EU AI Act: implementation gap

Europe already has an artificial intelligence law on the books, but the hardest part is still missing: the instruction manual. The European Commission says the Artificial Intelligence Act entered into force on August 1, 2024, but many of its biggest obligations arrive in stages through August 2, 2027. (digital-strategy.ec.europa.eu) (ai-act-service-desk.ec.europa.eu) The first deadline has already passed. The Commission says bans on certain uses, including social scoring and some real-time remote biometric identification by police, started applying on February 2, 2025. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) The next big step hit on August 2, 2025, when rules for general-purpose artificial intelligence models started applying. Those are the base models that can be reused for many jobs, like writing, coding, or image generation, and the Commission published separate guidance to explain who counts as a provider and what documentation is expected. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) The bigger bottleneck is the category called high-risk systems, which covers tools used in areas like hiring, education, critical infrastructure, and law enforcement. For those systems, the main compliance date is August 2, 2026, and the law demands risk management, technical documentation, logging, human oversight, accuracy, robustness, and cybersecurity. (digital-strategy.ec.europa.eu) (ai-act-service-desk.ec.europa.eu) That sounds clear until a company asks the practical question: what exact documents, tests, and benchmarks will prove compliance. The Act says providers can rely on harmonised standards for a presumption of conformity, and if those standards do not exist or are not used, some systems must go through a stricter conformity assessment route involving a notified body. (digital-strategy.ec.europa.eu) (ai-act-service-desk.ec.europa.eu) Those standards are still being written. The Commission says it sent the standardisation request in May 2023, and CEN and CENELEC, the two main European standards bodies, are still developing the package meant to support the law. (ai-watch.ec.europa.eu) (cencenelec.eu) That leaves companies in a familiar regulatory gap: the law names the destination, but not the road markings. The Commission has published detailed guidelines for banned practices and for general-purpose models, but equivalent sector-by-sector operating guidance for many high-risk use cases is still thinner than the deadlines now approaching. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) (digital-strategy.ec.europa.eu 3) The plumbing on the enforcement side is also still being assembled. The law requires national authorities, notifying authorities, and notified bodies, and the Act’s own service desk lays out application and notification procedures for those conformity assessment bodies because they are the ones that certify some systems when standards are missing or not followed. (ai-act-service-desk.ec.europa.eu) (ai-act-service-desk.ec.europa.eu) When regulators move slower than the clock, the market fills the vacuum. Law firms, auditors, software vendors, and standards groups start building their own checklists, model cards, risk templates, and testing routines, which can become the de facto rulebook before the official one is finished. (digital-strategy.ec.europa.eu) (ai-watch.ec.europa.eu) So Europe’s artificial intelligence law is no longer a future project. By April 10, 2026, parts of it are already live, the August 2, 2026 high-risk deadline is close, and the central fight is no longer over whether to regulate artificial intelligence but over who gets to write the practical playbook that businesses will actually use. (digital-strategy.ec.europa.eu) (ai-act-service-desk.ec.europa.eu)