EU AI Act deadlines loom

The European Union’s AI Act is no longer a distant policy plan: its next big compliance deadline, for high-risk systems, arrives on August 2, 2026. (digital-strategy.ec.europa.eu) The law entered into force on August 1, 2024, and the European Commission says it applies in stages: banned AI practices and AI-literacy duties started on February 2, 2025, while the full regime takes effect on August 2, 2026, with some later obligations still to come. (digital-strategy.ec.europa.eu) The Act uses a risk ladder. Systems judged an “unacceptable risk” are banned, while “high-risk” systems — including some uses in hiring, law enforcement, and public services — face tighter rules before they can be placed on the market or used. (digital-strategy.ec.europa.eu; autoriteitpersoonsgegevens.nl) For providers of high-risk AI, Article 9 is one of the core obligations. The regulation requires a risk-management system that runs throughout the system’s lifecycle, alongside testing and other compliance steps tied to safety and fundamental-rights risks. (eur-lex.europa.eu) That deadline is colliding with a second problem: enforcement will be national, not centralized in one Brussels regulator. The Commission says each member state must appoint one or more market-surveillance authorities and, if it uses several, designate a single point of contact. (digital-strategy.ec.europa.eu) The European AI Office, inside the Commission, will oversee general-purpose AI models, while national authorities will police prohibited and high-risk systems. The Commission says member states were supposed to designate and empower national competent authorities by August 2, 2025. (digital-strategy.ec.europa.eu) The Netherlands shows how fragmented that can get. Under draft Dutch plans published this week, 10 regulators would share AI Act supervision, with the Dutch Data Protection Authority and the State Inspectorate of Digital Infrastructure coordinating alongside sector regulators. (pinsentmasons.com) Pinsent Masons reported that the Dutch consultation opened on April 20, 2026 and runs until June 1, 2026. The firm said the draft arrived more than eight months after the August 2, 2025 deadline for national implementation measures on enforcement. (pinsentmasons.com) The Commission says market-surveillance authorities can investigate systems remotely, demand documentation, datasets and source code, order corrective measures, and coordinate with other member states through the European AI Board. (digital-strategy.ec.europa.eu) Dutch regulators are already telling organizations not to wait. The Dutch Data Protection Authority says prohibited systems have applied since February 2, 2025, additional requirements start on August 2, 2026, and companies should begin preparing now. (autoriteitpersoonsgegevens.nl)