EU AI Act: 80 Days to Full Enforcement — Are You Ready?

August 2, 2026 marks the date full enforcement of EU AI Act obligations for high-risk AI systems begins. As of this writing, that is 80 days away. For compliance teams that have been tracking the regulation since its April 2021 proposal, this is the moment the theoretical becomes operational — and the EU AI Office has made clear it intends to enforce from day one.

What's Changed in Recent EU AI Office Guidance

The EU AI Office published a significant Q&A document in Q1 2026 addressing two areas that had been generating the most compliance uncertainty: prohibited practices and substantial modification triggers.

Prohibited Practices Clarification

The Q&A confirmed that the prohibited practices provisions (Article 5), which took effect February 2, 2025, apply based on the effect of a system, not its design intent. This matters for enterprise AI deployments that use scoring or ranking systems in HR, credit, or customer segmentation contexts — if the practical effect is subliminal manipulation or social scoring, the label attached to the system is irrelevant. Companies that assessed their systems against the literal text of Article 5 without examining downstream effects should revisit those assessments.

Substantial Modification and Re-Compliance

The Q&A also addressed when a post-market modification constitutes a 'substantial modification' that triggers full re-compliance obligations. The EU AI Office confirmed that changes to training data distributions, updates that alter the system's output range, and modifications to the intended purpose — even if not formally documented as such — can all constitute substantial modifications. Critically, the trigger is functional change, not version numbering. Organizations running continuous model improvement pipelines need governance processes that capture these changes and evaluate each one against the modification threshold.

Three Gaps Most Enterprises Are Still Closing

Article 11: Technical Documentation

Article 11 and Annex IV require high-risk AI systems to maintain technical documentation covering system architecture, training data, validation methodologies, performance metrics, and intended purpose. In practice, most enterprise AI teams have this information scattered across experiment tracking systems, Confluence pages, and individual engineer knowledge. Assembling it into a structured, auditable document set — and keeping it current as the model evolves — remains the most common gap we see. The EU AI Office has published Annex IV templates; use them.

Article 14: Human Oversight Mechanisms

Article 14 requires that high-risk AI systems be designed to enable human oversight — including the ability to understand the system's outputs, recognize anomalies, and intervene or override. The compliance gap here is usually not the override capability itself (most systems have one) but the documented evidence that operators have been trained, that override logs are maintained, and that the oversight mechanism actually works in practice. Regulators will look for evidence of functioning oversight, not just a button that exists.

Article 72: Post-Market Monitoring

Article 72 requires providers of high-risk AI systems to establish a post-market monitoring plan. This is the article most teams have done the least work on. A monitoring plan must include: what metrics are tracked (accuracy, fairness, drift), at what frequency, what thresholds trigger escalation, and what the escalation process looks like. Organizations that have general observability pipelines need to translate those into documented monitoring plans that satisfy Article 72's specificity requirements.

What to Do in the Next 80 Days

• Complete your AI system inventory: every system, every deployment context, every use case. This is the foundation — you cannot classify what you have not catalogued.
• Classify against Annex III: use the EU AI Office's published classification guidance, not internal summaries. The Q&A clarifications on standalone AI systems vs. safety components matter for edge cases.
• Close Article 11 gaps first: technical documentation is the longest lead-time item and the most likely early enforcement focus. Assign a documentation owner for each high-risk system.
• Establish your Article 72 monitoring plan: even a basic, well-documented plan with clear metrics and escalation paths is significantly better than none.
• Stand up your AI governance structure: identify your AIMC (AI Management Committee or equivalent), confirm your conformity assessment approach, and document the governance decision trail.