Regulation
The EU AI Act Deadline Hits August 2: Your 7-Week Readiness Plan
Jun 13, 2026 · 9 min read
Key Takeaway
The August 2 deadline doesn't reward the teams that read the regulation most carefully — it rewards the ones who inventoried, classified, and closed gaps before the clock ran out. Seven weeks is enough if you start now.
What August 2 Actually Triggers
On August 2, 2026, the high-risk obligations of the EU AI Act (Regulation (EU) 2024/1689) become enforceable for most operators. Prohibited practices have been illegal since February 2025 and general-purpose model rules since August 2025 — but this is the date that reaches everyday service firms running AI in hiring, scoring, monitoring, and access decisions.
From today, that's roughly seven weeks — enough time, but only if you spend it on the right work. Reading the regulation cover to cover isn't it. The teams that walk into August compliant will be the ones who turned it into an inventory, a tier for every workflow, and a gap list they worked through before the deadline. This is the operational checklist for that window. For the conceptual ground — what the Act covers, who's in scope, and the penalty structure — start with the EU AI Act in plain English.
One note before the plan: this is pragmatic readiness guidance, not legal advice. For your specific situation, confirm with EU counsel.
Weeks 1-2: Inventory Every AI Touchpoint
You cannot comply with what you cannot see. The first two weeks are pure discovery: list every AI-powered tool and workflow in your business. Include the obvious standalone tools and the AI quietly embedded in platforms you already pay for: the scoring model in your CRM, the ranking in your applicant tracking system, the personalization engine in your email tool.
For each item, write down three things: what it does, what decision its output influences, and who that decision affects. This is the same structural discovery we run in the first phase of every engagement, and it's where most teams find AI they forgot they were running. The output is a single list — the foundation for everything that follows.
Week 3: Classify Every Workflow Into a Tier
With the inventory in hand, sort each item into its risk tier: prohibited, high-risk, limited-risk, or minimal. This is the step where the same underlying tool can land in wildly different tiers depending on what its output decides. A scoring model is minimal when it ranks sales leads and high-risk when it gates access to a financial service.
Don't classify from memory. Run each workflow through the free EU AI Act Risk Checker, which applies the Annex III and Article 5 logic and returns the article references. For the reasoning behind the trickier classifications — CV screening, productivity monitoring, lead scoring — work alongside our workflow-by-workflow tiering guide. Flag anything that looks prohibited or high-risk for the next stage.
Weeks 4-6: Close the High-Risk Gaps
This is where the real work sits. For anything flagged prohibited, the only path is discontinuation — shut it down first, because no amount of documentation makes a prohibited practice legal. For high-risk workflows, the Act's Chapter III obligations apply, and three weeks is enough to make meaningful progress if you sequence it.
Prioritize the measures that take longest to retrofit: a documented risk-management process (Article 9), data-governance notes on what you know about training data (Article 10), automatic logging and audit trails (Article 12), and — the one most teams underbuild — meaningful human oversight (Article 14). "A human reviewed it" doesn't satisfy Article 14 if that human has no practical ability to understand, challenge, and override the output. Build the override, and log it.
Week 7: Disclosure and Your Authorised Representative
The final week is for the obligations that are quick to finish but easy to forget. For limited-risk systems — chatbots, anything that generates synthetic media — confirm you have clear user disclosure under Article 50. People must know they're interacting with AI.
If you're a non-EU provider whose high-risk systems reach the EU, appoint your Authorised Representative under Article 22 before the deadline. Failing to appoint one is its own violation, separate from any product issue. If you're a US-based founder still unsure whether the Act reaches you at all, read what US founders get wrong about the EU AI Act before you assume you're exempt — the answer surprises most people.
If You're Already Behind
Seven weeks is enough for an honest inventory and the highest-risk fixes. It is not enough to perfect every Article 9-through-15 obligation for a stack you've never documented. If that's where you are, triage instead of panicking.
First, kill anything prohibited today. That's a hard line with no grace period. Second, identify your one or two highest-exposure high-risk workflows — usually anything touching hiring or access to a financial service — and concentrate your effort there. Third, document your analysis even where you can't finish the remediation. A written record showing you assessed the Act, classified your workflows, and prioritized the gaps beats silence if a regulator ever asks.
Put a Name on Every Stage
Print the seven-week plan and put a name against each stage. The deadline is fixed; your readiness is not. The difference between a compliant August and a scramble is whether you start the inventory this week or next month.
If you want help turning your AI inventory into a prioritized compliance gap list, that's the structured analysis we run in a Workflow Blueprint — and the free AI Readiness Score is a fast way to see where your stack stands before you commit. We won't replace your EU counsel, but we'll make sure you walk into that conversation with a clear map. For the full regulatory picture, visit the OpSprint EU AI Act Hub.
Need help applying this in your own operation? Start with a call and we can map next steps.