Does the EU AI Act apply to companies outside the EU?

Yes. The Act applies to providers placing AI systems on the EU market, deployers located in the EU, and providers/deployers located outside the EU whose AI system's output is used in the EU. If you serve EU customers, you are likely covered.

What if we use AI from a third-party vendor?

You are still responsible. As a deployer under the Act, you have obligations including ensuring human oversight, monitoring operation, and reporting serious incidents. You should verify that your vendors are compliant and include appropriate contractual provisions.

Is ChatGPT or Claude use covered by the EU AI Act?

Using foundation models generally falls under the transparency requirements, not high-risk requirements—unless you are using them for a high-risk purpose like hiring decisions or credit scoring. The model providers have separate GPAI obligations.

What counts as a conformity assessment?

For most high-risk AI systems, it is a self-assessment where you verify compliance with requirements and document your assessment. Some categories like biometrics, critical infrastructure, and law enforcement require assessment by an independent notified body.

What are the EU AI Act penalties?

Up to €35 million or 7% of global annual revenue for prohibited AI practices. Up to €15 million or 3% for high-risk AI requirement violations. The higher amount applies.

EU AI Act Deadline: 7-Month Compliance Guide

The EU AI Act deadline for high-risk AI systems is August 2, 2026. Here is your complete 7-month compliance timeline with actionable steps.

Introduction

The European Union's Artificial Intelligence Act (EU AI Act) represents the world's first comprehensive AI regulation. For companies developing or deploying high-risk AI systems, the deadline is fast approaching: August 2, 2026.

With penalties reaching up to €35 million or 7% of global annual turnover, compliance is not optional. This guide provides a clear, actionable roadmap for the next 7 months.

Understanding High-Risk AI Systems

Before diving into the timeline, it's crucial to understand what constitutes a "high-risk" AI system under the EU AI Act:

AI systems used in products subject to EU conformity assessment (e.g., medical devices, machinery)
AI systems in specific use cases such as:
- Biometric identification and categorization
- Critical infrastructure management
- Educational and vocational training
- Employment and worker management
- Access to essential services
- Law enforcement
- Migration and border control
- Administration of justice

If your AI system falls into any of these categories, you need to act now.

Check Your EU AI Act Readiness

Take our free assessment to see where you stand with EU AI Act compliance.

Take EU AI Act Assessment

The 7-Month Compliance Timeline

Month 1 (January 2026): Assessment and Planning

Week 1-2: Gap Analysis

Conduct a comprehensive audit of your current AI systems
Identify which systems qualify as "high-risk"
Document existing compliance measures
Identify gaps in documentation, risk management, and quality assurance

Week 3-4: Compliance Team Formation

Assign a compliance officer or team
Establish clear responsibilities and reporting lines
Set up project management tools and timelines
Begin stakeholder education

Deliverables:

Gap analysis report
Compliance roadmap
Resource allocation plan

Month 2 (February 2026): Risk Management Framework

Week 1-2: Risk Management System

Develop a risk management system aligned with EU AI Act requirements
Create risk assessment templates
Establish risk monitoring and mitigation procedures
Document risk management processes

Week 3-4: Quality Management System

Set up a quality management system for AI development
Create quality assurance procedures
Establish testing and validation protocols
Document quality management processes

Deliverables:

Risk management system documentation
Quality management system documentation
Risk assessment reports for each high-risk system

Month 3 (March 2026): Technical Documentation

Week 1-2: Technical Documentation Structure

Create templates for technical documentation
Document system architecture and design
Document training data and data governance
Document model performance and limitations

Week 3-4: Completing Technical Documentation

Complete technical documentation for all high-risk systems
Include information on:
- System capabilities and limitations
- Training methodologies
- Data governance and quality
- Performance metrics and evaluation
- Post-market monitoring plans

Deliverables:

Complete technical documentation for each high-risk AI system
Documentation templates for future systems

Building comprehensive operational documentation is critical for EU AI Act compliance. Our documentation services help you create the technical documentation required by the Act.

Month 4 (April 2026): Data Governance and Quality

Week 1-2: Data Governance Framework

Establish data governance policies
Create data quality standards
Implement data collection and labeling procedures
Document data sources and lineage

Week 3-4: Training Data Documentation

Document all training datasets
Create data quality reports
Establish data retention policies
Implement bias detection and mitigation measures

Deliverables:

Data governance framework documentation
Training data documentation
Data quality reports

Month 5 (May 2026): Human Oversight and Transparency

Week 1-2: Human Oversight Framework

Design human oversight mechanisms
Create procedures for human intervention
Train staff on oversight responsibilities
Document oversight processes

Week 3-4: Transparency and User Information

Develop user-facing documentation
Create clear explanations of AI system capabilities
Design user interfaces that explain AI decisions
Prepare transparency reports

Deliverables:

Human oversight framework documentation
User information materials
Transparency reports

Month 6 (June 2026): Testing, Validation, and Registration

Week 1-2: Testing and Validation

Conduct comprehensive testing of all high-risk systems
Validate compliance with EU AI Act requirements
Perform bias and fairness assessments
Document test results and validation procedures

Week 3-4: EU Database Registration

Prepare registration information for EU database
Register all high-risk AI systems
Ensure all required information is complete and accurate
Verify registration status

Deliverables:

Test reports and validation documentation
EU database registration confirmations
Compliance verification reports

Month 7 (July 2026): Final Preparations and Monitoring

Week 1-2: Post-Market Monitoring

Establish post-market monitoring systems
Create incident reporting procedures
Set up feedback collection mechanisms
Train staff on monitoring responsibilities

Week 3-4: Final Review and Launch

Conduct final compliance review
Address any remaining gaps
Prepare for August 2, 2026 deadline
Launch compliance program

Deliverables:

Post-market monitoring system
Incident reporting procedures
Final compliance certification
Launch readiness confirmation

Key Compliance Requirements

1. Risk Management System

You must establish, document, implement, and maintain a risk management system throughout the entire lifecycle of your AI system. This includes:

Identification and analysis of known and foreseeable risks
Estimation and evaluation of risks
Risk evaluation and assessment
Risk control measures

2. Data Governance

High-risk AI systems must be developed using training, validation, and testing data that meets specific quality criteria:

Relevant, representative, and free of errors
Sufficient in quantity and quality
Appropriate for the intended purpose
Subject to data governance practices

Effective data governance requires robust documentation systems to track data sources, quality metrics, and lineage throughout your AI system's lifecycle.

3. Technical Documentation

You must create and maintain technical documentation that demonstrates compliance, including:

System description and architecture
Training methodologies and data
Performance metrics and evaluation
Risk management measures
Post-market monitoring plans

Need help with operational documentation? We specialize in creating compliance-ready documentation systems for AI companies.

4. Record Keeping

Maintain logs of your AI system's operation, including:

Input data
Output data
System performance
Incidents and anomalies

5. Transparency and User Information

Provide clear and adequate information to users, including:

System capabilities and limitations
Expected level of accuracy
Human oversight measures
Instructions for use

6. Human Oversight

Implement human oversight measures to:

Prevent or minimize risks
Detect and address anomalies
Intervene when necessary
Verify outputs

7. Accuracy, Robustness, and Cybersecurity

Ensure your AI system:

Achieves an appropriate level of accuracy
Is robust and resilient
Meets cybersecurity requirements
Performs consistently

Common Pitfalls to Avoid

Starting too late: Compliance requires significant time and resources. Don't wait until the last minute.
Incomplete documentation: Technical documentation must be comprehensive and up-to-date. Incomplete documentation can result in non-compliance.
Ignoring data governance: Data quality is fundamental to compliance. Poor data governance can lead to biased or inaccurate systems.
Lack of human oversight: Human oversight is mandatory, not optional. Ensure you have proper oversight mechanisms in place.
Insufficient testing: Thorough testing and validation are essential. Don't skip this step.
Poor record keeping: Maintain detailed logs of system operation. This is required for compliance and can help with incident investigation.

Getting Help

Compliance with the EU AI Act is complex and requires expertise in AI, law, and compliance. Consider:

Internal expertise: Build internal capabilities through training and hiring
External consultants: Work with experts who understand both AI and EU regulations
Legal counsel: Consult with lawyers specializing in AI regulation
Industry associations: Join industry groups for guidance and best practices
Documentation systems: Use proven frameworks like The Sesheta System™ to build compliance-ready documentation infrastructure

Next Steps

Assess your systems: Take our free EU AI Act assessment to determine which of your AI systems qualify as high-risk
Create a compliance plan: Develop a detailed roadmap for the next 7 months
Allocate resources: Ensure you have the necessary budget and personnel
Start immediately: Time is limited. Begin your compliance journey today.

If you need help building the documentation infrastructure for compliance, our operational documentation services can help you create the technical documentation, risk management systems, and quality assurance frameworks required by the EU AI Act.

Conclusion

The EU AI Act deadline of August 2, 2026, is approaching quickly. With proper planning and execution, compliance is achievable. Use this 7-month timeline as your guide, but remember: every organization is different. Adapt this timeline to your specific needs and circumstances.

The key is to start now, stay organized, and maintain momentum throughout the compliance process. With the right approach, you can meet the deadline and ensure your AI systems comply with EU regulations.

This guide provides a general framework for EU AI Act compliance. It is not legal advice. Consult with legal and compliance experts for guidance specific to your situation.

The EU AI Act deadline for high-risk AI systems is August 2, 2026. Here is your complete 7-month compliance timeline with actionable steps.

Introduction

With penalties reaching up to €35 million or 7% of global annual turnover, compliance is not optional. This guide provides a clear, actionable roadmap for the next 7 months.

Understanding High-Risk AI Systems

Before diving into the timeline, it's crucial to understand what constitutes a "high-risk" AI system under the EU AI Act:

AI systems used in products subject to EU conformity assessment (e.g., medical devices, machinery)
AI systems in specific use cases such as:
- Biometric identification and categorization
- Critical infrastructure management
- Educational and vocational training
- Employment and worker management
- Access to essential services
- Law enforcement
- Migration and border control
- Administration of justice

If your AI system falls into any of these categories, you need to act now.

Check Your EU AI Act Readiness

Take our free assessment to see where you stand with EU AI Act compliance.

Take EU AI Act Assessment

The 7-Month Compliance Timeline

Month 1 (January 2026): Assessment and Planning

Week 1-2: Gap Analysis

Conduct a comprehensive audit of your current AI systems
Identify which systems qualify as "high-risk"
Document existing compliance measures
Identify gaps in documentation, risk management, and quality assurance

Week 3-4: Compliance Team Formation

Assign a compliance officer or team
Establish clear responsibilities and reporting lines
Set up project management tools and timelines
Begin stakeholder education

Deliverables:

Gap analysis report
Compliance roadmap
Resource allocation plan

Month 2 (February 2026): Risk Management Framework

Week 1-2: Risk Management System

Develop a risk management system aligned with EU AI Act requirements
Create risk assessment templates
Establish risk monitoring and mitigation procedures
Document risk management processes

Week 3-4: Quality Management System

Set up a quality management system for AI development
Create quality assurance procedures
Establish testing and validation protocols
Document quality management processes

Deliverables:

Risk management system documentation
Quality management system documentation
Risk assessment reports for each high-risk system

Month 3 (March 2026): Technical Documentation

Week 1-2: Technical Documentation Structure

Create templates for technical documentation
Document system architecture and design
Document training data and data governance
Document model performance and limitations

Week 3-4: Completing Technical Documentation

Complete technical documentation for all high-risk systems
Include information on:
- System capabilities and limitations
- Training methodologies
- Data governance and quality
- Performance metrics and evaluation
- Post-market monitoring plans

Deliverables:

Complete technical documentation for each high-risk AI system
Documentation templates for future systems

Building comprehensive operational documentation is critical for EU AI Act compliance. Our documentation services help you create the technical documentation required by the Act.

Month 4 (April 2026): Data Governance and Quality

Week 1-2: Data Governance Framework

Establish data governance policies
Create data quality standards
Implement data collection and labeling procedures
Document data sources and lineage

Week 3-4: Training Data Documentation

Document all training datasets
Create data quality reports
Establish data retention policies
Implement bias detection and mitigation measures

Deliverables:

Data governance framework documentation
Training data documentation
Data quality reports

Month 5 (May 2026): Human Oversight and Transparency

Week 1-2: Human Oversight Framework

Design human oversight mechanisms
Create procedures for human intervention
Train staff on oversight responsibilities
Document oversight processes

Week 3-4: Transparency and User Information

Develop user-facing documentation
Create clear explanations of AI system capabilities
Design user interfaces that explain AI decisions
Prepare transparency reports

Deliverables:

Human oversight framework documentation
User information materials
Transparency reports

Month 6 (June 2026): Testing, Validation, and Registration

Week 1-2: Testing and Validation

Conduct comprehensive testing of all high-risk systems
Validate compliance with EU AI Act requirements
Perform bias and fairness assessments
Document test results and validation procedures

Week 3-4: EU Database Registration

Prepare registration information for EU database
Register all high-risk AI systems
Ensure all required information is complete and accurate
Verify registration status

Deliverables:

Test reports and validation documentation
EU database registration confirmations
Compliance verification reports

Month 7 (July 2026): Final Preparations and Monitoring

Week 1-2: Post-Market Monitoring

Establish post-market monitoring systems
Create incident reporting procedures
Set up feedback collection mechanisms
Train staff on monitoring responsibilities

Week 3-4: Final Review and Launch

Conduct final compliance review
Address any remaining gaps
Prepare for August 2, 2026 deadline
Launch compliance program

Deliverables:

Post-market monitoring system
Incident reporting procedures
Final compliance certification
Launch readiness confirmation

Key Compliance Requirements

1. Risk Management System

You must establish, document, implement, and maintain a risk management system throughout the entire lifecycle of your AI system. This includes:

Identification and analysis of known and foreseeable risks
Estimation and evaluation of risks
Risk evaluation and assessment
Risk control measures

2. Data Governance

High-risk AI systems must be developed using training, validation, and testing data that meets specific quality criteria:

Relevant, representative, and free of errors
Sufficient in quantity and quality
Appropriate for the intended purpose
Subject to data governance practices

Effective data governance requires robust documentation systems to track data sources, quality metrics, and lineage throughout your AI system's lifecycle.

3. Technical Documentation

You must create and maintain technical documentation that demonstrates compliance, including:

System description and architecture
Training methodologies and data
Performance metrics and evaluation
Risk management measures
Post-market monitoring plans

Need help with operational documentation? We specialize in creating compliance-ready documentation systems for AI companies.

4. Record Keeping

Maintain logs of your AI system's operation, including:

Input data
Output data
System performance
Incidents and anomalies

5. Transparency and User Information

Provide clear and adequate information to users, including:

System capabilities and limitations
Expected level of accuracy
Human oversight measures
Instructions for use

6. Human Oversight

Implement human oversight measures to:

Prevent or minimize risks
Detect and address anomalies
Intervene when necessary
Verify outputs

7. Accuracy, Robustness, and Cybersecurity

Ensure your AI system:

Achieves an appropriate level of accuracy
Is robust and resilient
Meets cybersecurity requirements
Performs consistently

Common Pitfalls to Avoid

Starting too late: Compliance requires significant time and resources. Don't wait until the last minute.
Incomplete documentation: Technical documentation must be comprehensive and up-to-date. Incomplete documentation can result in non-compliance.
Ignoring data governance: Data quality is fundamental to compliance. Poor data governance can lead to biased or inaccurate systems.
Lack of human oversight: Human oversight is mandatory, not optional. Ensure you have proper oversight mechanisms in place.
Insufficient testing: Thorough testing and validation are essential. Don't skip this step.
Poor record keeping: Maintain detailed logs of system operation. This is required for compliance and can help with incident investigation.

Getting Help

Compliance with the EU AI Act is complex and requires expertise in AI, law, and compliance. Consider:

Internal expertise: Build internal capabilities through training and hiring
External consultants: Work with experts who understand both AI and EU regulations
Legal counsel: Consult with lawyers specializing in AI regulation
Industry associations: Join industry groups for guidance and best practices
Documentation systems: Use proven frameworks like The Sesheta System™ to build compliance-ready documentation infrastructure

Next Steps

Assess your systems: Take our free EU AI Act assessment to determine which of your AI systems qualify as high-risk
Create a compliance plan: Develop a detailed roadmap for the next 7 months
Allocate resources: Ensure you have the necessary budget and personnel
Start immediately: Time is limited. Begin your compliance journey today.

Conclusion

This guide provides a general framework for EU AI Act compliance. It is not legal advice. Consult with legal and compliance experts for guidance specific to your situation.

The EU AI Act Deadline is 7 Months Away: Here Is What You Actually Need to Do

Introduction

Understanding High-Risk AI Systems

Check Your EU AI Act Readiness

The 7-Month Compliance Timeline

Month 1 (January 2026): Assessment and Planning

Month 2 (February 2026): Risk Management Framework

Month 3 (March 2026): Technical Documentation

Month 4 (April 2026): Data Governance and Quality

Month 5 (May 2026): Human Oversight and Transparency

Month 6 (June 2026): Testing, Validation, and Registration

Month 7 (July 2026): Final Preparations and Monitoring

Key Compliance Requirements

1. Risk Management System

2. Data Governance

3. Technical Documentation

4. Record Keeping

5. Transparency and User Information

6. Human Oversight

7. Accuracy, Robustness, and Cybersecurity

Common Pitfalls to Avoid

Getting Help

Next Steps

Conclusion

About the Author

Check Your EU AI Act Compliance

Get operational insights weekly

The EU AI Act Deadline is 7 Months Away: Here Is What You Actually Need to Do

Introduction

Understanding High-Risk AI Systems

Check Your EU AI Act Readiness

The 7-Month Compliance Timeline

Month 1 (January 2026): Assessment and Planning

Month 2 (February 2026): Risk Management Framework

Month 3 (March 2026): Technical Documentation

Month 4 (April 2026): Data Governance and Quality

Month 5 (May 2026): Human Oversight and Transparency

Month 6 (June 2026): Testing, Validation, and Registration

Month 7 (July 2026): Final Preparations and Monitoring

Key Compliance Requirements

1. Risk Management System

2. Data Governance

3. Technical Documentation

4. Record Keeping

5. Transparency and User Information

6. Human Oversight

7. Accuracy, Robustness, and Cybersecurity

Common Pitfalls to Avoid

Getting Help

Next Steps

Conclusion

About the Author

Check Your EU AI Act Compliance