AI in Manufacturing and Supply Chain: Governance for Industrial AI, Predictive Maintenance, and Autonomous Systems

Manufacturing and supply chain AI — predictive maintenance, quality control, autonomous robots, supply chain optimisation — creates specific governance obligations around worker safety, product liability, and supply chain ethics. The 2026 enterprise guide.

Key Takeaways

AI in safety-critical manufacturing operations — autonomous robots, quality control AI in safety-critical products, predictive maintenance for critical equipment — requires safety assessment under WHS legislation and may require specific safety certification.
Product liability follows the product: AI-assisted quality control that fails to detect a defect in a safety-critical product creates the same product liability as manual QC that misses the same defect — and the manufacturer bears the liability.
EU AI Act implications for manufacturers: AI used in safety components of machinery, AI-based inspection systems in safety-relevant manufacturing contexts, and AI in critical infrastructure manufacturing may be high-risk under the EU AI Act if the products are sold into the EU market.
Supply chain AI creates new due diligence obligations — AI-driven supplier selection, risk scoring, and monitoring must be consistent with modern slavery due diligence requirements and trade compliance obligations.
Workforce AI in manufacturing — algorithmic task allocation, productivity monitoring, and AI-driven workforce planning — creates the same Fair Work Act and employment law obligations as in any other sector, adapted for the manufacturing context.

"Nur zu Informationszwecken. Dieser Artikel stellt keine rechtliche, regulatorische, finanzielle oder professionelle Beratung dar. Konsultieren Sie einen qualifizierten Spezialisten für spezifische Beratung."

AI in manufacturing and supply chains — operational reality in 2026

Manufacturing and supply chain operations have moved from AI pilot projects to operational deployment at scale. The applications are diverse: predictive maintenance for production equipment and infrastructure; computer vision quality inspection on production lines; AI-driven demand forecasting and inventory optimisation; route optimisation and fleet management for logistics; supplier risk assessment and procurement automation; warehouse robotics with AI-driven control systems; and increasingly, autonomous decision-making in production planning and inventory replenishment.

This operational shift creates governance obligations across multiple regulatory regimes simultaneously: EU AI Act (high-risk classification for machinery and safety components), sector-specific safety regulation (machinery directives, workplace safety law), supply chain due diligence regulation (EU CSDDD, German Supply Chain Act, UK Modern Slavery Act), and emerging requirements around AI-enabled critical infrastructure.

EU AI Act — manufacturing AI is heavily affected

The EU AI Act is particularly impactful for manufacturing because of the interaction between Annex III (high-risk standalone systems) and Annex I (AI embedded in regulated products including machinery). Standalone AI systems in manufacturing classified as high-risk under Annex III include: AI used as a safety component in critical infrastructure (energy generation, transmission, water, gas — these directly capture industrial AI control systems); AI used in worker monitoring and performance evaluation (factory floor productivity tracking, AI-driven safety compliance monitoring of workers); biometric categorisation systems used in workplaces. The Omnibus agreement of 7 May 2026 deferred standalone Annex III obligations to 2 December 2027.

Annex I covers AI embedded in regulated products. The Machinery Regulation (Regulation (EU) 2023/1230) — applicable from 14 January 2027 — replaces the Machinery Directive and explicitly addresses machinery incorporating AI systems. AI safety components in machinery (autonomous decision-making functions in robots, AI-controlled hoists or presses, AI-driven safety interlocks) are subject to conformity assessment requirements, CE marking, and post-market surveillance. The August 2028 deadline applies to AI embedded in Annex I regulated products. Manufacturers placing AI-enabled machinery on the EU market must integrate AI Act conformity assessment with existing machinery safety conformity assessment.

Worker monitoring AI in manufacturing — the immediate exposure

Manufacturing environments deploy AI-driven worker monitoring at scale: computer vision systems detecting PPE violations and unsafe behaviours; biometric access control with behaviour analytics; AI-driven productivity monitoring per worker or workstation; predictive analytics flagging workers showing fatigue indicators. Each creates significant exposure. Under EU AI Act Article 5 (in force since 2 February 2025), emotion recognition AI in workplace settings is prohibited as an unacceptable risk. A system that purports to detect worker emotions from facial expressions, voice patterns, or behavioural indicators is prohibited regardless of intent. Other worker monitoring AI is high-risk under Annex III (employment category).

Under GDPR and UK GDPR, AI worker monitoring requires lawful basis (typically legitimate interests with proportionality assessment via DPIA), transparent disclosure to workers, and consultation with worker representatives where collective consultation rights apply. The German Works Council Constitution Act and similar codetermination frameworks in EU member states often require formal works council agreement on AI monitoring systems before deployment.

Supply chain due diligence — AI plays a dual role

EU Corporate Sustainability Due Diligence Directive (CSDDD), agreed in 2024 with phased application from 2027-2029, requires in-scope companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts across their supply chains. Germany's Supply Chain Due Diligence Act (LkSG, applicable since 2023) imposes similar obligations on German companies above defined size thresholds. The UK Modern Slavery Act and Australian Modern Slavery Act require statement publication. For AI use, this matters in two ways.

First, AI tools are increasingly used to perform supply chain due diligence — supplier risk scoring, sanctions screening, modern slavery risk assessment, and environmental impact analysis. These AI tools must themselves be governed: if an AI system fails to identify a serious human rights risk that diligence should have surfaced, the in-scope company remains liable. Second, the supply chains being assessed increasingly include AI components themselves — chips, semiconductors, AI training infrastructure, data labelling services. Geopolitical export controls (US Commerce Department export controls on advanced chips, EU dual-use regulation) intersect with AI supply chain due diligence.

Cybersecurity in industrial AI — operational technology meets AI

Manufacturing AI typically operates in operational technology (OT) environments traditionally isolated from broader IT networks. The introduction of AI changes this — modern industrial AI requires cloud connectivity, model updates, and integration with enterprise data sources. This creates novel cybersecurity exposure. The EU's NIS2 Directive (applicable from 17 October 2024) classifies manufacturing of medical devices, computer/electronic/optical products, machinery, motor vehicles, and other transport equipment as important entities — and chemicals, food, and other sectors as essential entities. AI systems deployed in these manufacturing environments must comply with NIS2 cybersecurity requirements, including risk management, incident reporting (significant incidents reportable within 24 hours), and supply chain security.

Specific industrial AI threats include: adversarial inputs designed to manipulate AI-driven quality inspection (allowing defective products to pass); prompt injection attacks on LLM-based maintenance interfaces; data poisoning of predictive maintenance models causing missed failures or false alarms; supply chain attacks where AI vendors' compromised models are deployed in production environments. Industrial AI vendors face increasing demands for SBOM (software bill of materials) disclosure, security testing evidence, and incident response commitments in commercial contracts.

Quality, liability, and product safety

When AI is involved in product manufacturing decisions — quality inspection passing or failing units, autonomous adjustments to production parameters, AI-recommended process changes — product liability law continues to apply. The EU's revised Product Liability Directive (Directive (EU) 2024/2853, effective from 9 December 2026) explicitly covers software including AI as a product, clarifies manufacturer liability for AI-enabled products, and addresses defects arising from AI updates after sale. Manufacturers cannot disclaim liability for product defects on the basis that AI made the defective decision. The duty of care extends to monitoring and managing AI system performance throughout the product lifecycle.

Practical governance for manufacturers

Map AI deployments across the production environment — from autonomous robotics to predictive maintenance to quality inspection — and classify each against EU AI Act categories if you operate in or supply EU markets. Update machinery conformity assessment processes to integrate AI Act requirements ahead of the 2027-2028 timelines. For worker monitoring AI, run DPIAs and consult worker representatives before deployment; remove any emotion recognition components. Integrate AI considerations into your NIS2 cybersecurity programme — AI systems are now part of OT scope. Update supply chain due diligence processes to address AI components in the supply chain and to govern AI tools used to perform the diligence. Update product liability provisions in commercial contracts to allocate AI-specific risk appropriately, particularly for AI-enabled products placed on EU markets after December 2026.