EU AI Act Enters New Enforcement Phase as High-Risk Obligations Begin to Apply

The European Union's AI Act has entered a new phase of implementation in 2026, with key obligations for high-risk AI systems now coming into force across member states.

While the regulation was adopted in 2024 and entered into force in August of that year, its requirements are being rolled out in stages. Bans on "unacceptable risk" systems took effect in early 2025. Many of the more complex rules for high-risk AI systems are now being phased in during 2026.

What the Rules Require

High-risk AI systems — used in areas such as employment, credit scoring, healthcare, education, critical infrastructure, and law enforcement — must meet strict standards on data quality, transparency, human oversight, accuracy, and risk management.

Providers of general-purpose AI models (including large language models) have been subject to transparency and copyright obligations since August 2025. These include requirements to disclose summaries of training data and comply with EU copyright law.

Penalties for serious violations can reach up to 7% of a company's global annual turnover or 35 million euros, whichever is higher. Regulators have stated they will take a phased approach to enforcement in the early stages.

Current Status of Enforcement

National authorities and the European AI Office have started preliminary assessments of high-risk AI systems, particularly in sectors like recruitment and financial services. The European Commission has published implementation guidelines and launched a public database for registering high-risk systems.

Small and medium-sized enterprises have expressed concerns about the cost and complexity of compliance. In response, the Commission has introduced support programs and simplified guidance for SMEs.

Key Challenges

Companies continue to face questions about how the AI Act interacts with other EU rules, such as the Digital Services Act and GDPR. Many are seeking clearer guidance on overlapping obligations.

The regulation applies to any AI system that affects users in the EU, regardless of where the company is based. This extraterritorial scope has raised practical questions about enforcement and international cooperation.

What This Means for Companies and Users

For companies, the transition period for many high-risk systems is ending. Organizations should now complete risk assessments, implement required safeguards, and ensure they have appropriate documentation and EU legal representation.

For individuals, the AI Act introduces new rights. People must be informed when interacting with an AI system, and they can request explanations for significant decisions made by high-risk systems, such as credit or hiring outcomes.

Looking Ahead

The European Commission has said it will conduct a formal review of the AI Act in 2027 and may propose amendments based on the first year of implementation. Areas expected to receive further attention include generative AI and the use of AI in law enforcement.

By Jessica, Staff Writer