EU AI Act – Understanding Europe’s AI Regulation

We are currently in the roll-out phase regarding EU AI Act implementation. This article explains where we stand as of February 2026, what rules are already in force, and how to prepare for the major high-risk compliance deadline.

#AI#Regulation#Compliance

Introduction

The AI Act (Regulation (EU) 2024/1689) is no longer just a proposal. It is the law of the land. Having entered into force on 2 August 2024, we are now 18 months into the implementation phase.

As of today (February 7, 2026), the first two waves of regulation have already hit: prohibited practices are banned, and rules for General-Purpose AI (GPAI) are active. The next hurdle? The comprehensive regime for High-Risk AI systems, which takes effect in less than six months.

Risks & Current Status

The Act applies rules based on risk levels. Here is the status of each category as of early 2026:

  • Unacceptable Risk: [Status: BANNED]
    Practices deemed a clear threat to fundamental rights have been prohibited since 2 February 2025.

    • Includes: Social scoring, biometric categorization by sensitive traits (race, religion), and untargeted scraping for facial recognition databases.
    • Law Enforcement: Real-time remote biometric identification in public spaces is banned (with narrow exceptions for terrorism/missing persons).

  • High Risk: [Status: UPCOMING - AUG 2026]
    AI systems with significant impact on health, safety, or fundamental rights.

    • Examples: AI used in recruitment, credit scoring, migration control, or critical infrastructure.
    • The “Standards” Bottleneck: While compliance is mandatory starting 2 August 2026, the industry is currently waiting for the final Harmonized Standards. If these are not finalized by CEN/CENELEC soon, the Commission may issue “Common Specifications” to fill the gap.

  • Limited Risk: [Status: UPCOMING - AUG 2026]
    Systems requiring transparency so users know they are interacting with AI.

    • Examples: Chatbots, emotion recognition systems, and deepfakes.
    • Requirement: Providers must ensure content is labeled and users are notified.

  • Minimal Risk: [Status: ACTIVE]
    The vast majority of AI systems (spam filters, video games) remain unregulated, though voluntary codes of conduct are encouraged.

Actors

Accountability is shared across the supply chain. Note that General-Purpose AI (GPAI) providers (like OpenAI, Google, and Anthropic) have been subject to their specific obligations since August 2025.

  • Provider: Develops and markets the AI.
  • Deployer: Uses the AI in a professional context (e.g., a bank using AI for loans).
  • Importer/Distributor: Ensures the system is compliant before it enters the EU market.

Key Concepts for High-Risk Systems

If you are preparing for the August 2026 deadline, ensure your system meets these distinct requirements:

  • Transparency: The user knows they are interacting with a machine.
  • Explainability: The system can provide technical details on how it reaches a conclusion.
  • Interpretability: The output is presented in a way that a human can understand why a specific decision was made (crucial for challenging unfair decisions).

How to Apply (The “Now” Checklist)

Steps to take immediately:

  1. Classify Risk: Note: The Commission technically missed its Feb 2, 2026 deadline to finalize the specific guidance on risk classification. For now, rely on the draft guidance and the text of Annex III.
  2. Gap Analysis: Compare your documentation against the draft Harmonized Standards.
  3. Data Governance: Ensure training, validation, and testing data sets meet quality criteria (free of errors and bias).
  4. Human Oversight: Design the UI so a human can effectively override or stop the AI (“stop button”).

Rollout Timeline: Where Are We?

DateEventStatus (Feb 2026)
02 Aug 2024AI Act entered into force.Completed
02 Feb 2025Prohibitions & AI Literacy rules applied.In Force (1 year)
02 Aug 2025GPAI (GenAI) rules applied.In Force (6 months)
02 Aug 2026High-Risk AI & Transparency rules apply.Upcoming (<6 months)
02 Aug 2027High-Risk AI embedded in products (e.g., cars, medical devices).📅 Future

Next Steps

For the absolute latest on the Harmonized Standards delay and the Common Specifications, keep a close watch on the EU AI Office announcements.

If you are a provider of a High-Risk system, do not wait for the final standards to be published. Start your conformity assessment based on the current drafts to ensure you are ready for the August 2 deadline.

I will try and keep this article updated.

Source: Regulation (EU) 2024/1689 on EUR-Lex