EU moves from law to practice

Europe’s artificial intelligence law is moving out of the legal department and into procurement, security reviews, and product design. Cisco and Belgian firm ML6 signed a memorandum of understanding on April 14, 2026, to help customers prepare for the next phase of the European Union Artificial Intelligence Act. (techzine.eu) ML6 is joining Cisco’s Artificial Intelligence Defense Design Partner Program as one of its first European partners, and the companies said the work will focus on securing artificial intelligence applications and preparing them for compliance. ML6 said it has more than 140 specialists and is headquartered in Ghent, Belgium. (ml6.eu) Cisco’s tool is pitched as a way to test models for vulnerabilities and add guardrails while systems are running, across cloud, on-premises, and hybrid setups. Techzine described that approach as an “algorithmic red team,” meaning continuous stress tests for live artificial intelligence systems. (techzine.eu) At the same time, the European Commission’s Artificial Intelligence Act Service Desk has started answering a practical question companies kept asking: where do artificial intelligence agents fit. The Commission’s frequently asked questions now include a section on “agentic artificial intelligence” and “artificial intelligence agents,” according to the International Association of Privacy Professionals on April 2, 2026. (iapp.org) That matters because the law does not create a separate legal bucket for agents. The Commission’s service desk says the Act applies through the existing rules, and flagged the ban on harmful manipulation and exploitation of vulnerabilities in Article 5(1) as especially relevant. (iapp.org) The European Commission has been building the plumbing for this shift since August 2025, when it launched the Artificial Intelligence Act Service Desk and Single Information Platform. The site now offers an Artificial Intelligence Act Explorer, a compliance checker, and a channel for companies to submit questions to experts working with the European Union Artificial Intelligence Office. (ai-act-service-desk.ec.europa.eu) The timing is driving the scramble. The Act entered into force on August 1, 2024; prohibited practices and artificial intelligence literacy duties started applying on February 2, 2025; and the Commission says the law is being rolled out through a phased timetable tied to risk levels. (ai-act-service-desk.ec.europa.eu, digital-strategy.ec.europa.eu) For many companies, the next hard date is August 2026, when another major set of requirements begins to apply. Cisco and ML6 both framed their partnership around that deadline, saying organisations need to show their systems are safe, transparent, and accountable before those provisions bite. (techzine.eu, ml6.eu) The Commission still describes the law as risk-based, with the toughest rules reserved for uses that can affect safety, livelihoods, or fundamental rights. But the new service-desk guidance and the Cisco-ML6 deal show where the market is moving: less debate over whether the law exists, more work on logs, testing, controls, and evidence for an audit trail. (digital-strategy.ec.europa.eu, ai-act-service-desk.ec.europa.eu)