// Part One · Chapter 3

What Regulated Industries Actually Need

The Accuracy Illusion

A healthcare AI company announced 99.7% accuracy. Six months later, it was pulled from the market. The system trained on academic hospital data — when deployed to community clinics, the error rate jumped to 34%. Accuracy in the lab is not safety in production.

What "Need" Actually Means

Regulated industries don't need more model accuracy. They need four guarantees before an agent touches production — can you constrain it, attribute it, gate it, and stop it? — plus two more to survive a real enterprise: legacy integration and institutional learning. That is the 6 Pipes, detailed in Chapter 5. Everything in this book builds toward them.

The Regulatory Landscape

EU AI Act — risk-based classification. High-risk (Annex III) obligations apply from 2 August 2026 — operative but contested (subject to Digital Omnibus revision; verify before citing).

GDPR Article 9 — special-category data (health, biometric, genetic) requires explicit consent or substantial public interest.

SAMA — financial-services requirements in Saudi Arabia.

DORA — operational-resilience obligations for EU financial entities (in force since January 2025).

Zero Trust — never trust, always verify.

Compliance as Competitive Moat

Organizations that build compliance into AI from the start can win deals faster, charge premium prices, expand into new markets, and build lasting relationships. Compliance isn't the brake — it's the licence to operate.