Most organisations preparing for the EU AI Act are focused on the right things. Risk registers. Technical documentation. Data governance policies.
But there is one requirement that almost nobody is talking about and it is arguably the most important one.
Article 26 of the EU AI Act requires organisations to assign a named individual who is accountable for every high-risk AI system they deploy.
Not a team. Not a department. A specific person whose name goes on the record.
Why this matters more than most people realise
A 2025 analysis of enterprise AI deployments found that fewer than 20% of organisations using high-risk AI had a clearly defined human accountable for each system. In most cases accountability was spread across IT, Legal, and the business unit with nobody actually owning the consequences.
The EU AI Act closes that gap explicitly.
Article 14 requires a real human who can monitor what the AI is doing, intervene when something looks wrong, and override a decision when necessary. Not theoretically. Operationally.
Article 73 requires serious incidents to be reported to national authorities within 15 days. Without a named accountable person and a documented escalation chain, meeting that deadline is nearly impossible in practice.
And under Recital 58, the board cannot delegate this accountability away. They are legally responsible for the organisation's AI posture whether they know it or not.
The three questions your organisation should be able to answer today
For every AI system you currently have in production:
One. Who is the named owner and when did they last review the system?
Two. Is there a real human actively monitoring its outputs and able to override a decision?
Three. If something went wrong tomorrow, who gets called first and what happens in the following 15 days?
If you cannot answer all three for every high-risk AI system you operate, that is not a knowledge gap. It is a compliance gap.
What regulators will actually check
When enforcement actions begin under the EU AI Act, regulators will not just ask to see your documentation. They will ask to speak with the person responsible.
They will verify that this person exists, understands their accountability, and can demonstrate they exercise it in practice. A name in a database is not the same as genuine human oversight.
The organisations that will navigate enforcement successfully are the ones where accountability is real, not just recorded.
The window is narrowing
The EU AI Act transparency deadline arrives in August 2026. The full high-risk obligations follow in December 2027. A minimum of 12 to 18 months is needed to implement proper governance structures for a mid-sized organisation.
The human accountability structure is not something you can build in the final weeks before a deadline. It takes time to design, assign, and embed into how an organisation actually operates.
The question is not whether you need this. You do.
The question is whether you are building it now.
At Greyguard we help organisations design human accountability structures for every AI system they operate. Not just the documentation. The real thing. Start at greyguardconsulting.com