The Governability Gap under the EU AI Act: Compliance Without Governability in Autonomous Systems

Autonomous systems increasingly operate across extended runtime lifecycles characterized by continuous adaptation, environmental change and growing operational complexity. While the EU AI Act establishes extensive requirements concerning transparency, accountability, human oversight, risk management and post-market monitoring, relatively little attention has been devoted to situations in which systems remain formally compliant while progressively losing the practical capacity to support these objectives throughout runtime operation.

This paper introduces the concept of the Governability Gap, defined as the discrepancy between formal compliance status and the practical governability of an autonomous system. The paper argues that compliance and governability represent distinct concepts. Compliance describes the extent to which regulatory requirements have been satisfied, whereas governability describes the extent to which systems remain observable, traceable, controllable, auditable and accountable throughout operation.

Building upon previous work on Governability by Design and Regulatory Continuity, the paper explores how governability may deteriorate despite the continued satisfaction of formal compliance requirements. Sources of governability degradation including increasing operational complexity, runtime adaptation, distributed coordination, environmental evolution and emergent behavior are examined.

The paper further proposes that the Governability Gap may function as a leading indicator of future compliance degradation. As governability decreases, the ability to sustain transparency, accountability, oversight and risk management may progressively weaken, increasing the likelihood that regulatory objectives become difficult to maintain over time.

The central argument advanced is that future autonomous systems may not fail because compliance requirements are absent, but because the governability required to preserve those requirements gradually erodes during runtime operation. Understanding, identifying and addressing the Governability Gap may therefore become essential for maintaining regulatory continuity within increasingly autonomous technological ecosystems.