joint Chiefs of Staff, and a Cross Functional Team led by a new Chief Digital and Artificial Intelligence Officer. The Secretary of Defense must develop a cybersecurity and physical security framework for AI that addresses AI supply chain risks, data poisoning, adversarial tampering, and theft exposure.
For defense contractors, the enforcement mechanism is the False Claims Act — incorrect compliance certifications carry federal fraud liability. The precedent follows the 2019 NDAA's Section 889, which banned Huawei telecommunications equipment from government contracts. That ban reshaped procurement across the defense industrial base. The AI restrictions in the 2026 NDAA are written to do the same.
Manufacturers with dual-use operations — serving both commercial and defense customers — now need compliance programs that satisfy both the EU AI Act's documentation and oversight requirements and the NDAA's AI supply chain restrictions simultaneously.
Who Is Building Toward Compliance
Not every manufacturer is behind. Siemens and NVIDIA announced at CES in January 2026 that they are building what they call an "Industrial AI Operating System" spanning the full product and production lifecycle. The partnership includes a first-of-its-kind AI-driven adaptive manufacturing site launching in 2026 at Siemens' electronics factory in Erlangen, Germany. Early evaluators include Foxconn, HD Hyundai, KION Group, and PepsiCo.
Samsung announced in March 2026 at MWC Barcelona a strategy to transition its global manufacturing into AI-driven factories by 2030. The plan includes AI agents for AI quality control, production optimization, and logistics, plus specialized robots integrated with digital twin simulations across facilities. Samsung's stated goal is manufacturing environments where AI "understands operational contexts in real time and independently executes optimal decisions" — language that puts its roadmap squarely inside the EU AI Act's high-risk classification for autonomous decision-making in production.
Both efforts treat factory automation AI and industrial automation AI as full operational architectures rather than isolated tools. That framing matters for compliance: the EU AI Act's human oversight and documentation requirements are easier to meet when AI systems are designed as integrated platforms rather than added to legacy processes one application at a time. The design principle is the same one that makes human-in-the-loop approval workflows viable at enterprise scale — governance has to be designed into the system from the start, not retrofitted after deployment.
For companies still operating with fragmented, siloed AI deployments — which both the Redwood and Fictiv surveys suggest describes most of the industry — the compliance work is harder. Each standalone AI quality control system, each separate predictive maintenance AI model, each independent scheduling tool needs its own risk assessment, documentation, and conformity pathway.
AgentPMT's approach to agent governance addresses this gap directly. Audit logging of every agent action, budget controls that enforce spend limits cryptographically, and human-in-the-loop approval workflows accessible via mobile app provide the kind of operational accountability infrastructure that the EU AI Act's human oversight requirements demand. For manufacturers running dozens of AI tools across production lines, the ability to manage oversight, approvals, and audit trails from a single platform is what turns a compliance obligation into a workable system.
Four Months and Counting
The arithmetic is plain. August 2, 2026 is roughly four months away. The minimum realistic compliance timeline is eight months. Notified body capacity is constrained. For manufacturers running AI supply chain tools, AI quality control systems, and predictive maintenance AI across European operations, the window for completing a full conformity process before enforcement has effectively closed.
That means the path forward is triage: identifying which AI systems fall under Annex III, prioritizing the highest-risk applications for documentation and assessment first, and building governance infrastructure that can scale across the remaining systems over time. Manufacturers who treat this as a one-time regulatory exercise will find themselves repeating it as the CRA, EUDR, and defense supply chain requirements layer on through the rest of 2026 and into 2027.
The industry built AI into its operations before it built the governance around it. The regulatory calendar is now forcing the question of what that oversight gap actually costs.
Sources
- Manufacturing AI and Automation Outlook 2026 — PR Newswire / Redwood Software
- EU AI Act High-Risk Compliance Deadline 2026 — Modulos
- 2026 Regulatory Changes Reshaping Manufacturing Supply Chains — Certa
- AI Supply Chain and Security: Congress Mandates Strict Controls — Freshfields
- Siemens and NVIDIA Expand Partnership for Industrial AI Operating System — NVIDIA Newsroom
- Fictiv 11th Annual State of Manufacturing Supply Chain Report — Hipther / Fictiv
- Deloitte: Companies Are Preparing for Agentic and Physical AI Adoption — TechWire Asia
- Siemens-NVIDIA Industrial AI Operating System — Interesting Engineering
- State of AI in the Enterprise 2026 — Deloitte Global
- Samsung Electronics Announces Strategy to Transition Global Manufacturing Into AI-Driven Factories by 2030 — Samsung Newsroom