Director Attestation Under EU AI Act Articles 26 and 27 — The Layer Above Architecture That No Governance Platform Today Delivers

1. The Fourth Question, One Layer Up

In a single LinkedIn comment on the public exchange between senior practitioners that ran through the second week of May 2026, Guy Miller, Head of Strategic Partnerships at Archimedes Lever, named the layer the system-level audit-trail conversation had been working below.

Three days later, Adil Ali, Founder and CEO of Shadow AI Forensics, sharpened the personal-defence framing in a reply on the same thread:

The structural premise of this piece is that Miller is right about the gap and Ali is right about the consequence — and that the resolution requires precision about what the EU AI Act actually obliges of the deployer organisation, what it does not oblige of the named director as a separate legal subject, and where Article 27's Fundamental Rights Impact Assessment sits as the closest existing statutory artefact to the missing attestation primitive.

The legal honesty discipline of this piece is binding. Every claim about Articles 26, 27 and 99 is anchored to the verbatim text of Regulation (EU) 2024/1689 as published on artificialintelligenceact.eu and verified against the source before publication. Every claim about personal director liability is calibrated to the published case-law base, which as of mid-2026 is empty because Annex III high-risk enforcement begins on 2 December 2027 under the post-Omnibus calendar.

2. What Article 26 Actually Obliges — on the Deployer Organisation

Article 26 of Regulation (EU) 2024/1689 sets out the obligations of deployers of high-risk AI systems. The Article has twelve paragraphs. Paragraph 1 sets the foundational duty (EU AI Act Article 26, accessed 2 June 2026):

The four substantive paragraphs most directly relevant to the director-attestation question are below, each summarised in operational terms.

• Article 26(2) — Human oversight assignment. The deployer shall assign human oversight to natural persons who have the necessary competence, training and authority, as well as the necessary support. This is the only paragraph in Article 26 that explicitly identifies natural persons as duty-bearers within the deployer organisation — but it does so as an organisational obligation to assign the persons, not as a personal obligation imposed on those persons themselves.
• Article 26(5) — Monitoring of operation. The deployer shall monitor the operation of the high-risk AI system on the basis of the instructions for use and shall inform the provider and (where relevant) competent authorities if it identifies risks within the meaning of Article 79(1) or serious incidents within the meaning of Article 73.
• Article 26(6) — Log retention. The deployer shall keep the logs automatically generated by the high-risk AI system for a period appropriate to the intended purpose, and in any event for at least six months, unless otherwise provided in applicable Union or national law.
• Article 26(11) — Information to natural persons. Deployers of high-risk AI systems that make decisions or assist in making decisions related to natural persons shall inform those persons that they are subject to the use of the high-risk AI system. This obligation operates alongside the Article 50 transparency obligations addressed in the Article 50 content disclosure piece.

None of Article 26's twelve paragraphs imposes a separate evidentiary duty on the natural-person director who, within the deployer organisation, approved the deployment. The Regulation regulates the deployer as a legal entity. The director's position within that legal entity — whether as an executive officer, a board member, a designated AI Risk Owner, or an Article 14 human-oversight assignee — is a matter of internal organisational allocation, not statutory designation by Article 26.

3. Article 27 and the Limited Scope of the Fundamental Rights Impact Assessment

Article 27 introduces the Fundamental Rights Impact Assessment (FRIA), an obligation distinct from but related to Article 26. The opening sentence of Article 27(1) is the most carefully constructed scope clause in the deployer-side regime (EU AI Act Article 27, accessed 2 June 2026):

Article 27's scope is therefore deliberately narrow. It applies to three categories of deployer only:

• Bodies governed by public law. Government departments, agencies, statutory bodies and similar entities deploying high-risk AI systems within their public-administration functions.
• Private entities providing public services. Privately-organised entities that nonetheless perform a public function under delegation, concession, or statutory mandate.
• Deployers of high-risk AI systems in Annex III points 5(b) and 5(c). Specifically: AI systems intended to be used to evaluate creditworthiness or establish credit scores of natural persons (5(b)); and AI systems intended to be used for risk assessment and pricing in relation to natural persons in the case of life and health insurance (5(c)).

The scope expressly excludes high-risk AI systems intended to be used in the area listed in Annex III point 2 (critical infrastructure). It does not extend to most private-sector deployers operating in Annex III categories outside 5(b) and (c). A deployer of a high-risk AI system used for employment-related decisions under Annex III point 4, for example, has no Article 27 FRIA obligation even though the system carries human-rights implications.

For deployers within scope, Article 27(1) requires the FRIA to contain six substantive elements: (a) a description of the deployer's processes in which the AI system will be used; (b) the period of time within and the frequency with which the system is intended to be used; (c) the categories of natural persons and groups likely to be affected; (d) the specific risks of harm likely to impact those categories; (e) a description of the implementation of human oversight measures; (f) the measures to be taken in case those risks materialise, including arrangements for internal governance and complaint mechanisms.

Once the FRIA has been performed, Article 27 requires the deployer to notify the market surveillance authority of the results, submitting a filled-out template — an exemption applies under Article 46(1) in limited circumstances. The FRIA is therefore not just an internal document. It is a statutory artefact tied to a specific deployment decision, dated, contemporaneous, submitted to a regulator, and (within scope) legally required to exist before deployment can lawfully proceed.

4. Article 99 and the Deployer-vs-Director Distinction in the Penalty Regime

Article 99 of the Regulation establishes the penalty framework that enforces the deployer-side obligations of Articles 26 and 27 (and the corresponding provider-side obligations of Articles 16 and 17). The opening sentence of Article 99(1) sets the basic allocation (EU AI Act Article 99, accessed 2 June 2026):

Three structural features of Article 99 matter for the director-attestation question.

First, the penalty regime is Member-State implementation, not directly self-executing at EU level. Article 99 directs Member States to lay down the rules. The substantive maximum thresholds are set in the Article, but the procedural application — who issues penalties, by what process, against whom, with what defences — is left to national implementation under Article 99(9): “may be imposed by competent national courts or by other bodies, as applicable in those Member States.”

Second, the monetary thresholds are framed for legal entities. The Article 99 maxima are: up to EUR 35 million or 7 percent of worldwide annual turnover (whichever is higher) for Article 5 prohibited-practices violations; up to EUR 15 million or 3 percent of worldwide annual turnover for operator and notified-body violations; up to EUR 7.5 million or 1 percent for the supply of incorrect or misleading information. The structural reference is to “operators” and “undertakings” — legal entities — not to the natural-person directors within them.

Third, Article 99 does not establish a separate natural-person penalty regime for directors as such. The director, in the AI Act's architecture, is not a separately addressed legal subject. The director is operationally relevant inside the deployer organisation — they may be the human-oversight assignee under Article 26(2), the approver of the deployment decision, the signatory to the FRIA under Article 27 — but the AI Act does not treat the director as a standalone duty-bearer or penalty target.

5. The Counter-Argument and the Honest Legal Framing

The natural reading of the three Articles above is that personal director liability is “inherited from member-state company law” rather than created by the AI Act itself. That framing is broadly correct but, under scrutiny, incomplete. Several alternative routes to personal exposure exist that are not captured by the company-law shorthand.

Counter-argument stress test

“Inherited from company law” is incomplete. Personal exposure may arise through several distinct national-law routes.

On the strict reading of Articles 26, 27 and 99, the AI Act does not create a standalone personal director-liability regime. Adil Ali's observation that “I didn't know they were using it” will not be a valid defence for a director is operationally correct, but the legal basis for that conclusion sits outside the AI Act text. The defensible formulation is narrower and more precise than the company-law shorthand.

Personal director exposure, where it attaches at all, may arise through at least five distinct national-law routes interacting with the AI Act's organisational duties:

• National company-law director-duty regimes. Member-State statutory or common-law duties of care, loyalty, and good faith owed by directors to the company; breach gives rise to civil action by the company or its shareholders. Distinct in each jurisdiction.
• Breach of statutory duty under national implementation law. Where Member States, in implementing Article 99 under their national procedural law, choose to extend personal exposure to directors who failed to discharge an organisational duty.
• Aiding-and-abetting theories. Where national criminal or quasi-criminal law extends liability to natural persons who knowingly facilitated an organisational violation.
• National criminal-law extensions. Where a specific Member State, in the exercise of the discretion left by Article 99(9), establishes parallel criminal-law sanctions for AI Act violations that reach beyond the legal entity to its directing minds.
• Sector-specific overlays. Financial services (DORA), data protection (GDPR Article 83 administrative-fine personal-data-controller regime), product safety, and other sectoral regimes whose personal-liability provisions may apply concurrently with the AI Act.

The result is that the question “is the director personally liable” is currently undecided in published case law for the simple reason that Annex III high-risk enforcement begins 2 December 2027 under the post-Omnibus calendar. The case law that will settle the question does not yet exist. What can be stated with confidence is that the answer will not come from Articles 26, 27 or 99 alone; it will come from the interaction of those Articles with whichever of the five national-law routes a Member State has chosen to construct.

Analytical method: the “inherited from company law” framing was stress-tested against the verbatim text of Articles 26, 27 and 99 fetched and verified from the artificialintelligenceact.eu source, against the verbatim Guy Miller and Adil Ali quotations re-locked from the project's LinkedIn corpus, and against the absence of published case law as of mid-2026 using the GraQle reasoning substrate (synthesis confidence 87 %). The reformulation to five distinct national-law routes is the author's reading; the substrate confirmed the incompleteness of the single-route “company law” framing.

6. The Second-Order Observation: The Article 27 FRIA as the Missing Primitive

If the AI Act does not directly create a director-personal-attestation primitive, the natural question is whether any existing provision in the Regulation produces, as a by-product of its statutory function, an artefact close enough to serve the purpose. That question has not been raised on the public LinkedIn thread that produced Miller's formulation. It has a clean answer.

Second-order observation

Not raised on the public LinkedIn thread · Article 27 FRIA is the closest existing statutory artefact to Miller's missing primitive

Among the verified provisions of Regulation (EU) 2024/1689, the Article 27 Fundamental Rights Impact Assessment is the closest existing statutory analogue to the director-personal-attestation primitive Miller identified as missing. It is contemporaneous, dated, documented, statutorily required, tied to a specific deployment decision, created by the deployer-side organisation rather than by the AI system itself, and notified to the market surveillance authority. As a by-product of its statutory function it produces an attributable artefact that no other obligation in the Regulation produces.

The FRIA is not, on its statutory text, a personal attestation. It is an organisational artefact. It is owed by the deployer organisation, not by a named director. Its six substantive elements (a)-(f) address organisational processes, intended use, affected categories, identified risks, oversight measures and complaint mechanisms — not personal certifications of independent judgement.

But the FRIA is the closest existing thing. To convert it into the director-personal-attestation primitive Miller identified, the deployer organisation would need to add six governance controls on top of the statutory artefact:

1. Named signatory. Identify the approving director explicitly as the natural person attaching their personal name to the FRIA submission.
2. Personal certification. Require the director to certify, by separate written statement attached to the FRIA, that they personally reviewed the assessment and satisfied themselves as to the deployment decision.
3. Evidence pack. Attach to the FRIA the underlying materials the director relied on: test results, risk assessments, oversight reports, prior incident history, briefing memos. The evidence the director claims to have reviewed must travel with the certification.
4. Retention and survivability. Preserve the record beyond the director's departure from the organisation and beyond ordinary document-retention cycles, in a form independent of the SaaS dashboards and vendor subscriptions that may lapse.
5. Independence from vendor artefacts. Include the director's own contemporaneous reasoning, not just the vendor's assurance pack. The director's judgement is what is being attested; the vendor's claims are an input, not the attestation itself.
6. Audit-trail linkage. Link the FRIA and its accompanying certification to the deployment-approval workflow so that the approval event and the evidence set are inseparable. A FRIA without an approval-workflow linkage is an organisational document; a FRIA with that linkage is closer to a personal record.

The FRIA is the substrate; the director attestation is what governance design has to build on top of it. The implication for any deployer within Article 27 scope — public-law bodies, private entities providing public services, and Annex III 5(b)/(c) credit-scoring and life/health insurance deployers — is that the FRIA workflow can be re-engineered now, before the December 2027 enforcement date, to produce the director-attestation primitive Miller identified as missing. The cost of doing so is contractual and procedural, not technical. The benefit is that when the case law settling the personal-liability question begins to emerge in 2028 and beyond, the deployers who built the attestation layer on top of the FRIA will have the artefact the case law will reward.

Analytical method: the FRIA-as-director-attestation-primitive observation was surfaced through GraQle's reasoning substrate during a structured query that included verbatim Article 27(1) text plus the verbatim Miller and Ali quotations (synthesis confidence 87 %; novelty score 0.86 — the highest novelty score recorded in this series). The framing has not been raised by any contributor (Miller, Ali, Borner, Matiash, Eze, Picard, Jones, Brown, Grover, Chapman) on the public LinkedIn thread of 11–17 May 2026. The legal conclusion that the FRIA, on its statutory text, is an organisational artefact is the author's; the substrate's contribution was to surface the FRIA as the nearest available primitive among the verified provisions.

7. What This Means for a Named Director Approving an AI Deployment

For a director, executive officer, or board-designated AI Risk Owner who will approve a high-risk AI deployment between mid-2026 and the December 2027 enforcement date, three working practices follow from the legal architecture above.

1. Do not rely on the AI Act as a personal-defence shield. The fact that the AI Act does not directly establish a personal director regime does not mean personal exposure cannot attach through one of the five national-law routes identified in Section 5. Acting as if the absence of an AI Act personal-liability provision is the same as the absence of personal exposure is the predictable mistake the post-2027 enforcement environment will punish.
2. If the deployer falls within Article 27 scope, treat the FRIA workflow as the personal-attestation primitive in waiting. Build the six governance controls in Section 6 (named signatory, personal certification, evidence pack, retention and survivability, independence from vendor artefacts, audit-trail linkage) on top of the statutory FRIA workflow. The cost is contractual and procedural; the artefact is what the post-2027 case law will reward. For deployers outside Article 27 scope, construct the equivalent attestation primitive through internal governance design, attaching it to the Article 26(2) human-oversight assignment.
3. Keep the personal record independent of the company's document-retention cycle. The director's personal attestation, the evidence pack supporting it, and the approval-workflow linkage have to survive the director's departure from the company, the company's restructuring or acquisition, and a legal proceeding that names the director by name. None of those scenarios is well-served by a SaaS dashboard tied to the company's subscription. The personal record has to be portable, durable, and independent.

For the broader procurement-side reading of how the director-attestation layer fits into the five-layer EU AI Act audit-trail stack, see the pillar piece on the EU AI Act audit-trail stack. For the architecture-layer reading of how the Article 27 FRIA composes with the substrate that records the underlying decisions, see Cluster 1 on recall versus verifiability. For the five-question vendor-evaluation diagnostic that exposes whether a vendor's product can support the director-attestation primitive, see Cluster 2 on the procurement diagnostic. For the operational-control reading of how the director-attestation layer interacts with the five dimensions of regulator-grade AI governance, see Cluster 3. For the methodology/architecture/standards layer analysis, see Cluster 4.

8. What Is Still Unsolved

Three gaps remain in the director-attestation framing that the public thread has not closed.

First, the case-law vacuum. As of mid-2026, no published case law settles the question of whether personal director liability attaches to an AI Act compliance failure, because Annex III high-risk enforcement begins 2 December 2027 under the post-Omnibus calendar (Orrick, 7 May 2026). The five national-law routes identified in Section 5 are theoretical until cases begin to be brought; the first directors to face inspection will, in practice, be the test cases that settle the question.

Second, the FRIA-scope limit. Article 27 applies to bodies governed by public law, private entities providing public services, and deployers of Annex III points 5(b) and 5(c) systems only. A deployer of an Annex III point 4 (employment-related) or Annex III point 6 (law enforcement, where permitted) or Annex III point 8 (administration of justice) high-risk AI system has no statutory FRIA obligation. For those deployers, the FRIA-as-director-attestation-primitive observation in Section 6 does not apply directly; the equivalent must be constructed through internal governance design without the statutory anchor. That construction is feasible but less defensible than the FRIA-based path.

Third, the agentic-systems extension. The director-attestation primitive in this piece assumes a discrete deployment decision a director can approve in advance. For agentic AI systems that take multi-step action chains with behavioural drift, the approval decision may not be discrete in any meaningful sense; each invocation may differ from the validated configuration. The April 2026 working paper by Nannini, Smith, Maggini, Panai, Feliciano, Tiulkanov, Maran, Gealy and Bisconti (“AI Agents Under EU Law”, arXiv:2604.04604, submitted 6 April 2026) flags that high-risk agentic systems with untraceable behavioural drift cannot currently satisfy the AI Act's essential requirements. The director-attestation primitive in this piece does not yet extend to that case — the underlying decision the director would attest to is itself not well-defined.

Frequently Asked Questions