Check my compliance →
AIActComply / Blog / EU AI Act August 2026 Deadline: What You Need to Have Ready

EU AI Act August 2026 Deadline: What You Need to Have Ready

2 August 2026 is the main compliance deadline for most EU AI Act deployer obligations. This article explains what needs to be in place, what was already due in 2025, and what comes after.

Published 15 January 2026

The EU AI Act does not have a single compliance date. Obligations came into force in stages across 2025, 2026, and 2027. For most companies deploying AI tools, 2 August 2026 is the deadline that matters most. Here is what that means in practice.

The full timeline

DateWhat happened
1 August 2024Act entered into force
2 February 2025Article 4 (AI literacy) became enforceable
2 August 2025Prohibited AI systems banned (Article 5)
2 August 2026General-purpose AI model obligations; most Annex III high-risk deployer requirements
2 August 2027High-risk AI systems covered by Annex I (regulated products)

What was already due: February 2025

Article 4 required companies to have an AI literacy policy in place from 2 February 2025. That deadline has passed.

An AI literacy policy documents how your organisation ensures staff who work with AI systems have sufficient understanding of those systems. It covers which roles are in scope, what training or awareness measures apply to each role, who is responsible for maintaining the programme, and when it gets reviewed.

If your company does not have this document, it is already out of compliance. The good news is it is one of the faster documents to produce.

What was already due: August 2025

From 2 August 2025, the Act’s prohibited AI practices became illegal across the EU. These include:

If your company uses any of these, the obligation is not to document a policy. It is to stop.

What August 2026 requires

This is the deadline that affects the most companies. From 2 August 2026:

For all deployers

Risk classification memo. Every company using AI systems should have a documented assessment of where each system sits in the Act’s risk hierarchy. This does not need to be a complex document, but it needs to exist, cover your actual AI systems, and record the reasoning behind each classification.

General-purpose AI (GPAI) model obligations become active. If your products or services incorporate a GPAI model (such as GPT-4 or similar foundation models), additional transparency requirements apply regarding how those models are used.

For high-risk AI deployers

If any of your AI systems fall under Annex III (employment tools, credit scoring, biometrics, education systems, and others), you also need:

Usage policy. A document defining permitted uses of the high-risk system, who can use it and under what conditions, the human oversight mechanism, and the procedure for reporting incidents or malfunctions.

Logging. Evidence that the system’s operation is logged and those logs are retained. Most commercial AI tools generate logs automatically; the obligation is to know where they are and how long they are kept.

Human oversight. A named person or function responsible for monitoring the system’s performance and reviewing outputs before they affect individuals.

Notification obligations. Affected persons must be informed that AI was used in a decision that affects them, and must have a way to challenge that decision.

What August 2027 requires

From 2 August 2027, high-risk AI systems listed in Annex I, covering safety components of regulated products (medical devices, machinery, vehicles, aviation systems), must also comply with the full high-risk framework.

Most software companies are not affected by the Annex I deadline unless they supply components to regulated hardware product manufacturers.

How to prepare for August 2026

Step 1: inventory. List every AI tool your company uses. Include tools that have AI features embedded in them, not just dedicated AI products. ATS platforms, analytics tools, productivity software with AI assistants — all of it.

Step 2: classify. For each tool, assess whether it falls into the high-risk categories under Annex III. The Annex III classification guide covers the eight categories in detail. If in doubt, classify as high-risk and document why.

Step 3: document. Produce the required documents for each classification outcome. At minimum, every company needs an AI literacy policy (already overdue) and a risk classification memo (due August 2026). High-risk deployers also need a usage policy and transparency notice.

Step 4: review contracts. If you use AI tools from vendors, check whether those vendors have provided a CE mark and EU declaration of conformity for any high-risk systems. Your usage policy should reference the provider’s documentation.

Get your August 2026 documents ready now

Generate your Risk Classification Memo, Usage Policy, and AI Literacy Policy in 30 minutes. Prefilled with your company details, ready to adopt.

Start my compliance →

A word on enforcement timing

EU member states are still building out their national AI authorities. Enforcement capacity in 2026 will vary significantly by country. Germany, France, and the Netherlands are moving faster than most.

That said, the August 2026 deadline is written into the Regulation. Documents dated after the deadline are evidence of non-compliance, not compliance. Starting now, rather than in July 2026, also gives time for internal review, legal sign-off, and board approval, which most compliance documents require before they are formally adopted.

Ready to get compliant?
Get all your EU AI Act documents in 30 minutes
Answer 20 questions. AIActComply generates your AI Literacy Policy, Risk Classification Memo, Usage Policy, and Transparency Notice — prefilled, in 11 EU languages. €99 one-time.
Start now →