EU AI Act, the operator’s guide to compliance in 2026

Key takeaways

• Regulation (EU) 2024/1689, the EU AI Act, entered into force on 1 August 2024 and becomes fully applicable on 2 August 2026, with prohibited practices already live since 2 February 2025 and general-purpose AI rules since 2 August 2025 (European Commission).
• The Act runs four independent checks on every AI use, prohibited practices under Article 5, high-risk systems under Article 6 plus Annex III, transparency duties under Article 50, and general-purpose AI obligations under Chapter V. A single system can trigger several at once.
• High-risk providers must build a risk management system, train on governed data, document and log, ensure human oversight, perform a conformity assessment, and run post-market monitoring under a quality management system anchored in Article 17.
• General-purpose AI model providers face baseline duties from 2 August 2025; systemic-risk models, defined by the 10\^25 FLOPs threshold or Annex XIII criteria, carry heavier evaluation, mitigation and incident reporting duties (Article 51).
• Fines reach the higher of €35M or 7 percent of global turnover for prohibited practices; smaller operators can use the SME proportionality cap and the GPAI Code of Practice as a documented compliance route.

What the EU AI Act actually is

The EU AI Act, formally Regulation (EU) 2024/1689, is the world’s first horizontal law on artificial intelligence. It applies to every AI system placed on the EU market or whose output is used in the Union, whatever the provider’s location. A US start-up, a UK platform, a Japanese manufacturer, all fall in scope once an EU user can be affected by the system’s output.

The Act entered into force on 1 August 2024. Its rules switch on in waves: prohibited practices on 2 February 2025, general-purpose AI obligations on 2 August 2025, the bulk of the regime including all Annex III high-risk requirements on 2 August 2026, and the remaining high-risk integration into Annex I product safety law on 2 August 2027 (AI Act Service Desk).

The Commission published two binding interpretation documents in February 2025. The first defines what counts as an AI system under Article 3(1), based on seven characteristics: machine-based operation, autonomy, adaptiveness, an objective, inference, output generation, and influence on the environment (Commission Guidelines on the AI System Definition). The second interprets the eight prohibited practices in Article 5 (Commission Guidelines on Prohibited AI Practices). Both are foundational, because every other obligation hangs on whether your system actually meets the Act’s definition of AI, and whether it falls in the unacceptable zone.

On 7 May 2026 the Council and the European Parliament reached a political agreement to simplify and streamline parts of the regime, especially around reporting workload for SMEs (Council press release). The core obligations described in this guide are not affected; only the implementation paperwork is being lightened.

The four risk tiers, decoded

The Act does not sort AI systems into four tidy boxes. It runs four parallel tests, and the same system can fail more than one. Treat each as an independent gate.

Unacceptable risk, Article 5

Article 5 bans eight families of AI practices outright, with narrow exceptions. The ban covers subliminal manipulation causing significant harm, exploitation of vulnerabilities tied to age or disability, social scoring by public authorities, predictive policing purely from profiling, untargeted facial-image scraping to build recognition databases, emotion recognition in workplaces and schools, biometric categorisation inferring sensitive attributes such as race or political opinion, and real-time remote biometric identification in public spaces (Article 5). These prohibitions apply from 2 February 2025.

High risk, Article 6 plus Annex I and Annex III

A system is high-risk if it is a safety component of, or itself is, a product regulated under Annex I sector law (medical devices, machinery, toys, lifts, automotive, aviation, and so on). It is also high-risk if it falls under one of the eight Annex III standalone domains: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services, law enforcement, migration and border control, and administration of justice or democratic processes (Article 6, Annex III).

Transparency risk, Article 50

Low-stakes AI that interacts with people, or generates synthetic content, must declare itself. Chatbots must tell users they are talking to a machine. AI-generated images, audio and video, including deepfakes, must carry machine-readable provenance marks, and providers must enable detection.

Minimal risk

Everything else, which is still the vast majority of AI applications today, falls under no regulatory obligation. The Act explicitly says spam filters and AI in video games sit here. The Commission encourages voluntary codes for this tier, but there is no compliance burden.

A quick five-question decision tree helps: does the use case appear in Article 5? does the system fall under Annex I product safety or Annex III? is it a general-purpose model on its own? does it generate or simulate human-like content? does it touch a person who deserves to know? Each yes triggers a parallel track.

Who has obligations: provider, deployer, importer, distributor

The Act distinguishes four operator roles, and the obligation load is very different for each.

A provider develops the AI system or has it developed and places it on the EU market under its own name. Providers carry the heaviest load: technical documentation, conformity assessment, CE marking, EU declaration of conformity, post-market monitoring, registration in the EU database for high-risk systems, and incident reporting. This is where most of the high-risk machinery lives.

A deployer uses the system in the course of a professional activity. Deployer obligations are lighter but real: ensure human oversight is actually exercised, follow the provider’s instructions for use, monitor operation, keep logs when required, perform a fundamental rights impact assessment for certain Annex III systems, and inform affected workers when the system is used in their workplace.

An importer places a third-country provider’s system on the EU market. The importer must verify the provider has done its conformity work, that the documentation is in order, and that contacts are reachable.

A distributor makes the system available in the supply chain without modifying it. The distributor checks that CE marking and required documents accompany the system, and notifies the chain if it has reasons to believe the system is non-conformant.

Proportionality is built in. SMEs and start-ups get priority sandbox access, lower fees for conformity assessment bodies, and the lower of the two fine amounts in Article 99. None of that removes the obligations themselves; it eases the cost of compliance.

If you procure AI rather than build it, you are almost certainly a deployer, and your contracts should pull the provider’s evidence in writing. AI Sigil’s AI governance platform is built around exactly this evidence flow, so deployers can show their part without rebuilding the provider’s stack.

Obligations for high-risk AI systems

High-risk providers face the densest part of the regulation. The obligations follow a clean structure that maps directly onto operational governance controls.

Risk management system, Article 9. A continuous, iterative process running through the entire lifecycle. Operationally: a documented risk register, periodic reviews tied to releases, and evidence that residual risks were communicated to deployers.

Data and data governance, Article 10. Training, validation and test datasets must be relevant, representative, free of errors and complete to the extent feasible, with documented preparation steps. Operationally: dataset cards, sourcing logs, bias diagnostics, and retention policies.

Technical documentation, Article 11 and Annex IV. A full design dossier covering general description, intended purpose, architectural choices, validation and testing, post-market monitoring plan. The dossier must be kept current.

Record-keeping, Article 12. Automatic logging of operation throughout the lifetime of the system, enabling traceability of outputs.

Transparency and provision of information to deployers, Article 13. Clear instructions for use, including characteristics, capabilities, limitations, and the level of accuracy on which deployers can rely.

Human oversight, Article 14. Built into the design, with measures proportionate to the risk, so that natural persons can intervene, interpret outputs, override decisions or stop the system.

Accuracy, robustness and cybersecurity, Article 15. Performance targets defined and disclosed, resilience to errors and inconsistencies, cybersecurity measures appropriate to the threat surface, particularly against data poisoning, adversarial examples and model inversion.

Quality management system, Article 17. The mechanism that holds the rest together. A documented set of policies, procedures, responsibilities, and audit records. This is where ISO/IEC 42001 alignment pays off most directly.

Conformity assessment, Article 43. Internal control for most Annex III systems; third-party assessment by a notified body for biometric identification and certain product-safety cases. The output is a CE marking and an EU declaration of conformity, plus registration in the EU database.

Post-market monitoring and incident reporting. Operating data flows back to the provider, and serious incidents are reported to national authorities within tight deadlines.

Each of these is, in practice, a control family: an owner, a policy, an evidence artefact, and a refresh cadence. That is the level at which a governance platform earns its keep.

GPAI and systemic-risk obligations

General-purpose AI models, the foundation models that sit upstream of many downstream applications, have their own chapter in the Act.

Baseline obligations under Article 53, applicable to every GPAI model placed on the EU market from 2 August 2025, cover technical documentation for the AI Office and downstream providers, a copyright policy compliant with EU law, and a sufficiently detailed summary of the content used for training. Open-source models get a partial carve-out, with copyright and training-data summary duties still applying.

Systemic-risk classification under Article 51. A model is presumed to have high-impact capabilities, and therefore systemic risk, once cumulative training compute exceeds 10\^25 floating-point operations. The Commission can also designate a model as systemic-risk based on the Annex XIII criteria, which include user count, parameter count, capability benchmarks, and dependency by other systems (Article 51).

Additional duties under Article 55 apply to systemic-risk models: standardised model evaluation including adversarial testing, assessment and mitigation of Union-level systemic risks, serious-incident reporting to the AI Office, and adequate cybersecurity protection for both the model and its physical infrastructure (Article 55).

The Commission published the GPAI Code of Practice on 10 July 2025 (Code of Practice page). Signing is voluntary, but signatories use it as an adequate way to demonstrate compliance with Articles 53 and 55, which lightens the documentation lift for the AI Office. Several frontier-model providers are now signatories.

Governance and enforcement: AI Office, national authorities, fines

The EU AI Act is enforced by a two-layer system. The European AI Office, inside the Commission, holds direct enforcement powers over Chapter V (the GPAI rules). Each Member State designates one or more national market surveillance authorities for everything else. Some Member States have set up dedicated AI regulators; others have given the brief to existing data-protection or sector regulators (market surveillance authorities under the AI Act).

From 2 August 2026 these authorities can audit providers’ documentation, access training and validation datasets, and, in defined cases, even request access to source code. They can require corrective measures, restrict or withdraw a system from the market, and issue fines.

Fines come in three tiers under Article 99 (Article 99):

• Prohibited practices: up to €35M or 7 percent of worldwide annual turnover, whichever is higher.
• Non-compliance with high-risk requirements or transparency duties: up to €15M or 3 percent.
• Supplying incorrect, incomplete or misleading information to authorities: up to €7.5M or 1 percent.

SMEs and start-ups face the lower of the two amounts in each tier. The Act also requires Member States to have a national regulatory sandbox in place by 2 August 2026, so smaller providers can test high-risk systems under supervision before the full compliance burden hits.

Crosswalk to ISO/IEC 42001 and NIST AI RMF

Nobody is building AI governance against the Act alone. Most teams combine three reference points: ISO/IEC 42001 for the management system, NIST AI RMF for risk operations, and the EU AI Act for the legal floor.

The relationship is layered. NIST AI RMF is a voluntary, US-origin framework that gives you the operational methodology, the Govern-Map-Measure-Manage functions, and a vocabulary for risk treatment. ISO/IEC 42001, published in 2023, is the first international management-system standard for AI; certifying against it is the cleanest way to demonstrate organisational maturity. The EU AI Act turns these voluntary practices into a legal duty for high-risk and GPAI systems.

A workable mapping at the obligation level:

• AI Act Article 9 risk management ↔ NIST AI RMF Map and Measure ↔ ISO/IEC 42001 clauses 6.1 and 8.
• Article 10 data governance ↔ NIST AI RMF Map 4 ↔ ISO/IEC 42001 Annex B controls on data.
• Article 11 technical documentation ↔ NIST AI RMF Manage 4 ↔ ISO/IEC 42001 clause 7.5.
• Article 14 human oversight ↔ NIST AI RMF Govern 1 ↔ ISO/IEC 42001 control on oversight roles.
• Article 17 quality management ↔ the entire ISO/IEC 42001 management-system shell.

The European standardisation body CEN-CENELEC is preparing a harmonised standard, prEN 18286, that will formally bridge ISO/IEC 42001 to AI Act conformity assessment. Publication is expected in 2026. Until then, ISO/IEC 42001 already maps cleanly enough to use as the operational backbone.

Application timeline, quarter by quarter

Most compliance leads need a project plan, not a paragraph. Here is the timeline in operational form.

• Q1 2025 (live). Prohibited practices (Article 5) and AI literacy duties (Article 4) apply. Sweep your inventory for any system touching the eight prohibitions and shut it down or radically redesign it.
• Q3 2025 (live). GPAI obligations under Article 53 apply for new models. Governance structures (AI Office, national authorities) operational. If you sit upstream as a model provider, your documentation package and copyright policy should already exist.
• Q3 2026 (8 weeks out). The bulk of the regime applies. Every Annex III high-risk system on the market needs a full conformity assessment file, CE marking, EU database registration, and an active post-market monitoring loop. Member States must have a national regulatory sandbox available.
• Q3 2027. High-risk obligations extend to AI integrated into Annex I product-safety law (medical devices, machinery, toys, automotive). Sector-specific notified bodies start signing off AI components.

The 7 May 2026 Council and Parliament agreement does not move these dates. It simplifies the paperwork around the SME track and the documentation expectations for several Annex III categories.

How to start compliance in the next 90 days

If you are starting from scratch in mid-2026, focus on four steps before chasing perfection.

1. Build an AI inventory. List every AI system in production, in pilot, and on the procurement pipeline. Tag each with its role (built in-house, procured, embedded in a SaaS), its function, and the personal data it touches.
2. Classify each system against the four parallel tests. Article 5, Article 6 plus Annex III, Article 50, Chapter V. A spreadsheet is enough at this stage.
3. Gap-analyse the high-risk and GPAI candidates against Articles 9 to 17 (and 53 to 55 if you ship a model). Mark each obligation as present, partial, or missing, and assign an owner.
4. Stand up an evidence backbone, ideally on top of an ISO/IEC 42001 management system. Every obligation needs a policy, a role, an artefact, and a refresh cadence. That backbone, not the legal analysis, is what gets audited in 2026.

If ISO/IEC 42001 is already in place, you are about 60 percent of the way there. Add the AI Act-specific artefacts (conformity assessment file, EU database registration, post-market monitoring plan, incident reporting workflow) and you close the gap.

FAQ

When does the EU AI Act apply? The regulation entered into force on 1 August 2024 and is fully applicable on 2 August 2026. Prohibited practices have been live since 2 February 2025; general-purpose AI rules since 2 August 2025. Annex I integrated high-risk obligations apply from 2 August 2027. The Commission’s enforcement powers switch on with the bulk of the regime in August 2026.

Does the EU AI Act apply outside the EU? Yes. The Act applies extraterritorially to any provider that places an AI system on the EU market, and to any deployer or provider whose AI output is used in the Union, regardless of where the company is established. A US developer with one EU user is in scope, exactly as GDPR works for personal data.

What is a high-risk AI system? A system is high-risk in two cases. First, when it is a safety component of, or itself constitutes, a product covered by EU sector law listed in Annex I (medical devices, machinery, automotive and others). Second, when it falls under one of the eight Annex III standalone domains, including biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice. High-risk systems carry the heaviest obligation load in the Act.

What changes for general-purpose AI models? Every GPAI model placed on the EU market from 2 August 2025 must publish technical documentation, a copyright-compliance policy, and a sufficiently detailed summary of training content. Models classified as systemic-risk under Article 51, which currently captures models trained with more than 10\^25 FLOPs of compute, face additional duties including adversarial evaluation, serious-incident reporting to the AI Office, and Union-level risk mitigation. Signing the GPAI Code of Practice is an adequate way to evidence compliance.

What are the fines under the EU AI Act? Article 99 sets three tiers. Prohibited practices can lead to fines of up to €35M or 7 percent of worldwide turnover, whichever is higher. High-risk and transparency violations are capped at €15M or 3 percent. Providing misleading information to authorities is capped at €7.5M or 1 percent. SMEs face the lower of the two amounts in each tier. National authorities can also order corrective measures or market withdrawal in parallel with fines.

How does the EU AI Act relate to ISO 42001 and NIST AI RMF? The three are complementary, not redundant. NIST AI RMF is a voluntary risk operations framework. ISO/IEC 42001 is the management-system standard, the cleanest way to industrialise AI governance. The EU AI Act is the legal floor. A team running an ISO/IEC 42001-aligned management system and using NIST AI RMF for risk methodology will satisfy the bulk of the Act’s documentation and process expectations, and only needs the AI Act-specific artefacts (conformity assessment file, EU database entry, incident reporting workflow) to close the loop.

Conclusion

The EU AI Act forces a question every operator should be asking already: which AI use are you ready to defend in writing? The regulation does not invent governance, it makes it audit-ready. Teams that pair an ISO/IEC 42001 management system with clean evidence flows will absorb the 2026 deadline as a checklist exercise. Teams that wait until enforcement is at the door will discover that conformity assessment, EU database registration and post-market monitoring are not retrofittable in a hurry. Start the inventory, classify your systems against the four parallel tests, and pick the framework that turns each obligation into a control. The Act gives you the standards; the work is to make them yours.