AI Boundaries

Deterministic systems like SCADA and industrial control demand predictable, verifiable behaviour. Non-deterministic AI outputs have no place in these control loops. But the same organisation that excludes AI from its safety-critical infrastructure can — and should — harness it for customer engagement, business process automation, and decision support. AI Boundaries is about drawing that Maginot line: protecting critical infrastructure from unsanctioned AI while enabling responsible use everywhere else.

The Boundary

Where AI must not go

Deterministic systems that govern physical processes, life safety, and critical infrastructure require verifiable, predictable behaviour. AI introduces probabilistic uncertainty that these systems cannot tolerate.

SCADA & Industrial Control

Exclude

Supervisory control and data acquisition systems govern physical processes — water treatment, power distribution, manufacturing lines. Non-deterministic AI outputs have no place in control loops where predictable, verifiable behaviour is a safety requirement.

Safety-Critical Systems

Exclude

Nuclear reactor controls, aviation autopilot, railway signalling, medical life-support. These systems require deterministic, formally verified behaviour. AI-driven decisions introduce uncertainty that cannot be tolerated where failure costs lives.

Life Safety Infrastructure

Exclude

Fire suppression, emergency shutdown, building management safety overrides. When AI enters these systems, it creates a dependency on probabilistic outcomes in scenarios that demand certainty. The boundary is absolute.

Responsible Enablement

Where AI creates value

Within the same organisation, AI transforms customer experience, accelerates operations, and strengthens decision-making — when deployed within a governance framework that maintains human oversight.

Customer Interaction

Enable

Chatbots, recommendation engines, personalisation, customer service automation. AI adds genuine value in customer-facing systems where the failure mode is a poor experience, not a safety incident. Governed by transparency and fairness obligations.

Business Process Automation

Enable

Document processing, compliance workflows, scheduling, procurement analysis. AI accelerates operations where human oversight is maintained and decisions are reviewable. The TRACE methodology provides the governance framework.

Analytics & Decision Support

Enable

Predictive maintenance (not control), demand forecasting, risk modelling, reporting. AI provides insight while humans retain decision authority. The boundary is clear: AI informs, humans decide, deterministic systems execute.

Regulatory Red Lines

Prohibited AI practices

Beyond the operational boundary, the EU AI Act defines practices that are banned outright — regardless of the deployment context. Violations carry fines up to €35M or 7% of global turnover.

Social Scoring

Art. 5(1)(c)

AI systems that evaluate or classify natural persons based on social behaviour or personal characteristics, leading to detrimental treatment disproportionate to the context.

Subliminal Manipulation

Art. 5(1)(a)

AI systems that deploy subliminal or deliberately manipulative techniques to materially distort behaviour in a way that causes significant harm.

Biometric Categorisation

Art. 5(1)(g)

AI systems that categorise persons based on biometric data to deduce race, political opinions, trade union membership, religious beliefs, sex life, or sexual orientation.

Emotion Recognition

Art. 5(1)(f)

AI systems that infer emotions in workplace and education settings — except for medical or safety purposes.

Untargeted Facial Scraping

Art. 5(1)(e)

Creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage.

Exploitation of Vulnerabilities

Art. 5(1)(b)

AI systems that exploit vulnerabilities due to age, disability, or social or economic situation to materially distort behaviour causing significant harm.