EU AI Act — High-Risk Deadline

August 2, 2026

High-risk AI systems must be fully compliant

--- Days

-- Hours

-- Minutes

Fines up to EUR 35 million or 7% of global turnover. Over half of organizations using AI lack a basic inventory of their AI systems. Only 8 of 27 EU member states are ready.

Scan your codebase View on GitHub

121

Days remaining

8/27

EU states ready

50%+

Orgs lack AI inventory

35M

Max fine (EUR)

Risk classification

Four levels. Know which applies to you.

The EU AI Act classifies AI systems by risk. Your obligations depend on where your system falls.

Unacceptable

Prohibited

Social scoring, manipulative AI targeting vulnerable groups, real-time mass biometric surveillance. These are banned outright.

High risk

Full compliance required

Biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice. Conformity assessment mandatory.

Limited risk

Transparency obligations

Chatbots, content generation, deepfakes. Users must be informed they're interacting with AI. Synthetic content must be labeled.

Minimal risk

No specific obligations

Spam filters, basic recommendation systems. No mandatory requirements, but voluntary best practices encouraged.

Requirements for high-risk systems

What must be done by August 2, 2026

01 AI system inventory. Maintain a register of all AI systems: risk classification, purpose, responsible parties. (Article 49)

02 Technical documentation. System description, design specs, data governance, testing procedures. Retained 10 years. (Article 11, Annex IV)

03 Risk management system. Identify risks, estimate severity, implement mitigation, test effectiveness. Continuous process. (Article 9)

04 Data governance. Training data quality, relevance, representativeness. Address biases. Ensure data minimization. (Article 10)

05 Human oversight. Design for effective human oversight. Document how humans interpret outputs, override decisions, intervene. (Article 14)

06 Accuracy and robustness testing. Test for accuracy, error resilience, adversarial attacks. Document results. (Article 15)

07 Conformity assessment. Self-assessment or notified body review. EU declaration of conformity required. (Article 43)

08 Post-market monitoring. Monitor performance after deployment. Report serious incidents to authorities. (Article 72)

Start with an AI inventory

Gridwork AI Act Scanner detects 30+ AI systems in your codebase, classifies risk per Annex III, and generates compliance inventory documents. One command.

npx gridwork-aiact click to copy

View source on GitHub