Europe turns AI rules into audits
Brussels is moving from principle to enforcement: the EU’s second AI Act deadline is approaching and officials are pushing a 'guardrails first' approach while auditors and IT teams prepare for mandatory controls and trailability. At the same time, the Commission is analysing whether ChatGPT meets thresholds that would classify it as a very large platform under the Digital Services Act, which would layer platform obligations on top of AI rules. (itpro.com, raconteur.net, reuters.com)
Europe is about to stop treating artificial intelligence rules like a policy memo and start treating them like a fire inspection. On 2 August 2026, most of the European Union’s Artificial Intelligence Act starts applying, and companies will need records, controls, and proof that their systems can be checked after the fact. (ec.europa.eu, raconteur.net) The European Union wrote this law in stages. Bans on certain uses and basic artificial intelligence literacy rules started on 2 February 2025, rules for general-purpose models started on 2 August 2025, and the big compliance block lands on 2 August 2026. (ec.europa.eu, ec.europa.eu) That 2026 block is the part companies fear because it turns broad ideas into operational chores. The Raconteur compliance guide says information technology teams now have to map every model, application programming interface connection, and legacy system link so an auditor can see where an automated decision came from. (raconteur.net) The law works like a risk ladder. The toughest obligations land on “high-risk” systems, which include tools used in areas like employment, education, and essential services, where a bad model can affect a job, a loan, or access to public benefits. (ec.europa.eu, legalnodes.com) For those systems, “traceability” is the key word. In plain English, Europe wants a paper trail for machine decisions: what data went in, which model version ran, what human checks existed, and what happened when something went wrong. (raconteur.net, ec.europa.eu) That is why the scramble is moving from lawyers to auditors and infrastructure teams. A policy that says “be safe” is not enough if a regulator asks six months later which model answered a customer, which prompt was used, and whether the output was reviewed before it reached a bank client or hospital worker. (raconteur.net) At the same time, Brussels is looking at ChatGPT through a second law that was not written for artificial intelligence at all. Reuters reported on 10 April 2026 that the European Commission is analysing whether ChatGPT should be treated as a “very large online search engine” under the Digital Services Act after OpenAI reported user numbers above the legal threshold. (reuters.com, usnews.com) That threshold is 45 million monthly users in the European Union. If the Commission confirms the classification, ChatGPT would not just face artificial intelligence rules about models and documentation; it would also face platform rules about systemic risks, transparency, and outside scrutiny. (reuters.com, politico.eu) The overlap is the real story. One law asks whether an artificial intelligence system is safe to build and use, and the other asks whether a giant digital service is safe to operate at scale when millions of people rely on it for information. (ec.europa.eu, reuters.com) So Europe’s artificial intelligence debate is shifting from frontier-model hype to compliance plumbing. The next fight is less about whether rules exist and more about whether companies can show logs, controls, testing records, and named accountability before 2 August 2026 arrives. (raconteur.net, ec.europa.eu)
