EU AI Act · Compliance Guide

EU AI Act Compliance Deadline 2026: What You Must Do Now

August 2, 2026 is the binding date for EU AI Act enforcement, covering prohibitions, GPAI obligations, Article 50 transparency rules, Article 49 registration, and full penalty authority. If your company builds, deploys, or sells AI that touches EU persons, this deadline applies to you.

Better Societies · Updated June 2026 · 8-minute read

2 Aug
2026

The binding enforcement date. Prohibitions on unacceptable-risk AI are already in force. GPAI model obligations, transparency duties under Article 50, registration under Article 49, and full penalty authority (up to 7% of global turnover) all apply from August 2, 2026. Companies that are not compliant by this date face enforcement action.

What becomes binding on August 2, 2026

1. Prohibited AI practices (Article 5)

The prohibitions on "unacceptable risk" AI came into force February 2, 2026 and are already enforceable. If your AI system uses subliminal manipulation, exploits vulnerable groups, deploys real-time remote biometric identification in public spaces without authorization, or operates social scoring systems, you must stop immediately. There are no grace periods remaining on these provisions.

2. General-Purpose AI (GPAI) model obligations

If you develop or place a GPAI model on the EU market, the full Article 53 obligations apply August 2, 2026. These include technical documentation, transparency information for downstream operators, and an acceptable-use policy. Providers of GPAI models with systemic risk (trained on more than 10^25 FLOPs) have additional obligations including adversarial testing and incident reporting to the EU AI Office.

3. Transparency obligations: Article 50

Any AI system that interacts with natural persons (chatbots, voice agents, synthetic media generation) must comply with Article 50 from August 2, 2026. Users must be informed in a clear, timely manner that they are interacting with AI, unless this is obvious from context. Emotion recognition and biometric categorization systems must also inform subjects of their operation.

4. Registration: Article 49 and the EU AI Act database

High-risk AI systems listed in Annex III must be registered in the EU AI Act database before being placed on the market. Providers must complete registration via the European AI Office portal. Some standalone high-risk systems required earlier registration; full Annex III high-risk registration enforcement applies December 2, 2027 (a one-year deferral confirmed by the Digital Omnibus proposal), but registration preparation should begin now.

5. Enforcement authority and penalties

From August 2, 2026, national market surveillance authorities have full enforcement power. Penalties reach:

One clarification on high-risk Annex III timing: The Digital Omnibus proposal (still under discussion) proposes deferring Annex III high-risk system obligations to December 2, 2027. The August 2, 2026 date remains binding for everything else, including GPAI, Article 50 transparency, Article 49 registration, and enforcement authority. Plan for August 2026 as your primary deadline.

Who is in scope

The EU AI Act applies to any provider, deployer, or importer of AI systems that:

This means a US-incorporated fintech whose AI credit-scoring model serves EU customers is in scope. A Singapore SaaS company whose chatbot has EU users is in scope. Geographic incorporation is not a defense.

The compliance checklist: what to complete before August 2

Pre-August 2, 2026 compliance actions

AI system inventory: Map every AI system you build or deploy that touches EU persons. Classify each against the risk tiers: prohibited, high-risk (Annex III), limited-risk, minimal-risk.
Prohibited practices audit: Confirm no system uses subliminal manipulation, social scoring, untargeted scraping of biometric data, or real-time public biometric identification without authorization.
GPAI assessment: If you develop a GPAI model, complete technical documentation per Article 53. If your model exceeds the systemic risk threshold, notify the EU AI Office and begin adversarial testing.
Article 50 transparency: Add clear AI disclosure to every user-facing AI interaction. Chatbots, voice agents, and AI-generated content all need compliant disclosure before August 2.
EU representative: If you are not established in the EU but place AI on the EU market, appoint an EU representative by August 2, 2026.
Data governance: Document the training data used for AI systems you develop. This applies to GPAI models and any system in the high-risk categories you expect to register.
Incident response process: Establish a process for reporting serious incidents involving AI systems to national authorities. GPAI providers with systemic risk must have continuous monitoring in place.
Conformity assessment preparation: For Annex III high-risk systems, begin (but not necessarily complete) conformity assessment documentation now. Full obligation kicks in December 2, 2027, but preparation takes 3-6 months for most organizations.

The common compliance gaps we see in fintech and AI companies

After working with AI companies preparing for August 2026, we see the same gaps repeatedly:

The cost of waiting

Companies that begin compliance work in Q3 2026 will face three compounding problems: enforcement has already started, the organizational and technical work takes 6-12 weeks minimum, and conformity documentation for Annex III systems requires specialist knowledge that takes months to develop internally.

The Big 4 consultancies charge €200,000-€400,000 for a full EU AI Act conformity package. Regulatory technology subscriptions run €25,000 per year with no delivered compliance. Neither option results in a signed, submittable compliance package in the timeframe available before August 2026.

Related EU AI Act Resources

Know your risk before August 2

The free EU AI Act Risk Classifier tells you your tier, your obligations, and your deadline in 90 seconds. No form. No email required.

Use the free Risk Classifier Book a compliance assessment