The Panel That Was Named
For most of the last eighteen months, the criticism of the EU AI Act was that it created institutional language without institutional bodies. The Act named general-purpose AI as a regulatory category, named systemic risk as a tier, named cyber offence and emergent capability as evaluation domains, and named the Commission as the enforcement authority. What it did not yet have was a body of named experts charged with doing the evaluation.
On June 1, 2026, that gap closed. The European Commission appointed sixty independent experts to the Scientific Panel of independent experts established under Article 68 of the AI Act. The panel's mandate is to support the implementation and enforcement of the Act, with explicit focus on general-purpose AI models with systemic risk. Members serve renewable twenty-four month terms. The roster is constrained: no more than three members from a single country, at least eighty percent drawn from the European Union and EFTA, gender balance enforced, and selection conducted against criteria published in Commission Implementing Regulation (EU) 2025/454.
The panel's expertise areas, as published by the Commission, are not abstract. They are operational. Evaluation methods for general-purpose AI capabilities. Risk assessment of general-purpose AI models. Technical mitigations. Misuse and deployment risks. Cyber offence risks. Provider cybersecurity practices. Emergent systemic risks. Compute measurement.
That is a list of what the regulator believes needs to be evaluated. It is also, read against the current state of agentic deployment, a list of what is being evaluated under conditions where the artifacts to evaluate against do not yet uniformly exist.
What the Roster Confirms
The institutional artifact now exists. Verik takes the Commission action seriously and agrees with its structural diagnosis. The work this essay attempts is to extend it.
The diagnosis embedded in the appointment is straightforward. General-purpose AI systems have crossed a capability threshold at which their risks can no longer be assessed by the providers alone. An independent expert body is required. That body needs standing authority, named members, defined terms, and a published expertise scope. The Commission has now supplied all four. The Brussels Times reporting on the appointment frames it as the practical machinery of enforcement rather than the symbolic gesture critics had warned would be all the Act produced.
The panel sits inside the AI Office and reports through it. Its outputs are advisory to the Commission, not direct enforcement. But the structural function it serves is harder to dismiss. For the first time, there is a named convening body whose job is to determine, on the public record, whether a general-purpose AI system's risk profile matches what its provider has claimed.
That is a meaningful change. For most of the last two years, the question of whether a frontier model was operating within its stated risk envelope had no formal external evaluator. The provider published a model card. The provider conducted its own red team. The provider determined when a capability threshold had been crossed. The independence of that judgment was the point of contention, and it has now been addressed in the only way regulators can address it: by constituting a body whose members are not employed by the providers and whose terms are protected from provider pressure.
What the Roster Does Not Yet Confirm
The panel's expertise areas reach the model layer with considerable precision. They reach evaluation methods, capability assessment, risk classification, technical mitigations, and the cyber offence question. What they do not yet visibly reach is the substrate on which agentic deployment actually runs.
That is the gap the institutional record this week has been pointing at without naming. The model layer is one layer. The deployment substrate is another. The audit log, the workspace where the agent's tools resolve, and the verifier that determines whether the agent did what was asked are not properties of the model. They are properties of the system the model is embedded in. The panel's published scope addresses the model. It is not yet clear from the Article 68 language or the Commission's published expertise criteria whether the panel's evaluation reaches the substrate.
This is not a complaint about the panel's design. The Article 68 authorities are bounded by the AI Act's own scope, which targets general-purpose AI models and systemic risk classification. The substrate is downstream. It is where the model is deployed, not what the model is. A different regulatory instrument, or a different evaluation body, may need to reach it.
But the timing matters. The panel was named in the same week that the United States congressional record produced testimony before the House Homeland Security Committee on the cybersecurity of critical infrastructure explicitly invoking the use of large language models in offensive operations. It was named in the same window that the Five Eyes joint guidance on emerging risks in AI underscored that the systems treated as productivity tools are already in the threat-actor toolkit. The convening forum has been named for the model layer. The convening forum for the layer below it, where the audit log and the verifier and the workspace live, has not.
The Compute Measurement Question
One expertise area on the published list deserves separate attention: compute measurement. The Commission has named compute measurement as a domain in which the panel must have expertise. That is a more telling signal than the others.
Compute measurement is the technical question that determines which models cross the systemic risk threshold under the AI Act. It is the threshold the General-Purpose AI Code of Practice referenced when the Commission released its companion implementation guidance. It is also, structurally, the question that determines whether the panel's evaluations have anchoring quantitative ground.
If compute measurement is in scope, the panel is not only assessing model behavior. It is assessing the infrastructure on which the behavior was produced. That edge of scope is suggestive. It implies that the regulator's question is not bounded at the model artifact. The substrate question is at least partially inside the room.
What remains unclear is whether the panel's mandate to assess compute measurement extends to the post-training deployment substrate where agentic workloads actually run. Compute measurement at training time and compute measurement at deployment time are different problems. One concerns the resource footprint of producing a model. The other concerns the resource footprint and audit footprint of operating an agentic system in production. The Article 68 language does not visibly distinguish them.
The Panel as a Reference Point
For the medium term, the panel will be a reference point against which other governance experiments are measured. The Council of Europe Framework Convention on AI approaches the problem from a human rights frame. The G7 Cybersecurity Declaration of June 2026 approaches it from a supply-chain and resilience frame. The panel approaches it from a capability and systemic risk frame. These are different frames on the same surface. None of them, individually, reaches every layer of the surface.
The risk of the panel being read in isolation is that observers will treat the existence of a named expert body as proof that the evaluation problem has been solved. The existence of the body is necessary. It is not yet evidence that the body's mandate reaches every part of the system where deployment risk concentrates.
The companion risk is the inverse. Observers may read the Commission's action as a symbolic gesture and miss what has actually changed. What has changed is that the model layer now has a named evaluator. The substrate layer does not.
What remains on the table: - Whether the panel's published expertise in cyber offence risks reaches the deployment substrate on which agentic workloads run, or remains bounded to the model artifact. - Whether the compute measurement scope addresses training-time infrastructure only, or extends to runtime workspace and audit-log instrumentation. - Whether the panel's outputs become part of the public record in a form independent reviewers can interrogate, or remain advisory to the Commission alone. - Whether other regulatory instruments will name the substrate evaluator with the same precision the Article 68 panel has been given for the model.
The governance artifact has been retained. The governance function for the substrate beneath it has not yet been named.