EU AI Act · deadline 2 August 2026

EU AI Act: the obligations that apply from 2 August 2026

20 days left until the deadline for high-risk AI systems.

On 2 August 2026 the core obligations of the EU AI Act (Regulation (EU) 2024/1689) for high-risk AI systems under Annex III become applicable. Anyone who provides or deploys such systems must, from that day, be able to evidence risk management, documentation, human oversight and more. This guide summarises exactly what applies.

What happens on 2 August 2026?

The EU AI Act applies in phases. 2 August 2026 is the most important date for most companies, because the obligations for high-risk applications take effect then:

Obligations for high-risk AI systems (Art. 8–15)

Risk management · Art. 9

A continuous, documented process to identify and mitigate risks across the whole lifecycle.

Data governance · Art. 10

Training, validation and test data must be relevant, representative and as error-free as possible.

Technical documentation · Art. 11

Complete documentation per Annex IV that demonstrates conformity — before placing on the market.

Record-keeping · Art. 12

Automatic logging of events to ensure traceability of the system's operation.

Transparency · Art. 13

Deployers must be able to understand and correctly use the system — including instructions for use.

Human oversight · Art. 14

Humans must be able to effectively oversee the system and intervene (stop, override).

Accuracy & robustness · Art. 15

Appropriate accuracy, robustness and cybersecurity throughout the lifecycle.

Obligations for providers and deployers (Art. 16–27)

Beyond the requirements on the system itself, providers and deployers have organisational duties:

Fines: what does a breach cost?

up to €35M / 7%

Breach of prohibited practices (Art. 5) — the highest tier (Art. 99).

up to €15M / 3%

Breach of the high-risk obligations and other requirements.

up to €7.5M / 1%

Incorrect or incomplete information provided to authorities.

The higher of the fixed amount or the percentage of worldwide annual turnover applies.

EU AI Act, GDPR and DORA together

If your AI system processes personal data, the AI Act obligations apply on top of the GDPR (legal basis, DPIA under Art. 35 where relevant, automated decisions under Art. 22). For financial entities, DORA adds digital operational resilience. KomplAI checks all three frameworks in one run.

Frequently asked questions

Does the EU AI Act apply to small companies too?
Yes. The AI Act attaches to the AI system and its intended purpose, not to company size. SMEs that provide or deploy a high-risk system are covered too — there are only limited reliefs on documentation and fees.
What is a high-risk AI system?
In short: AI in one of the eight Annex III areas (e.g. employment, creditworthiness, critical infrastructure) or as a safety component of regulated products (Annex I). Details and the Art. 6(3) exception are covered in our Annex III guide.
What happens if I miss 2 August 2026?
From the deadline the obligations are enforceable; authorities can impose fines up to €15M or 3% of worldwide annual turnover. More important than the date itself is a demonstrable, documented state of implementation.
Do I need to act already?
Yes — inventory, classification and documentation take lead time. Our roadmap to August 2026 shows the steps in the right order.

This guide is a factual orientation and does not replace legal advice. Citations refer to Regulation (EU) 2024/1689.