EU AI Act Enforcement August 2026: Enterprise Compliance Checklist

The August 2, 2026 Deadline Is Real

The EU AI Act high-risk system requirements take effect August 2, 2026. Unlike GDPR (which gave organizations two years to prepare), AI Act enforcement on high-risk systems is happening NOW with active fines starting at €35M or 7 percent of global annual turnover (whichever is higher). Every enterprise serving EU residents — whether headquartered in EU or not — must comply.

What Counts as High-Risk Under EU AI Act?

Article 6 + Annex III define high-risk AI systems. The categories most enterprises will encounter:

• AI in employment — hiring, promotion, termination decisions (HR Copilots, AI screening tools)
• AI in education — admissions, scoring, performance evaluation
• AI in essential services — credit scoring, insurance pricing, government benefit allocation
• AI in law enforcement and justice — predictive policing, sentencing recommendations
• AI in critical infrastructure — energy grid, water systems, road safety

Microsoft 365 Copilot used for general productivity is NOT high-risk. Custom Copilot Studio agents used for hiring decisions ARE high-risk and subject to full Article 8-15 obligations.

The 12-Week Compliance Checklist

Weeks 1-2: Inventory + Classification

• Catalog every AI system deployed across the enterprise (use Microsoft Defender Agent SPM if available)
• Classify each against Annex III high-risk categories
• Document the AI literacy gap for any roles interacting with classified systems (Article 4)

Weeks 3-4: Risk Management System (Article 9)

• Establish a risk management lifecycle for high-risk systems
• Document known and reasonably foreseeable risks
• Document residual risks after mitigation

Weeks 5-6: Data Governance (Article 10)

• Document training, validation, testing dataset characteristics
• Document data quality + relevance + representativeness
• Document bias detection and mitigation

Weeks 7-8: Technical Documentation (Article 11 + Annex IV)

• General description of the AI system + intended purpose
• Detailed description of system components and development
• Information about the system's performance + accuracy

Weeks 9-10: Record-Keeping + Transparency (Articles 12 + 13)

• Automated logging of high-risk system operation
• Instructions for use for deployers
• Information on accuracy + robustness

Weeks 11-12: Human Oversight + Accuracy (Articles 14 + 15)

• Document human oversight measures
• Document accuracy + robustness + cybersecurity testing
• Final conformity assessment

EPC Group EU AI Act Engagement

EPC Group runs 12-week EU AI Act compliance engagements for Fortune 500 enterprises with high-risk AI systems. Pricing: $75K-$250K fixed-fee depending on system count and complexity. We map every requirement against Microsoft Purview Compliance Manager templates, Microsoft Defender Agent SPM inventories, and Microsoft 365 audit logs.

See: Microsoft Purview Compliance Manager AI Framework Attestation, NIST AI Risk Management Framework Enterprise Guide, AI Skill Development 2026: EU Article 4.

Schedule an EU AI Act readiness assessment at /contact.