Engineering for systems with responsibility Integrating AI Sensibly – Without Actionism
Purpose of This Document
This document is aimed at:
- Decision-makers in mid-sized companies
- Technical leads and architects
- Software vendors
It describes how AI can be integrated into existing IT landscapes in a pragmatic, controlled, and non-disruptive way.
No buzzwords. No tool recommendations. No promises.
Starting Point
Many organizations are currently facing the same questions:
- Where does AI provide real value?
- What do we need to do now?
- What must we not put at risk under any circumstances?
- Where do the regulatory boundaries sit?
The key insight from practice: AI is not a project, but an additional capability of existing systems.
Regulatory Context: GDPR and the EU AI Act
Technical AI integration is usually manageable. The real complexity arises from the regulatory framework — in particular GDPR and the EU AI Act. These requirements are not downstream compliance topics; they shape the architecture from the start.
Architecture-relevant questions surface early:
- Legal basis for data processing (Art. 6 GDPR) — which data flows where, under what consent or legitimate interest?
- Risk classification under the EU AI Act — minimal, limited, high, or prohibited? The classification determines documentation obligations and admissible use cases.
- Data location and model provider — third-party models outside the EU create transfer burden; self-hosted or EU-based models reduce the risk profile.
- Traceability of automated decisions (Art. 22 GDPR) — decisions must remain explainable and contestable.
- Sector-specific requirements — healthcare, financial services, public sector (procedural integrity, audit trail) add further obligations.
Consequence: decoupling, explainability, and switch-off capability are not just good practice — they are regulatory implications. Assessment, documentation, and certification remain with the responsible bodies; the architecture must provide the foundation for them.
Core Principle 1: Existing Systems Remain the Core
Productive systems (ERP, POS, line-of-business applications, databases) remain in control. AI complements these systems; it does not replace them.
Consequences:
- AI does not make autonomous core decisions
- Business logic stays in the system, not in the model
- AI is integrated in a technically decoupled manner
Core Principle 2: Data Before Intelligence
Not every available data set is suitable for AI.
Relevant questions include:
- Where does the data originate?
- How reliable is it?
- Who is responsible from a business perspective?
Only once these questions are clearly answered does the use of AI make sense.
Core Principle 3: Small Steps, Clear Boundaries
A proven approach:
- clearly scoped use cases
- measurable benefits
- technical isolation
Avoid:
- large-scale replatforming efforts
- complete system rebuilds
- dependencies on individual models or vendors
Core Principle 4: Controllability Before Automation
AI systems must be:
- explainable
- observable
- switchable off
This is especially critical when AI prepares or influences decisions.
Typical Suitable Use Cases
- decision support
- classification
- predictions with clearly defined limits
- assistant and support functions
Not suitable:
- uncontrolled process automation
- decisions that cannot be explained from a business perspective
The Role of brixware
We support organizations with:
- assessing meaningful AI use cases
- analyzing existing architectures
- defining sensible integration points
- factoring regulatory frameworks (GDPR, EU AI Act) into architectural decisions
- implementation without putting operational stability at risk
The goal is not maximum AI usage, but technically and organizationally sustainable solutions.
Conclusion
AI is not an end in itself. Used correctly, it extends systems. Used incorrectly, it destabilizes them.
What matters most is not the model, but the architecture into which it is embedded.