20 posts on compliance & regulation.
EU AI Act compliance breaks into six operational workstreams: scope classification, technical documentation, conformity assessment, runtime evidence, deployer monitoring, and incident reporting. The mandate takes effect August 2, 2026. Most organizations are running three of the six and missing the rest.
Article 6 of the EU AI Act establishes a two-branch test for classifying an AI system as high-risk. Branch one covers safety components of regulated products. Branch two covers the Annex III use cases. The classification triggers the full operational regime from August 2, 2026.
Annex III of the EU AI Act lists the eight categories of AI systems classified as high-risk. Inclusion in Annex III triggers the full obligations of Articles 8 to 27 from August 2, 2026. Most enterprise teams are inside the scope without realizing it.
Article 99 of the EU AI Act sets three penalty tiers reaching 35M EUR or 7% of global turnover for prohibited practices, 15M EUR or 3% for high-risk non-compliance, and 7.5M EUR or 1% for supplying misleading information. The mandate takes effect August 2, 2026.
Article 26 of the EU AI Act puts operational obligations on the deployer of a high-risk AI system. The deployer must monitor operation, suspend use under specific risk conditions, keep automatically generated logs, and inform the provider and authorities. The mandate takes effect August 2, 2026.
Article 19 of the EU AI Act sets the operational floor for log retention from high-risk AI systems at six months and specifies what the automatically generated logs must contain. The mandate takes effect August 2, 2026. Application logs fail the structural test.
Article 13 of the EU AI Act requires providers of high-risk AI systems to design them so deployers can interpret outputs, understand limitations, and exercise human oversight. The mandate takes effect August 2, 2026. Generic model cards fail the test.
Article 12 of the EU AI Act mandates that high-risk AI systems automatically record events over the system lifetime. The logs must reconstruct what happened, who initiated it, and what data was involved. Penalties reach 15M EUR. Most AI deployments produce zero compliant records today.