Back to Blog
Compliance

EU AI Act Deadline August 2026: What You Need to Do Right Now

June 1, 20269 min read

EU AI Act Deadline August 2026: What You Need to Do Right Now

August 2, 2026* is the main enforcement date of the EU AI Act. On that date, most provisions of Regulation 2024/1689 become enforceable — including fines of up to *€35 million or 7% of global annual turnover.

You have roughly 60 days left. Here is exactly what to do.

What Happens on August 2, 2026?

The EU AI Act has a phased enforcement timeline:

  • February 2, 2025 — Prohibited AI practices already banned (social scoring, subliminal manipulation, exploitative systems)
  • August 2, 2025 — Rules for general-purpose AI models (GPT-class) now apply
  • August 2, 2026 — Main enforcement date. Requirements for high-risk AI systems, conformity assessments, and national market surveillance authorities all kick in
  • August 2, 2027 — Rules for embedded AI in regulated products (medical devices, machinery) apply
  • Who Is Affected?

    You are affected if you:

  • Provide an AI system placed on the EU market or used by EU users — regardless of where your company is based
  • Deploy a third-party AI system in a professional context (HR tools, customer scoring, content moderation)
  • Import or distribute AI systems into the EU market
  • This means a US startup selling an HR AI tool to a German company is subject to the EU AI Act. There is no geographic carve-out.

    What Does High-Risk Mean?

    If your AI system falls under Annex III of the EU AI Act, it is legally classified as high-risk. The Annex III list includes:

  • AI used in recruitment, CV screening, or employee performance evaluation
  • AI for credit scoring or insurance risk assessment
  • AI for educational admission or grading
  • AI in healthcare for diagnosis or treatment
  • AI used by law enforcement or border control
  • AI in critical infrastructure (energy, water, transport)
  • High-risk AI systems face the strictest requirements.

    The 8 Things You Must Have Ready

    If your AI system is high-risk, you need:

    1. Annex IV Technical Documentation — A detailed document covering system purpose, architecture, training data, performance metrics, limitations, and foreseeable misuse

    2. Risk Management System — A documented process for identifying and mitigating risks throughout the AI lifecycle

    3. Data Governance Documentation — Evidence that training and validation data meets quality criteria and is free from prohibited biases

    4. Audit Logging — Automatic logging of all AI system decisions (Article 12)

    5. Human Oversight Mechanism — A way for humans to monitor, override, and shut down the AI system (Article 14)

    6. Transparency Notice — Clear disclosure to users that they are interacting with or being assessed by an AI system (Article 13)

    7. Conformity Assessment — Either self-assessment or third-party audit depending on the risk category

    8. EU Declaration of Conformity — A signed document stating your system meets EU AI Act requirements

    Your 60-Day Sprint Plan

    With 60 days until enforcement, here is a realistic plan:

    Week 1-2: Inventory and classify

  • Identify all AI systems in your product — including third-party tools used in production
  • Classify each using the Annex III criteria
  • Get a free automated assessment at guardia-ai.com/free-audit
  • Week 3-4: Generate documentation

  • Write or generate Annex IV technical documentation for each high-risk system
  • Document your data sources, preprocessing steps, and known limitations
  • Week 5-6: Implement controls

  • Add human oversight mechanisms
  • Implement audit logging
  • Add transparency notices to your product UI
  • Week 7-8: Review and sign off

  • Conduct internal conformity assessment
  • Sign and date EU Declaration of Conformity
  • Prepare evidence package for potential regulatory requests
  • The Cost of Doing Nothing

    The EU AI Act's enforcement body in each member state can:

  • Conduct audits and demand documentation on short notice
  • Issue fines for prohibited AI practices up to €35M or 7% of global turnover
  • Issue fines for other violations up to €15M or 3% of global turnover
  • Order market withdrawal of non-compliant AI systems
  • Publish findings publicly (reputational damage)
  • For a company with €10M annual revenue, that is up to €700,000 in fines — plus the cost of emergency remediation and potential product recall.

    How Guardia AI Helps

    Guardia AI automates the most time-consuming parts of this sprint:

  • Shadow AI Scanner — finds all AI packages in your codebase automatically
  • Risk Classification — classifies your AI systems against Annex III criteria in minutes
  • Annex IV Generator — produces compliant technical documentation ready for regulators
  • CI/CD Plugin — blocks prohibited AI patterns from reaching production
  • Regulation Tracker — tracks all EU AI Act milestones with a live countdown
  • Start your free audit today →