EU AI Act moves to compliance

Europe’s artificial intelligence fight is leaving conference stages and landing in ticketing systems, test logs, and audit folders. The European Union’s Artificial Intelligence Act entered into force on August 1, 2024, and its next big deadline for many companies is August 2, 2026. (ec.europa.eu) The law does not treat every tool the same. It sorts systems by risk, bans a small set of uses outright, and puts the heaviest obligations on “high-risk” systems used in areas like hiring, education, critical infrastructure, and law enforcement. (ec.europa.eu) That schedule is already running. Rules for prohibited practices started applying on February 2, 2025, and rules for general-purpose artificial intelligence models started applying on August 2, 2025. (ec.europa.eu 1) (ec.europa.eu 2) So the work inside companies has changed. Last year was about figuring out whether the law would bite; this year is about proving, in writing, what a system does, what data shaped it, what tests it passed, and who signs off when it changes. (raconteur.net) (ec.europa.eu) For high-risk systems, the Act reads less like a speech and more like a factory checklist. Article 17 requires a documented quality management system covering design, testing, risk management, incident reporting, and communication with authorities. (ec.europa.eu) It also asks for automatic record-keeping. Article 12 says high-risk systems must generate logs across their lifecycle so investigators can trace what the system did, when it did it, and what went wrong if a failure appears later. (ec.europa.eu) The paperwork is not optional decoration. Annex IV requires a technical file with the system’s intended purpose, version history, architecture, training and testing details, performance metrics, risk controls, and post-market monitoring plan. (ec.europa.eu) Europe is also turning the law into engineering standards. The European Commission says standards will translate legal duties into common technical language, so companies can show “presumption of conformity” if they build to approved benchmarks. (ec.europa.eu 1) (ec.europa.eu 2) That is why vendor choice is starting to look different. If one model vendor can hand over documentation, logging hooks, testing evidence, and change-control records, and another offers only an application programming interface and a promise, the cheaper tool can become the more expensive one to keep. (axios.com) (raconteur.net) The politics have not disappeared, but they have moved down a floor. The European Commission now points companies to an Artificial Intelligence Act Service Desk, an Artificial Intelligence Pact for early preparation, and guidance for model providers, which is what regulators do when they expect audits instead of arguments. (ec.europa.eu 1) (ec.europa.eu 2) And the money is concrete. Article 99 allows fines of up to 35 million euros or 7 percent of worldwide annual turnover for prohibited practices, and up to 15 million euros or 3 percent for many other violations. (ec.europa.eu) So Europe’s artificial intelligence market is starting to reward boring things: version control, audit trails, test evidence, procurement clauses, and local compliance staff. The companies that treated the Artificial Intelligence Act like a policy debate now have about 16 weeks until August 2, 2026 to turn it into operating procedures. (axios.com) (raconteur.net)