Field notes · Compliance

The EU AI Act in 2026: what applies now, what moved, and what to do regardless.

The headline this year is a delay, and the delay is being misread. Some of the AI Act already binds you, the biggest deadline is being pushed back but is not yet law, and the work that matters is the same whichever date wins. Here is the state of play in June 2026, in plain terms, from people who place AI workloads for a living rather than litigate them.

Published 9 June 2026 · Argus Root compliance practice · ~20 min read

Assess your AI readiness See the timeline →

The EU AI Act is the European Union's horizontal law for artificial intelligence, and in 2026 it sits in an unusual place: partly in force, partly delayed, and widely misunderstood as a result. The bans on the most harmful uses and the duty to keep your people AI-literate have applied since February 2025. The rules for general-purpose models have applied since August 2025. The large set of obligations for high-risk systems was written to apply from 2 August 2026, but a reform package agreed in May 2026 would move most of it to 2 December 2027, and that package is not yet law. So the honest answer to "what do I have to do" is: some things already, the heaviest things on a date that is moving, and a body of preparation that is worth doing no matter where the date lands.

A law that regulates uses, not the technology.

The Act's central idea is simple, and holding on to it makes the rest legible. It does not regulate artificial intelligence as such; it regulates what an AI system is used for, and scales the rules to the harm a use could cause.

Formally it is Regulation (EU) 2024/1689, published in July 2024 and in force since 1 August that year. Being a regulation rather than a directive matters, because it applies directly across all member states without each one having to pass its own version, so the text is the law in Dublin, Tallinn and Lisbon alike. That is also why it carries the same extraterritorial weight as the GDPR: it follows the European market and European users rather than stopping at a border.

The mechanism is a risk pyramid. A small set of uses judged to be against European values is banned outright. A larger set deemed high risk, because it decides or shapes outcomes in areas like employment, credit, education or essential services, is allowed but wrapped in obligations. Below that, a band of limited-risk uses carries lighter transparency duties, chiefly telling people when they are interacting with a machine or looking at AI-generated content. Everything else, which is most software in most companies, sits in a minimal-risk bucket with no specific obligations at all. The work of complying begins not with policies but with sorting your systems into those bands honestly, because almost every later question depends on the answer.

The phased timeline, and where it stands today.

The Act was never meant to switch on in one day. It arrives in stages, which is what lets some obligations bind you now while the largest set is still on the horizon.

Two milestones are already behind us and binding. Since 2 February 2025, the prohibited practices in Article 5 have been illegal to run, and the AI literacy duty in Article 4 has required organisations to make sure their people understand the systems they use. Since 2 August 2025, providers of general-purpose AI models have carried transparency and documentation duties, the EU's governance bodies including the AI Office have been operational, and member states have been expected to name their enforcement authorities and set penalty regimes. If your compliance work has not started, those are the parts you are already late on rather than early for.

The milestone everyone watches is 2 August 2026, the date the original text sets for the bulk of the high-risk obligations and several transparency rules to apply. After that, 2 August 2027 brings full compliance for general-purpose models that were already on the market before August 2025, and for high-risk AI embedded in regulated products. This is the schedule as enacted, and it is the schedule that still governs unless and until it is formally changed, a qualification that turns out to matter a great deal this year.

ai act timeline · enacted vs proposed

EU AI Act phased dates as enacted and as proposed under the Digital Omnibus.
Date	What applies	Status
2 Feb 2025	Prohibited practices, AI literacy duty	In force
2 Aug 2025	General-purpose AI, governance, penalties	In force
2 Aug 2026	High-risk (Annex III), transparency rules	Enacted date — delay pending
2 Dec 2027	High-risk (Annex III), if Omnibus adopted	Proposed, not yet law
2 Aug 2028	Product-embedded high-risk (Annex I), if adopted	Proposed, not yet law

The delay is agreed, and it is not yet law. Both are true.

This is the part being reported badly, and the gap between the headline and the legal reality is exactly where a compliance programme goes wrong.

By late 2025 it was clear the high-risk regime was running ahead of the tools needed to comply with it. The harmonised technical standards were not finished, several member states had not named their competent authorities, and the conformity-assessment machinery was not ready. So on 19 November 2025 the European Commission tabled the Digital Omnibus on AI, a package of targeted amendments whose centrepiece was a delay to the high-risk deadlines. A first negotiation in late April 2026 collapsed without agreement. The institutions returned to the table, and on 7 May 2026 the Parliament and Council reached a provisional political agreement, with member state representatives confirming it days later.

Under that agreement, the high-risk obligations for standalone Annex III systems move from 2 August 2026 to 2 December 2027, a deferral of about sixteen months, and the obligations for high-risk AI embedded in regulated products move from 2 August 2027 to 2 August 2028. A handful of other changes ride along, including a new prohibition aimed at AI tools that generate non-consensual intimate imagery and child sexual abuse material, and a later date for the watermarking of AI-generated content. What the package pointedly does not do is reopen the Act's architecture: the risk tiers, the conformity-assessment regime, the general-purpose model track and the role of the AI Office all stand unchanged.

Here is the sentence that should govern your planning. The new dates only become law once the agreement is formally adopted by the Parliament and the Council and published in the Official Journal, after which it takes effect three days later, and as of this writing in June 2026 that publication has not happened. Adoption is expected before August, and the EU's own bodies and the major advisers are already treating the later dates as the working baseline. But until the text is in the Official Journal, 2 August 2026 remains the date written into binding law. The competent reading of that is neither to panic about August nor to down tools until 2027; it is to plan against the later date while keeping the earlier one as the floor you could still be held to.

Whether it applies to you, and in which role.

Two questions decide your exposure: are you in scope at all, and if so, are you a provider or a deployer? The answers are less obvious than most companies assume.

Scope first. The Act binds providers that place an AI system or a general-purpose model on the EU market, whether or not they are established in the Union; deployers of AI systems located within the EU; and, in a clause that surprises people, providers and deployers based outside the EU when the output their system produces is used inside it. A company in London or New York that sells software to European customers, or whose model's results are consumed by users in the Union, is therefore usually in scope for some part of the regime. Establishment is not the test; the European market and the European user are.

Then the role. A provider develops an AI system, or commissions one, and offers it under its own name; the heaviest obligations, the conformity assessment, the technical documentation, the registration of high-risk systems, sit with the provider. A deployer uses an AI system under its own authority in the course of its business. Most companies are deployers, and deployers were never let off: a deployer of a high-risk system must keep meaningful human oversight, use the system within the instructions it came with, monitor how it behaves in the real world, and keep the logs that prove it. The line also moves. If you take a general-purpose model and fine-tune it, or put your own name on a system and change its purpose, you can cross from deployer to provider and inherit the obligations that come with it. Knowing which side of that line each of your systems sits on is not a legal nicety; it is the difference between a light set of duties and a heavy one.

AI literacy: the obligation you already have.

Amid the argument about deadlines years away, the duty that binds almost everyone right now gets overlooked. It has been live since February 2025, and it is the cheapest early win available.

Article 4 requires providers and deployers to take measures ensuring that the staff who operate their AI systems, and others acting on their behalf, have a sufficient level of AI literacy. There is no exam and no certificate to file; it is an organisational competence duty, judged against the technical knowledge of the people involved, the context the systems are used in, and who they affect. In practice it means role-appropriate training, written guidance on what each tool is for and where its limits sit, and a record that you have done it. A support agent using an AI assistant needs a different brief from the engineer who deployed it, and meeting the duty is about matching the understanding to the role rather than running everyone through the same slide deck.

It is worth doing properly for a reason beyond the rule itself. Most of the ways an AI system gets an organisation into trouble, feeding it personal data it should not see, trusting an output that should have been checked, using a tool for something it was never validated for, are failures of literacy before they are failures of technology. The training that satisfies Article 4 is the same training that prevents the incident, which makes it one of the few compliance obligations that earns its keep on the day you complete it rather than only when a regulator asks.

The four tiers, and what each one asks of you.

The category a system lands in determines the whole weight of the obligation. Getting the classification right is most of the work, and getting it wrong is most of the risk.

At the top sit the prohibited practices, banned since February 2025: among them social scoring by public authorities, manipulative systems that exploit vulnerability to distort behaviour, untargeted scraping of faces to build recognition databases, and, under the May 2026 agreement, tools built to generate non-consensual intimate imagery. These are not regulated; they are off limits, and running one carries the heaviest penalty in the Act. High-risk systems are the regulated middle, permitted but conditional, and they are where most of the compliance effort and cost concentrate. Limited-risk uses, chiefly chatbots and AI-generated media, carry transparency duties: a person must be told they are dealing with AI, and synthetic content must be marked as such. Minimal-risk systems, the spam filter and the recommendation engine and the bulk of business software, carry no specific obligation, though the literacy duty still touches the people who use them.

risk tier → obligation

The four AI Act risk tiers and the obligation each carries.
Tier	Example	What it requires
Unacceptable	Social scoring, manipulative systems	Banned outright
High risk	Hiring, credit, biometrics, essential services	Full obligations and conformity assessment
Limited	Chatbots, AI-generated content	Transparency and labelling
Minimal	Spam filters, recommendations	No specific obligation

What a high-risk system has to do.

If a system lands in the high-risk tier, the obligations are concrete and operational rather than aspirational. They are the part that takes months, which is why the deadline argument matters.

A high-risk system needs a risk management process that runs across its whole life rather than a one-off sign-off, and data governance that can show the training, validation and test data were relevant, representative and handled with their quality in view. It needs technical documentation detailed enough for an authority to judge compliance, and automatic logging so its operation can be reconstructed after the fact. It has to be designed for genuine human oversight, meaning a person can understand, intervene in and if necessary stop it, and it has to reach a level of accuracy, robustness and cybersecurity appropriate to its purpose. Before it goes on the market it must pass a conformity assessment and, for the Annex III categories, be entered in an EU database, with a declaration of conformity and the CE marking that follows.

Two things about that list are easy to miss. The first is that it is not a document exercise; the logging, the oversight design and the data lineage are engineering work that has to be built into the system, which is precisely why a sixteen-month delay was negotiated rather than waved away. The second is that deployers carry a slice of it even when a provider did the heavy lifting: a bank using a high-risk credit model still owes human oversight, correct use and monitoring, and cannot point at the vendor when something goes wrong. The obligations follow the system into your hands, and they need to be planned for from the side of whoever has to operate it.

The general-purpose model track.

Large language and multimodal models are governed by their own set of rules, separate from the risk tiers, and they have been live since August 2025.

A provider of a general-purpose AI model owes transparency and documentation: technical information for the authorities, enough detail for downstream developers to build on the model responsibly, a policy to respect EU copyright law, and a published summary of the data used to train it. Models judged to carry systemic risk, the largest and most capable, take on heavier duties around evaluation, adversarial testing, incident reporting and security. To make all of this workable, the EU put a voluntary Code of Practice in place that a provider can sign to demonstrate it is meeting the obligations, and through early 2026 a couple of dozen organisations had signed on, with some notable holdouts.

Most companies are not model providers and can read this track as context rather than obligation. The trap is the assumption that you are only ever a user. If you fine-tune an open model on your own data, host and rebrand a model, or modify one enough to change what it does, you can step into provider territory and pick up the documentation and copyright duties that come with it. For an organisation building on open models, which is increasingly the European pattern for keeping data in-region, that line is worth checking deliberately rather than assuming away, and it sits close to the questions we work through in production AI integration.

Who enforces it, and why that is part of the story.

A rule is only as real as the body that applies it, and the AI Act's enforcement is spread across several layers that were still being assembled when the delay was negotiated.

Most enforcement sits with the member states. Each is meant to designate national competent authorities, a market-surveillance authority to police systems in use and a notifying authority to oversee the bodies that run conformity assessments, and each sets its own penalties within the ceilings the Act fixes. Above the national layer, the European AI Office supervises general-purpose models directly and anchors the Union's technical capacity, while a European Artificial Intelligence Board brings the national regulators together to keep enforcement consistent rather than letting it fracture into twenty-seven interpretations. For a company operating across several member states, that structure means the authority you answer to depends on where your systems are placed and used.

The candid point is that this machinery was behind schedule, and that is not a detail; it is much of the reason the high-risk deadline moved. By late 2025 a number of member states had not yet named their authorities, the harmonised standards that tell a provider how to comply were unfinished, and the conformity-assessment infrastructure was incomplete. A deadline that asks companies to be assessed against standards that do not yet exist, by authorities that have not yet been appointed, was never going to hold, which is the unglamorous truth behind the Omnibus delay. It also means the reprieve is for the ecosystem to catch up rather than a signal that the obligations are softening, and the direction of travel has not changed.

The penalties, and the GDPR they sit beside.

The numbers are deliberately large, and the Act does not operate in isolation from the data law most European companies already answer to.

The fines are tiered to the seriousness of the breach. Running a prohibited practice is the most expensive, at up to €35 million or 7% of total worldwide annual turnover, whichever is higher, a ceiling that sits above the GDPR's own. Breaching most other obligations, including the high-risk requirements, reaches up to €15 million or 3% of turnover, and giving authorities incorrect or misleading information up to €7.5 million or 1%. The caps are adjusted downward for smaller companies, so the headline figure is the worst case for a large enterprise rather than a flat threat to everyone, but the structure makes the point that the most serious failures are meant to hurt.

The harder practical issue is the overlap with the GDPR. An AI system that processes personal data has to satisfy both laws at once, and the assessments they require are cousins rather than the same document. A high-risk use will frequently need a data protection impact assessment under the GDPR and a fundamental rights impact assessment under the AI Act, covering related ground from different angles. Running them as one coordinated exercise, rather than discovering months apart that each regulator wants its own analysis, is the difference between a manageable workload and a duplicated one. This is the seam where AI governance and data governance meet, and where treating them as one programme pays off, the same way our wider compliance and sovereignty work refuses to silo them.

Three ways this gets misread.

The same misunderstandings come up in nearly every conversation, and each one quietly creates risk by talking an organisation out of work it should be doing.

The first is that the delay means the Act can be ignored until 2027. It cannot: the prohibitions, the literacy duty and the general-purpose model rules are already in force, and the high-risk delay is agreed but not yet written into binding law, so an organisation that downs tools is exposed on two fronts at once. The second is the belief that buying AI rather than building it puts you outside the regime. A deployer of a high-risk system carries real duties of oversight, correct use and monitoring, and a vendor's compliance does not transfer to your use of the tool; the obligation follows the system to whoever operates it. The third, and the one we see most as operators, is treating this as purely a legal exercise. The hardest parts of high-risk compliance, the logging, the human-oversight design, the data lineage and the question of where a model runs, are engineering and architecture rather than paperwork, and a policy that describes controls the infrastructure cannot deliver is the most expensive kind of compliance theatre. The organisations that come through this well are the ones that read it as a build problem early, not a drafting problem late.

What to do this quarter, whichever date wins.

The delay tempts organisations to wait. The work that matters does not depend on the date, and most of it is hard to rush at the end, so the rational move is to start it now while the calendar is generous.

Begin with an inventory, because you cannot classify what you have not listed, and most companies underestimate how many AI systems are already in use across hiring, support, marketing and operations. Then classify each one by tier, with particular care around the high-risk categories, since that judgement drives everything downstream. Close the obligations that already bind you regardless of the August debate: confirm nothing you run falls under the prohibited practices, and put real AI literacy in place for the people who operate these systems, because that duty has been live since early 2025. For anything that looks high-risk, start the engineering now, the logging, the oversight design, the data lineage, because those are the parts a delayed deadline was created to accommodate and the parts you cannot assemble in a fortnight.

There is a question underneath all of this that the legal summaries tend to skip, and it is the one we care about most as operators: where do your models and your data run, and who can reach them? An AI governance file that says all the right things means little if the model processing European personal data sits on infrastructure outside the Union, under a jurisdiction whose authorities can compel access. For a European organisation, the AI Act, the GDPR and digital sovereignty are three views of the same question about control, and answering it well usually points toward keeping inference and training data in-region on infrastructure you can see into. That is the lens we bring, because we place these workloads rather than only advise on them, and it is where compliance stops being a document and becomes an architecture. Where it makes sense to test your standing properly, that is the work an AI readiness assessment exists to do.

Questions organisations are asking in 2026.

Does the EU AI Act apply to my company if we are not in the EU?

Often, yes. The Act reaches any provider that places an AI system or general-purpose model on the EU market regardless of where the provider is established, any deployer located in the EU, and providers or deployers outside the EU whose system output is used inside it. It is built with the same long arm as the GDPR, so a US or UK company serving European users or selling into European businesses is usually in scope for at least part of it.

When does the EU AI Act take effect, and what are the deadlines?

It entered into force on 1 August 2024 and applies in phases. The bans on prohibited practices and the AI literacy duty have applied since 2 February 2025; the general-purpose AI rules and the governance and penalty framework since 2 August 2025. The obligations for high-risk systems are the next large milestone, set in the original text for 2 August 2026, and full compliance for older general-purpose models lands on 2 August 2027.

Did the Digital Omnibus delay the AI Act?

It is on track to. On 7 May 2026 the Parliament and Council reached a provisional political agreement on the Digital Omnibus on AI that would move the high-risk obligations for standalone Annex III systems from 2 August 2026 to 2 December 2027, and for product-embedded Annex I systems from 2 August 2027 to 2 August 2028. The catch is that it is not law yet, so the delay is real in direction but not yet binding in fact.

Is the 2 August 2026 high-risk deadline still real?

As the law is written today, yes. The Omnibus delay only takes legal effect once it is formally adopted by Parliament and Council and published in the Official Journal, which is expected before August 2026 but has not happened as of this writing. Until publication, the original 2 August 2026 date remains the binding text, which is why the prudent course is to keep preparing for it while planning around the later date.

What are the four risk categories in the AI Act?

Unacceptable risk, which is banned outright; high risk, which is permitted but heavily regulated; limited risk, which mainly carries transparency duties such as telling people they are dealing with AI; and minimal risk, which covers most ordinary software and carries no specific obligations. The category your system falls into decides almost everything about what you must do, so classification is the first real step.

What counts as a high-risk AI system?

Two groups. Systems used in the sensitive areas listed in Annex III, including biometrics, critical infrastructure, education, employment and hiring, essential services, law enforcement, migration and the administration of justice. And AI that is a safety component of a product already regulated under EU law, such as medical devices, machinery or lifts. If your AI decides or materially influences outcomes for people in one of those areas, assume high risk until a proper assessment says otherwise.

What is the difference between a provider and a deployer?

A provider develops an AI system or has one developed and puts it on the market under its own name. A deployer uses an AI system under its own authority in the course of its work. The heavier obligations fall on providers, but deployers of high-risk systems have real duties too, including human oversight, using the system as instructed, and monitoring it in operation. Buying a system rather than building it reduces your burden; it does not remove it.

What are the fines for breaching the AI Act?

They are tiered and, at the top, larger than the GDPR's. Using a prohibited practice can cost up to €35 million or 7% of total worldwide annual turnover, whichever is higher. Breaching most other obligations, including the high-risk requirements, runs to €15 million or 3%, and supplying incorrect information to authorities to €7.5 million or 1%. The figures scale with company size, with lighter caps for smaller firms.

Does the AI Act apply to general-purpose AI like large language models?

Yes, through a dedicated track. Providers of general-purpose AI models carry transparency and documentation duties that have applied since 2 August 2025, with stricter obligations for models judged to pose systemic risk. A voluntary Code of Practice exists to help demonstrate compliance. Most companies are not model providers, but if you fine-tune or substantially modify a model you can take on provider obligations yourself, which is worth checking before you assume you are only a user.

What is the AI literacy obligation, and is it required now?

It is the duty under Article 4, in force since February 2025, to make sure the people who operate and are affected by your AI systems have enough understanding to use them sensibly. There is no certificate to obtain; it is an organisational competence requirement. In practice it means role-appropriate training and documentation, and it is one of the few obligations that already binds nearly everyone using AI at work today.

How does the AI Act interact with the GDPR?

They stack rather than replace each other. An AI system processing personal data must satisfy both, and many high-risk uses will need a GDPR data protection impact assessment and an AI Act fundamental rights impact assessment, which overlap but are not the same document. Where the AI Act asks about data governance and the GDPR about lawful basis and rights, the honest approach is to run the two analyses together rather than discover the gap between them late.

We only use AI tools bought from vendors. Are we still affected?

Probably, as a deployer. Even if you never build a model, using a high-risk system in hiring, credit, or another regulated area brings oversight, logging and monitoring duties, and the limited-risk transparency rules apply to anyone running a customer-facing chatbot. Your vendor's compliance does not automatically cover your use, so the practical first move is an inventory of every AI tool in the business and what each one is used for.

What should we do now if the high-risk deadline might move to 2027?

Treat the later date as your planning baseline and the earlier one as your risk floor, and do the work that pays off under either: inventory your AI systems, classify each by risk, close the obligations already in force such as literacy and prohibited-use checks, and decide where your models and their training data are allowed to run. None of that is wasted if the date moves, and all of it is hard to retrofit if it does not.

Who enforces the EU AI Act?

Enforcement is shared. Each member state designates national competent authorities to supervise and impose penalties, the European AI Office oversees general-purpose models at Union level, and a European Artificial Intelligence Board coordinates across countries. The penalties themselves are set in national law within the Act's ceilings. A weak point in 2026 is that not every member state has named its authorities yet, which is part of why the high-risk timeline was judged unrealistic and pushed back.

Do AI systems already in use have to comply, or only new ones?

There are transitional rules. High-risk systems placed on the market before the relevant application date are generally caught only if they are significantly changed afterwards, with public-sector systems treated more strictly. General-purpose models on the market before 2 August 2025 have until 2 August 2027 to comply. New systems get no such grace, so the safe reading is that anything you launch or materially alter from here is held to the current rules in full.

AI readiness assessment

Know where you stand before the date decides for you.

We inventory your AI systems, classify each by risk, flag what already binds you and what is coming, and tell you where your models and data are allowed to run. You get a clear picture and a roadmap that holds whether the high-risk deadline lands in 2026 or 2027, built by people who place these workloads rather than only write about them.

Book an AI readiness assessment More field notes →

Plain English, not legalese Classified by risk, not by fear Your models and data stay in the EU