When does the EU AI Act apply to mid-market firms?

The EU AI Act entered into force on 1 August 2024. Prohibited practices have been banned since February 2025. High-risk AI systems must be compliant by 2 August 2026. The remaining rules apply in full from 2 August 2027.

If you use AI to make decisions about people, such as recruitment, credit, legal advice, healthcare or education, you are in scope as high-risk. Even if you only use external tools like ChatGPT or Claude, the regulation applies to your use.

Regulation (EU) 2024/1689 · deadline 2 August 2026

EU AI Act,
explained in practice

If you use AI to make decisions about people, such as recruitment, credit, legal advice or healthcare, you are in scope. Here is what that means, when it hits, and where you start.

Get the free checklist Read the full guide (in Danish)

§ 01

Timeline

Five deadlines

Three have already passed. The next one, 2 August 2026, is the one that hits most mid-market firms with high-risk AI systems.

1 August 2024

EU AI Act entered into force
2 February 2025

Prohibited practices (Art. 5) apply
2 August 2025

General-purpose AI models (Art. 51-55) apply
2 August 2026

High-risk AI systems (Annex III) apply in full
Next
2 August 2027

Remaining rules apply in full

§ 02

Classification

Four risk categories

01 / Prohibited

Examples

Social scoring, biometric surveillance, manipulative AI, emotion recognition in the workplace and education

What you must do

Cannot be used at all. Banned since February 2025.

02 / High-risk

Examples

Recruitment, credit scoring, legal advice, healthcare, insurance, education, critical infrastructure

What you must do

Risk management, documentation, registration in the EU database, human oversight, transparency, post-market monitoring.

03 / Limited

Examples

Chatbots, deepfakes, generative AI with output directed at citizens

What you must do

Clear labelling that the user is interacting with AI. Generative output must be marked.

04 / Minimal

Examples

AI for spam filtering, inventory management, internal productivity

What you must do

No specific requirements. Voluntary codes of conduct encouraged.

§ 03

Free resource

8-page practical checklist

For mid-market executives. Risk classification for your systems, what you must document, where to start, sector-specific add-ons for law, accounting, finance and IT services.

→Visual overview of the 5 deadlines
→4 risk categories with concrete examples
→12-point checklist per risk category
→3 first actions you can take this week

Note: the checklist PDF is currently produced in Danish. An English translation is in progress.

§ 04

Next steps

When the checklist is not enough

Our one-day EU AI Act Quick Check delivers a complete AI system inventory, risk classification with article reference, and a 90-day roadmap to the 2 August 2026 deadline. Built on 11+ years of GRC platform experience from Archer.

See the Quick Check Read the full guide (in Danish)

EU AI Act, explained in practice

Five deadlines

Four risk categories

8-page practical checklist

When the checklist is not enough

EU AI Act,
explained in practice