EU AI Act becomes compliance work

Europe’s artificial intelligence law is no longer a policy memo problem. With the European Union’s Artificial Intelligence Act moving toward full application on August 2, 2026, companies are being pushed to prove how their systems work, what data they used, and who signed off on the risks. (digital-strategy.ec.europa.eu, raconteur.net) The timetable is staggered, and that is why the compliance scramble is happening now. The law entered into force on August 1, 2024, banned a first set of prohibited uses from February 2, 2025, and started applying rules for general-purpose models on August 2, 2025, before the broader regime lands in August 2026. (digital-strategy.ec.europa.eu, digital-strategy.ec.europa.eu, digital-strategy.ec.europa.eu) That sequence changes what legal teams have to do. A company cannot satisfy this law with a slide deck on “responsible artificial intelligence” if an auditor later asks for training-data records, incident logs, test results, and evidence that a human reviewed a dangerous use case. (raconteur.net, digital-strategy.ec.europa.eu) The law works like airport security, not a driver’s ed class. Most low-risk tools face light rules, but systems used in areas like employment, education, critical infrastructure, and some law-enforcement settings fall into a high-risk bucket with mandatory controls before and after launch. (digital-strategy.ec.europa.eu) For the biggest model makers, Europe already moved past general principles last summer. Since August 2, 2025, providers of general-purpose models have had to meet transparency and copyright-related duties, and the most powerful models face extra safety and security obligations if they create what Brussels calls systemic risk. (digital-strategy.ec.europa.eu, digital-strategy.ec.europa.eu) Europe is also publishing instructions, not just statutes. The European Commission has already issued guidelines on prohibited practices and on the scope of general-purpose model obligations, which tells companies that Brussels wants the rules translated into checklists, definitions, and enforcement files. (digital-strategy.ec.europa.eu, digital-strategy.ec.europa.eu) Now a second European rulebook may land on top of the first one. On April 10, 2026, Reuters reported that the European Commission was analyzing whether ChatGPT should be treated as a very large online platform or search engine under the Digital Services Act after OpenAI reported user numbers above the threshold. (reuters.com, channelnewsasia.com) That matters because the two laws do different jobs. The Artificial Intelligence Act governs the model and the product’s risk controls, while the Digital Services Act governs a large public-facing service’s platform duties, including how it handles systemic risks and oversight at scale. (reuters.com, digital-strategy.ec.europa.eu) So the practical work inside companies is getting more technical, not more rhetorical. Firms now need model inventories, documented testing, traceable approval chains, and a way to show regulators that a chatbot, hiring tool, or fraud model did not just ship fast but shipped with evidence. (raconteur.net, corporatecomplianceinsights.com) The old strategy was to wait for Brussels to clarify the fine print. The new strategy is to assume the fine print is arriving on schedule, build the controls now, and be ready for August 2, 2026, when “trustworthy artificial intelligence” stops being a slogan and starts being a file cabinet. (raconteur.net, digital-strategy.ec.europa.eu)