EU AI Act enforcement soon

Europe’s artificial intelligence law is no longer a distant policy fight. The European Union’s Artificial Intelligence Act entered into force on August 1, 2024, banned some uses from February 2, 2025, and starts applying key rules for many high-risk systems from August 2, 2026. (digital-strategy.ec.europa.eu) (eur-lex.europa.eu) The law works like airport security with different lanes. A chatbot that just needs to tell you it is a machine faces lighter transparency rules, while an artificial intelligence system used for hiring, credit scoring, or critical infrastructure can fall into the high-risk lane with much heavier checks. (digital-strategy.ec.europa.eu) (eur-lex.europa.eu) That August 2, 2026 date is the one companies keep circling because the hard paperwork starts to look like hard engineering. The European Commission says the provisions kicking in then include data governance, transparency, documentation, human oversight, and robustness requirements for high-risk systems. (eur-lex.europa.eu) (digital-strategy.ec.europa.eu) For teams shipping models into production, “documentation” does not mean a policy memo in a shared folder. It means being able to show what data went in, what model version ran, what guardrails were active, what outputs came out, and who signed off when something changed. (raconteur.net) (eur-lex.europa.eu) The European Union already moved early on the biggest foundation models. Obligations for providers of general-purpose artificial intelligence models started applying on August 2, 2025, and the European Commission says those rules cover technical documentation, information for downstream providers, and copyright-policy compliance, with extra duties for models judged to carry systemic risk. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) That creates a chain-of-custody problem. If one company builds the base model, another fine-tunes it, and a third wraps it into a hiring or insurance product, each layer needs enough records to prove what the system can do and where the risk came from. (digital-strategy.ec.europa.eu) (securityboulevard.com) The new headache is artificial intelligence agents, which are tools that can take actions instead of just answering questions. Once a system can send an email, approve a refund, move money, or trigger another tool, companies need to prove not only what the model said but what it intended to do and which identity it was acting under. (biometricupdate.com) (digital-strategy.ec.europa.eu) That is why “logging” has become the unglamorous center of the story. Logs are the flight recorder for an artificial intelligence system, and without complete records of prompts, tool calls, outputs, overrides, and user context, an operator may struggle to explain a harmful decision to a regulator. (raconteur.net) (securityboulevard.com) Enforcement will not come from one office in Brussels doing everything itself. The European Artificial Intelligence Office handles general-purpose model oversight, while national market-surveillance authorities across member states are responsible for supervising and enforcing much of the rest of the law. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) The penalty numbers are big enough to get board attention fast. The law allows fines as a share of annual turnover or as fixed amounts, whichever is higher, with the toughest tier aimed at banned practices. (eur-lex.europa.eu) (digital-strategy.ec.europa.eu) So the European Union’s artificial intelligence law is turning into a build-and-prove regime. If a company cannot show evidence for how a model was trained, tested, monitored, and constrained by August 2, 2026, the problem will look less like legal interpretation and more like missing infrastructure. (eur-lex.europa.eu) (raconteur.net)