EU AI Act high-risk obligations apply from 2 August 2026

Is your company's use of AI compliant with the EU AI Act?

KomplAI checks your AI systems' documents and source code against the EU AI Act, DORA and the GDPR — every citation to these regulations is machine-verified against the official EUR-Lex texts. Report, action plan and Word/Excel export in minutes.

Every citation to the AI Act, DORA & GDPR is machine-verified against the official EUR-Lex texts — for each finding you can see which provision is backed by the statute. Optional expert review: your findings are checked by a data-protection expert with over 10 years of experience before you rely on them.

Provider routing without data retention · A product by Tippel

What is the EU AI Act?

The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive law on artificial intelligence. It takes a risk-based approach: some AI practices are banned, “high-risk” AI is strictly regulated, and other systems carry transparency obligations.

It applies extraterritorially: any company that develops, provides or uses AI systems whose output affects people in the EU is in scope — regardless of where the company is based.

EU AI Act: risk tiers Unacceptable / Prohibited; High risk; Limited risk / Transparency duty; Minimal risk EU AI Act: risk tiers Unacceptable / Prohibited e.g. social scoring High risk e.g. hiring, credit scoring, biometrics Limited risk / Transparency duty e.g. chatbots, labelling AI content Minimal risk e.g. spam filters, AI in video games High-risk deadline: 02 Aug 2026

Why it matters

Fines up to €35M / 7%

Breaches of the prohibited-practice rules can be penalised with up to €35M or 7% of worldwide annual turnover.

More systems in scope than you think

Everyday AI applications are in scope — some as high-risk (e.g. hiring, credit scoring, biometric systems), others only via transparency duties (e.g. chatbots, labelling AI-generated content). Which tier applies depends on the specific use case — the same chatbot can move from the transparency tier into high-risk depending on how it is used.

The clock is ticking

Bans and AI-literacy duties have applied since February 2025. The major high-risk obligations kick in on 2 August 2026 — preparation takes time.

The stages & key dates (Art. 113)

⏱ 27 days left until the EU AI Act's high-risk obligations (2 August 2026).

  1. 01 Aug 2024 in force
    Entered into force
    The EU AI Act enters into force.
  2. 02 Feb 2025 in force
    Bans & AI literacy
    Prohibited AI practices (Art. 5) and the AI-literacy duty (Art. 4) apply — for providers AND deployers.
  3. 02 Aug 2025 in force
    GPAI models & penalties
    Obligations for general-purpose AI (GPAI) models, the governance structure and the penalty framework apply.
  4. 02 Aug 2026 upcoming
    High-risk obligations (Annex III)
    The core obligations for high-risk AI systems under Annex III (e.g. recruitment, credit scoring, critical infrastructure) apply — risk management, data governance, documentation, human oversight, conformity assessment.
  5. 02 Aug 2027 upcoming
    High-risk via product law (Annex I)
    Obligations for high-risk AI systems that are safety components under existing product legislation (Art. 6(1)).

How it works

1

Create a case & upload

system description, contracts, DPIA, technical docs or your code repository.

2

Choose a profile

full check, high-risk deep dive, code audit, DORA, GDPR or transparency documentation.

3

Get your result

risk classification, obligation gap analysis with applicability dates, gap list and prioritised measures.

Every citation to the AI Act, DORA and GDPR is machine-verified against the official EUR-Lex texts. How we check →