cd /news/ai-policy/the-eu-ai-act-goes-fully-live-in-two… · home topics ai-policy article
[ARTICLE · art-64636] src=machinebrief.com ↗ pub= topic=ai-policy verified=true sentiment=↓ negative

The EU AI Act Goes Fully Live in Two Weeks — Here's What Companies Are Scrambling to Fix

The EU AI Act reaches full enforcement on August 2, 2026, activating obligations for general-purpose AI models, mandatory conformity assessments for high-risk systems, and penalties up to €35 million or 7% of global turnover. Fewer than 40% of in-scope companies have completed required assessments, leaving many scrambling to comply with transparency, documentation, and risk management requirements.

read5 min views1 publishedJul 18, 2026

August 2, 2026 marks full enforcement of the EU AI Act. GPAI model obligations, high-risk system conformity assessments, and the full penalty regime of up to €35M or 7% of global turnover all activate. Surveys suggest fewer than 40% of in-scope companies have completed mandatory assessments. Here's what changes and what to do in the 15 days remaining.

August 2, 2026. That's the date the EU AI Act achieves full enforcement. Every provision. Every obligation. Every penalty structure. After a phased rollout that began in February 2025, the final deadline is now 15 days away.

Companies that treated earlier deadlines as aspirational are running out of road. The August deadline activates the Act's highest-risk provisions, including obligations for general-purpose AI models and the full penalty regime of up to €35 million or 7% of global annual turnover.

What Changes on August 2 #

The EU AI Act has been rolling out in phases. February 2025 banned unacceptable-risk AI practices - social scoring, real-time biometric surveillance in public spaces, emotion recognition in workplaces. The May 2025 deadline required high-risk AI system compliance for new deployments.

August 2 is the final phase. It brings three things:

First, general-purpose AI model obligations go live. Any provider of a GPAI model - including foundation models like GPT, Claude, Gemini, and open-weight models - must comply with transparency requirements, documentation standards, and copyright policy disclosures. If your company deploys or fine-tunes a foundation model, you need to show you've met these obligations.

Second, high-risk AI conformity assessments become mandatory for previously deployed systems. If you put a high-risk AI system into operation before the May 2025 deadline and it's still running, it now needs a conformity assessment on file.

Third, the full penalty structure activates. The €35 million or 7% of global turnover fine applies to violations of prohibited practices and GPAI obligations. Lower-tier fines of €15 million or 3% apply to other non-compliance.

Who's Affected #

Any company operating in the EU market with an AI system that falls into a regulated category. That definition is broader than most companies realize.

The high-risk category covers AI used in critical infrastructure, education, employment, essential services, law enforcement, migration, and democratic processes. If your AI does anything in those domains and touches EU users, you're in scope.

General-purpose AI obligations cover any company providing or deploying foundation models accessible in the EU. That includes US companies whose APIs are available to European customers, and companies that fine-tune open-weight models for EU-facing applications.

The territorial scope follows GDPR logic: if your AI processes data from people in the EU, or if its output is used in the EU, you're covered. Physical presence in Europe is not required.

The Compliance Gap #

Multiple surveys suggest significant compliance gaps remain. A June 2026 study by a European consultancy found fewer than 40% of companies with in-scope AI systems had completed mandatory conformity assessments. Under 30% had documentation ready for GPAI obligations.

The most common gap areas: technical documentation for training data sources, risk management system documentation, and human oversight protocols. Companies that deployed foundation models through API providers often assumed the provider handled compliance - but the Act places obligations on deployers, not just model providers.

Enterprise compliance teams are operating under what aigovernance.com calls "regulatory simultaneity" - multiple jurisdictions moving from drafting to enforcement in the same calendar window. China's agent regulations became enforceable July 15. Illinois mandates third-party safety audits. The UN Global Dialogue on AI Governance is developing international standards. No single jurisdiction's requirements serve as a proxy for the others.

What Companies Should Do Now #

Identify every AI system in your organization that touches EU users or EU data. If you don't have an inventory, build one now. The August 2 deadline doesn't require perfection - but it does require demonstrable effort toward compliance.

For GPAI obligations, verify your model providers' documentation. Major providers like OpenAI, [Anthropic](/glossary/anthropic), and Google have published EU AI Act compliance documentation. Request it if you haven't seen it.

For high-risk systems, prioritize conformity assessments for systems that affect the most people or handle the most sensitive data. EU regulators have signaled they'll prioritize enforcement against high-impact violations, not technical documentation gaps.

Document everything. The Act is enforced through transparency. If you can show regulators what you've done and what you're working on, you're in a much better position than if you can't show anything.

Q: Does the EU AI Act apply to US companies?

A: Yes. If your AI system processes data from EU users or its output is used in the EU, you're covered. Physical presence in Europe is not required. This follows the same territorial logic as GDPR.

Q: What's the maximum fine?

A: €35 million or 7% of global annual turnover for the most serious violations, including prohibited practices and GPAI obligations. Lower tiers are €15 million or 3%.

Q: What counts as a high-risk AI system?

A: AI used in critical infrastructure, education, employment, essential services, law enforcement, migration, border control, and democratic processes. The full list is in Annex III of the Act.

Q: If I use OpenAI's API, am I compliant?

A: Using a compliant model provider helps but doesn't cover all your obligations. Deployers have their own documentation and risk management requirements under the Act. Ask your provider for their EU AI Act compliance documentation and verify what's covered.

Q: What if I miss the August 2 deadline?

A: Regulators have signaled they'll prioritize high-impact violations - systems affecting large numbers of people or handling sensitive data. Having incomplete documentation is better than having none. Start now and document your progress.

Get AI news in your inbox

Daily digest of what matters in AI.

Key Terms Explained #

Anthropic An AI safety company founded in 2021 by former OpenAI researchers, including Dario and Daniela Amodei.

Claude Anthropic's family of AI assistants, including Claude Haiku, Sonnet, and Opus.

Foundation Model A large AI model trained on broad data that can be adapted for many different tasks.

Gemini Google's flagship multimodal AI model family, developed by Google DeepMind.

── more in #ai-policy 4 stories · sorted by recency
── more on @eu 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/the-eu-ai-act-goes-f…] indexed:0 read:5min 2026-07-18 ·