Selected as Best Overall Capstone

Harvard Medical School Executive Education, "AI in Healthcare," February 2026

HCP-as-Pilot™ v3.5, Updated June 2026 — Runtime Governance Infrastructure for EU AI Act compliance
Read the Paper → 🇫🇷 En Français →
AI Governance Readiness

AI Governance Readiness for Regulated Agentic Systems.

Assess whether your organisation can evidence safe, defensible AI deployment under continuous human governance — before procurement, audit, or regulatory scrutiny forces retrofits.

Built for healthcare, pharma, and regulated AI environments preparing for EU AI Act, MDR, FDA, and clinical governance expectations.

Book Readiness Sprint → Start EU AI Act Self-Assessment →
EU AI Act Compliance Checker — Free self-assessment tool to determine your AI system's risk classification and compliance obligations

FREE SELF-ASSESSMENT

EU AI Act Compliance Checker

Not sure where your AI system may fall under the EU AI Act? Start with the public EU AI Act compliance checker to understand possible risk classification, obligations, and next questions — in under 5 minutes.

Start Free Compliance Check →

This is a self-assessment starting point, not legal advice or a substitute for formal regulatory review.

EXPLAINER VIDEO SERIES

Can Your Healthcare AI Pass an EU AI Act Audit?

Operational Governance Readiness for Healthcare AI

Video 1 of 7

The Urgent Problem

Why healthcare AI systems need governance infrastructure — not just good intentions.

Coming Soon
Video 2 of 7

Human Oversight & Article 14

Coming Soon
Video 3 of 7

The Evidence Problem

Coming Soon
Video 4 of 7

What Auditors Look For

Coming Soon
Video 5 of 7

Runtime Governance

Coming Soon
Video 6 of 7

Audit Trail & Evidence

Coming Soon
Video 7 of 7

Readiness Assessment

SEO + GEO in 2026 — Before and After comparison: from overwhelmed and invisible to visible, trusted, and thriving with an AI Agent Orchestrator inside HAE / RGI. EU AI Act compliant.
From overwhelmed to fully orchestrated — SEO + GEO for healthcare practices in 2026, governed inside HAE / RGI.

The Problem

Most AI audits stop before runtime.

Document reviews, model evaluations, and pre-deployment checklists are necessary — but they describe intent, not behaviour. They do not tell you what your AI will actually do in production, on the day it acts.

01

Policy ≠ enforcement

A policy that is not technically enforceable at runtime is a statement of intent. It does not stop an AI from acting beyond its authority.

02

Logging ≠ governance

Logs describe what happened. They do not constrain what is allowed to happen, who must approve it, or when an action must halt.

03

Monitoring ≠ operational control

Dashboards observe systems after the fact. Operational control means decisions can be bounded, escalated, and reversed in real time.

Regulators increasingly care about what happens while AI is acting — not only what was documented before deployment.

Policies define intent. Runtime governance provides the evidence auditors, clinical boards, and procurement teams increasingly expect.

Runtime governance Human oversight Escalation Traceability Bounded autonomy

EU AI Act Alignment

What the Readiness Sprint maps against.

The Readiness Sprint is not legal advice or a formal conformity assessment. It helps your team understand whether one AI workflow has the operational controls and evidence expected in regulated deployment contexts.

Art. 14

Human Oversight

Can human authority be exercised at the moment of decision, with clear approval, override, and escalation pathways?

Art. 12

Logging & Record-Keeping

Can the organisation reconstruct what happened, when it happened, who reviewed it, and what action was taken?

Art. 9

Risk Management

Are workflow-level risks identified, classified, monitored, and controlled across the AI lifecycle?

Art. 50

Transparency

Are users clearly informed when they are interacting with AI, especially in patient-facing, caregiver-facing, or senior-facing workflows?

Art. 5

Vulnerable Population Safeguards

Are controls in place to prevent manipulation, dependency creation, or exploitation of age, disability, cognitive vulnerability, loneliness, or social isolation?

Operational Governance Readiness

What the Readiness Sprint actually assesses.

A ten-domain operational maturity matrix — not a document review. We compare your current state with what regulated agentic AI demands at runtime, in plain commercial language.

Governance Area Typical Organisation State What We Assess
AI Inventory Partial register, scattered across teams. Whether every agentic workflow is identified, owned, and classified by risk and authority.
Workflow Risk Classification Treated as model-level risk, not workflow-level. Risk tiering of each workflow against EU AI Act exposure, clinical impact, and reversibility.
Human Oversight Human-in-the-loop on paper; review after the fact. Whether oversight exists at the moment of decision, not as retrospective review.
Runtime Controls Guardrails defined, rarely enforceable in production. Whether technical controls can bound, halt, or correct an AI action while it is happening.
Escalation Pathways Implicit, undocumented, person-dependent. Deterministic escalation logic — who is paged, when, and with what authority to override.
Auditability Logs exist; reconstruction of decisions is hard. Whether any past AI decision can be replayed end-to-end with the evidence regulators expect.
Consent Governance Consent captured upstream, not enforced downstream. Whether consent is bound to data, agents, and actions at runtime — not stored as a checkbox.
Operational Authority Boundaries Unclear what an AI is allowed to decide vs. recommend. Risk-tiered AI authority: where autonomy ends and human approval is mandatory.
Regulatory Evidence Readiness Scattered artefacts, no single defensible package. Whether the organisation can produce regulator-ready evidence on demand for a named workflow.
Vulnerable User & Transparency Safeguards AI is friendly and helpful, but transparency, non-manipulation, and dependency safeguards are implicit. Whether patient-facing or senior-facing AI workflows clearly disclose AI interaction, avoid persuasive exploitation, maintain non-medical boundaries where required, and escalate appropriately.

This is operational governance readiness — not a document review. It produces specific, prioritised actions tied to one named workflow or deployment context.

Tier 1 — Strategic Diagnostic

AI Governance Readiness Sprint.

Designed for organisations evaluating regulated AI deployment, operational governance maturity, or EU AI Act preparedness.

Tier 1 — Fixed-scope diagnostic CHF 1,600 – 2,200 2-week sprint · one workflow or deployment context

A focused, executive-grade diagnostic — not a large consulting engagement.

We assess one specific workflow or deployment context against runtime governance requirements, then deliver a board-ready package your regulatory, clinical, and executive teams can act on immediately.

Fixed scope. Fixed price. Fixed two-week delivery.

1

Regulatory Positioning Memo

Likely AI classification, EU AI Act exposure, and operational governance implications — translated into commercial and clinical decisions. Includes review of transparency duties and vulnerable-user safeguards where the workflow interacts with patients, caregivers, seniors, or other protected groups.

2

Runtime Governance Gap Assessment

Identifies where current workflows lack enforceable runtime controls — not where documentation is missing.

3 New deliverable

AI Workflow Risk Map

Visual matrix mapping each workflow to risk tier, allowed autonomy, and required oversight — the spine of operational governance.

4

Human-Agent Oversight Blueprint

Preliminary HAT operational model: escalation pathways, authority boundaries, and where human approval is non-negotiable.

5

Prioritised 90-Day Governance Action Plan

What to fix first, what to fix next, and how to evidence each control to regulators, clinical boards, and procurement.

6

Vulnerable User & Transparency Safeguards Review

Assessment of whether the workflow includes adequate transparency, non-manipulation, escalation, and boundary controls for patient-facing, caregiver-facing, or senior-facing AI use cases.

Risk map preview

Workflow
Risk Tier
Allowed Autonomy
Required Oversight
Triage assistant for clinical intake
High
Recommend only — no clinical commitment.
Clinician approval at the moment of decision.
Care coordination scheduling agent
Medium
Bounded autonomy within consented scope.
Deterministic escalation on out-of-bounds events.
Internal knowledge retrieval & summarisation
Low
Autonomous within audit-logged guardrails.
Periodic sampling and drift monitoring.
Delivered as a single board-ready PDF dossier.

How It Works

Two weeks. One workflow. One executive readout.

A focused engagement built for clarity and decision-pressure — not open-ended consulting.

Week 0

Discovery & Workflow Selection

Structured 60-minute deep-dive. We agree on the single workflow or deployment context to assess and the decisions the diagnostic must inform.

Weeks 1–2

Governance Audit Sprint

Runtime governance assessment, oversight architecture review, targeted stakeholder interviews. Mid-sprint direction-check with your team.

End of Week 2

Executive Readout & Blueprint

Two-hour executive readout. Final memo, AI Workflow Risk Map, oversight blueprint, and 90-day action plan delivered as one PDF dossier.

Focused engagement. One workflow or deployment context. Not unlimited consulting scope.

Beyond Readiness

When Tier 1 surfaces real exposure, the next layers build the infrastructure.

Tier 2 and Tier 3 are enterprise engagements designed for organisations operationalising runtime governance for regulated agentic systems.

Tier 2 — Pricing on request

Runtime Governance Blueprint

Detailed oversight architecture for one or more priority workflows.

  • Detailed oversight architecture across the priority portfolio.
  • Authority stratification — risk-tiered AI authority, by role and decision.
  • Deterministic escalation logic, halt conditions, and override pathways.
  • Runtime governance design that is technically enforceable, not aspirational.
  • Governance evidence mapping aligned with EU AI Act, MDR, and FDA expectations.
Discuss Tier 2 →

Tier 3 — Pricing on request

Safety OS / RGI Implementation

Operational deployment of Runtime Governance Infrastructure.

  • Governance control layer integration with your AI and clinical systems.
  • Runtime enforcement architecture — bounded autonomy at production scale.
  • Audit infrastructure: replayable decisions, evidence on demand.
  • Operational governance deployment with Human-Agent Team patterns.
  • Implementation support through pilot and into supervised production.
Discuss Tier 3 →

Andy (Andrew) Squire

Founder, PatientCentricCare.AI
Architect, Physician-as-Pilot Safety OS™
Basel, Switzerland

Book Readiness Sprint →

Frequently asked questions

Common questions about the Readiness Sprint.

How is this different from a generic AI audit?

Most AI readiness audits assess documents and models. We assess whether your organisation is operationally ready to safely govern AI systems at runtime. Policy is not enforcement, logging is not governance, and monitoring is not operational control.

What does the Readiness Sprint actually assess?

Nine governance domains for one named workflow: AI inventory, workflow risk classification, human oversight, runtime controls, escalation pathways, auditability, consent governance, operational authority boundaries, and regulatory evidence readiness.

How much does Tier 1 cost?

CHF 1,600 to CHF 2,200, fixed scope, scope-adjusted to organisational complexity. Delivered over two weeks against one workflow or deployment context. One engagement per month to ensure depth and defensibility.

What do I receive at the end?

A board-ready PDF dossier including the Regulatory Positioning Memo, Runtime Governance Gap Assessment, AI Workflow Risk Map, Human-Agent Oversight Blueprint, and a prioritised 90-Day Governance Action Plan.

What is Tier 2 and Tier 3?

Tier 2 — Runtime Governance Blueprint translates the Tier 1 diagnostic into an enforceable oversight architecture, authority stratification, and escalation logic. Tier 3 — Safety OS / RGI Implementation deploys the runtime governance control layer, audit infrastructure, and operational governance with implementation support. Both are priced upon request.

Why does the EU AI Act make this urgent?

EU AI Act high-risk obligations become enforceable on 2 August 2026. If your AI lands in a high-risk category, operational, transparency, and human-oversight requirements apply by default. Teams retrofitting under deadline pressure are visible to procurement and regulators as exactly that.

Who delivers the Sprint?

Andy Squire, Founder of PatientCentricCare.AI and Architect of the Physician-as-Pilot Safety OS. 20+ years inside regulated pharma (Roche, Novartis, Takeda) and four AI healthcare programmes (Harvard Medical School, Oxford Saïd, Microsoft/INSEAD, Cambridge).

Is this a legal compliance audit?

No. The Readiness Sprint is an operational governance readiness assessment. It does not replace legal advice, formal conformity assessment, notified body review, or regulatory certification. It helps organisations identify practical governance gaps, evidence gaps, and runtime control requirements before procurement, clinical governance, or regulatory scrutiny.

Why does vulnerable-user protection matter?

Some AI workflows interact with people who may be vulnerable because of age, disability, illness, cognitive change, loneliness, or dependency. The Readiness Sprint reviews whether the workflow includes transparency, non-manipulation, escalation, and authority-boundary controls so the system supports users without exploiting vulnerability.

Does Safety OS guarantee EU AI Act compliance?

No. Safety OS and the Readiness Sprint help organisations operationalise and evidence governance controls aligned with regulatory expectations. Compliance depends on the specific AI system, use case, legal role, risk classification, deployment context, and applicable sector regulations.

AI capability is accelerating. Governance infrastructure is not.

PatientCentricCare.AI helps organisations operationalise human authority, bounded autonomy, and runtime governance — before regulatory pressure forces retrofits.

Book Readiness Sprint → View Safety OS
Tier 1 — CHF 1,600 – 2,200 · 2-week sprint · one workflow.
Book Readiness Sprint →