← All briefings
Briefing 02 · EU AI Act

The EU AI Act’s August 2 date is real — but not the part you were told.

EU AI Act exposure · ~5 min read

For a year, “August 2, 2026” was shorthand for “high-risk AI obligations arrive.” That is no longer accurate. The date stands; the high-risk wall moved.

What changed in 2026

In May 2026, EU negotiators reached a provisional agreement on the Digital Omnibus on AI — a package that grants timeline relief on the most burdensome obligations. The headline shift: stand-alone high-risk systems under Annex III (recruitment, credit scoring, education, law enforcement, border control) now have until December 2, 2027 to comply, and AI embedded in regulated products under Annex I (medical devices, machinery, vehicles) until August 2, 2028. These changes take legal effect only on formal adoption, expected before August 2026.

What still applies on August 2, 2026

This is the part many companies miss. August 2, 2026 remains an active compliance date for several things that may well touch you:

  • Article 50 transparency obligations. If you operate a chatbot, generate synthetic media, or use emotion-recognition or deepfake-capable tools, you owe users clear disclosure. This is the obligation most U.S. companies actually trip on.
  • Governance, penalties, and notified-body machinery. The enforcement architecture switches on.
  • General-purpose AI model obligations continue to phase in for providers of foundation models.

Does the EU AI Act even reach a US company?

Often, yes — the Act is extraterritorial. If your AI system’s output is used in the EU, or you place an AI product on the EU market, you can be in scope regardless of where you are headquartered. The honest answer for most mid-sized U.S. firms is “partially”: a customer-facing chatbot or a hiring tool used on EU candidates can pull you into specific obligations without making your whole company a high-risk operator.

Your honest exposure check

Ask three questions: (1) Does any AI output of ours reach people in the EU? (2) Do we run chatbots, generated media, or emotion/deepfake tools that trigger Article 50? (3) Do we deploy AI in an Annex III use (hiring, credit, education)? Answer “yes” to any and you have a concrete, scoped obligation — not a vague worry. Answer “no” to all and you can document that and move on.

The deferral is good news only for the prepared. The companies that benefit are the ones who used the extra sixteen months to build a real management system — not the ones who heard “delayed” and closed the file.

This briefing is general information from Sentinel Assurance Group, not legal advice. Regulatory dates and requirements change — we maintain these briefings, but verify against primary sources and counsel before acting. Last reviewed June 5, 2026.

See our ISO/IEC 42001 readiness path →

Not sure which of these reach you?
Find out in 30 minutes.

The free AI Risk Exposure call maps your AI footprint to the obligations that actually apply — and the ones that don’t.

Book the call →