Runtime Governance Infrastructure (RGI)
Tightly-bounded Agentic Orchestration enables a Safe Continuum of Care.
The control and orchestration layer that enforces authority, consent, and traceability for AI at the moment of action. Required wherever AI influences a clinical, regulated, or high-risk decision. Reference implementation: Safety OS™.
Definition
Runtime Governance Infrastructure (RGI) is a category of system that sits as a control and orchestration layer between AI components and the environments in which those components are allowed to act. Like Kubernetes (the proven open-source layer that orchestrates and governs software components in modern cloud systems), an RGI orchestrates and governs AI components, but with the additional requirement of clinical authority, consent enforcement, and tamper-evident audit at the moment of action. An RGI does not generate clinical content. It does not replace existing systems. It enforces, at the moment of action, three conditions that a deployed AI must satisfy before any output proceeds:
- Authority. Who is permitted to act, and in what role.
- Consent. What scope of action the patient or relevant party has granted, and whether that grant is current, specific, and revocable.
- Traceability. An immutable record of the decision and the inputs that produced it, sufficient to reconstruct the action after the fact.
No AI action proceeds without logged authority, consent, and traceability.
Why a new category
Most current healthcare AI deployments log outputs rather than decisions. They assume consent rather than enforce it. They rely on policy documents rather than runtime control. The result is a governance posture that depends on after-the-fact reconstruction and on the discretion of individual users. That posture is not aligned with the obligations placed on high-risk AI systems by the EU AI Act, nor with the consent enforcement obligations of GDPR.
RGI is the category of system that closes that gap. It is to AI what air traffic control, flight recorders, and pilot-in-command authority are to civil aviation: a runtime layer that is engineered into the operating environment so that safety, accountability, and reconstruction are not optional.
Regulatory alignment
| Obligation | Source | How RGI addresses it |
|---|---|---|
| Logging and traceability of high-risk AI system events | EU AI Act, Article 12 | Immutable decision log (Flight Recorder) capturing inputs, the decision, and the authority and consent state at the moment of action. |
| Effective human oversight of high-risk AI systems | EU AI Act, Article 14 | Authority enforcement gates AI outputs against an authorised human role; escalation paths route exceptions to a human before execution. |
| Lawful basis, scope, and revocability of consent | GDPR, Articles 6, 7, and 9 | Consent state is checked at action time, scoped to the action requested, and respected when revoked. Stale or absent consent halts the action. |
| Accountability and demonstrability | GDPR, Article 5(2) | Every action is reconstructable from the immutable log, providing the demonstrable accountability required by the regulation. |
This table is provided as a structural reference, not as legal advice. Implementation in any specific jurisdiction or organisation should be reviewed by qualified counsel.
Reference implementation: Safety OS™
Safety OS is PatientCentricCare.AI's implementation of the RGI category. It is deployed today as the control and orchestration layer for AI-supported home care environments (Phase I: Care Delivery Teams, including nurses, caregivers, and family) and is engineered for clinical environments (Phase II: HCP-as-Pilot, governing AI components that draft notes, suggest orders, book follow-ups, and coordinate care).
Safety OS deploys as a control and orchestration layer above existing AI and clinical systems. It does not replace the EHR. It does not replace messaging or scheduling. It does not require the AI vendor to change models. It gates actions before they reach those systems.
Related concepts
RGI Envelope
The bounded operating envelope inside which an AI component is permitted to act. Defined by authority scope, consent scope, and traceability requirements. Outputs that fall outside the envelope are blocked or escalated.
HCP-as-Pilot™
The Phase II clinical operating model. The healthcare professional is the pilot-in-command for any AI output that influences a clinical decision. The AI is a non-authoritative component whose outputs are gated by the RGI before they reach action. Aligns with EU AI Act Article 14.
Flight Recorder
The immutable decision log produced by the RGI. Designed to allow post-incident reconstruction of the authority state, consent state, AI inputs, and decision pathway at the moment of action. Aligns with EU AI Act Article 12.
Authority Line
The single, unambiguous chain of human authority for any given AI-supported action. The RGI enforces that no action proceeds without a valid authority line.
What RGI is not
- Not an AI model. RGI does not generate clinical content.
- Not a policy document. RGI is enforcement, not description.
- Not a replacement for the EHR. RGI sits above existing systems.
- Not a substitute for clinical judgement. The clinician remains the authority.
Resources
For deeper reading and the visual overview:
Safety OS: the reference implementation Physician-as-Pilot framework 11-slide overview (PDF)