← Home/EU AI Act compliance · Enterprise guide

EU AI Act compliance for enterprises: understand, anticipate,
deploy compliant

The EU regulation on AI sets concrete obligations from August 2026. What it requires, who it covers, and how to keep your AI deployments compliant — without slowing innovation.

Assess my exposureSee the deadlines
2 Aug 2026
High-risk system obligations
€35M / 7%
Max fines of global revenue
4 levels
Risk-based classification
LOOP™
Compliance by design, continuous
2 Aug 2026High-risk system obligations
€35M / 7%Max fines of global revenue
4 levelsRisk-based classification
LOOP™Compliance by design, continuous
2 Aug 2026High-risk system obligations
€35M / 7%Max fines of global revenue
4 levelsRisk-based classification
LOOP™Compliance by design, continuous
The regulation, in plain terms

What is the EU AI Act?

The EU AI Act (Regulation (EU) 2024/1689) is the world's first binding regulation governing artificial intelligence. It classifies AI systems by risk level and imposes proportionate obligations on the organisations that develop or deploy them in the European Union — regardless of where they are based.

Unacceptable
Banned
Social scoring, behavioural manipulation, emotion recognition at work, mass biometric identification. These uses have been prohibited since February 2025.
High risk
The core obligations
HR and recruitment, credit scoring, critical infrastructure, education, biometrics, justice. Subject to the heaviest obligations from August 2026.
Limited
Transparency
Chatbots, generated content, conversational assistants. Obligation to clearly inform users they are interacting with an AI.
Minimal
Unrestricted
Spam filters, video-game AI, simple recommendations. No specific obligation — the vast majority of use cases.
The countdown

The deadlines that
commit your company

The EU AI Act does not apply all at once: it rolls out in waves between 2024 and 2027. The highest step — high-risk systems — lands on 2 August 2026.

Aug 2024
Entry into force
The regulation is published and begins phased application.
Feb 2025
Prohibited practices
Unacceptable-risk uses are banned. AI literacy obligation for teams.
Aug 2025
General-purpose AI
Obligations for GPAI models, governance framework and penalty regime take effect.
Aug 2026
High-risk systems
General application of the regulation. High-risk systems under Annex III must be compliant. The key deadline for enterprises.
Aug 2027
Regulated products
High-risk systems embedded in already-regulated products (Annex I) enter scope in turn.
If you operate a high-risk system

Six obligations
to uphold in production

For a system classified as high-risk, the EU AI Act does not ask for a one-off declaration: it requires a living, documented and auditable framework across the whole lifecycle.

1Risk managementObligation 01

A continuous process to identify, assess and mitigate risks across the system's entire lifecycle.

2Data governanceObligation 02

Training and testing datasets that are relevant, representative and as free of bias as possible.

3Technical documentationObligation 03

A complete dossier describing the system, its design and its compliance, kept up to date and available to authorities.

4Traceability & loggingObligation 04

Automatic event logging that makes it possible to trace how the system operates and how decisions are made.

5Transparency & human oversightObligation 05

Clear information for users and mechanisms allowing a human to supervise, correct or stop the system.

6Robustness & cybersecurityObligation 06

An appropriate level of accuracy, resilience and security against errors, failures and attacks.

Obligation 01
Risk management
A continuous process to identify, assess and mitigate risks across the system's entire lifecycle.
Risk mapping · mitigation measures · periodic reviews.
Obligation 02
Data governance
Training and testing datasets that are relevant, representative and as free of bias as possible.
Source traceability · quality control · bias management.
Obligation 03
Technical documentation
A complete dossier describing the system, its design and its compliance, kept up to date and available to authorities.
Specifications · architecture · conformity assessments.
Obligation 04
Traceability & logging
Automatic event logging that makes it possible to trace how the system operates and how decisions are made.
Timestamped logs · audit trail · history retention.
Obligation 05
Transparency & human oversight
Clear information for users and mechanisms allowing a human to supervise, correct or stop the system.
Instructions for use · validation points · emergency stop.
Obligation 06
Robustness & cybersecurity
An appropriate level of accuracy, resilience and security against errors, failures and attacks.
Robustness testing · access security · continuity plans.
The real risk

Why compliance is decided
now, not in August 2026

Becoming compliant can't be improvised the day before the deadline. Four blind spots turn a promising AI deployment into regulatory exposure.

Too late
Compliance handled at the end of the project
Bolting governance on after go-live costs more and leaves gaps. McKinsey makes the point: compliance requirements are too often dealt with last.
Blind spot
No traceability of decisions
Without an audit log, it's impossible to prove how an automated decision was made — exactly what the regulation asks you to demonstrate.
Vague
No documented human oversight
"A human approves" isn't enough: you need formal checkpoints, named roles and traceable escalation thresholds.
Invisible
No inventory of AI systems
You can't classify by risk what you don't track. Many organisations don't know how many AI systems already run in their processes.
The Koneetiv answer

Compliance by design, not as catch-up

Rather than a compliance layer bolted on afterwards, LOOP™ governance builds the EU AI Act requirements into the deployment itself. Every obligation maps to an operational answer.

Risk management & classification
System inventory and LOOP™ trust zones (green, amber, red)
Traceability & logging
LOOP™ living registry: timestamped, documented, auditable decisions
Human oversight
Validation points and escalation thresholds: humans stay in control
Technical documentation
ISO 42001 alignment: the management framework that structures the evidence

The result: compliance becomes a continuous property of your AI agents, not a file produced the night before the audit. To go further: LOOP™ governance · the ISO 42001 bridge

Frequently asked

EU AI Act compliance: what enterprises ask

Does the EU AI Act apply to my company?
Yes, as soon as you develop, deploy or use an AI system in the European Union — even if your company is based outside the EU. How heavy the obligations are depends on each system's risk level: most fall under minimal risk, but recruitment, credit scoring or biometrics move into high risk.
What are the penalties for non-compliance?
The regime is tiered. Prohibited practices face fines of up to €35M or 7% of total worldwide annual turnover. Breaching other obligations (including those for high-risk systems) can reach €15M or 3%, and supplying incorrect information to authorities €7.5M or 1%.
What's the difference between ISO 42001 and the EU AI Act?
The EU AI Act is binding regulation: it states what the law requires. ISO 42001 is a voluntary AI management standard: it states how to organise your governance. Aligning with ISO 42001 is one of the most direct ways to structure the evidence the AI Act requires without detailing it.
How do we prepare for the August 2026 deadline?
Start by inventorying your AI systems and classifying them by risk level. For high-risk ones, put traceability, documentation and human oversight in place now — these take time to bed in and can't be improvised. Operational governance like LOOP™ accelerates this path to compliance.
Are Claude agents compliant with the EU AI Act?
An AI agent isn't compliant or non-compliant "in itself": it's its use and governance that make it compliant. Deployed under suitable governance — traceability, trust zones, human oversight — Claude agents can meet the operational conditions the regulation expects; the final qualification remains specific to each system and its use. That's exactly what the LOOP™ methodology delivers.
Does Koneetiv provide legal advice on the EU AI Act?
No. Koneetiv supports the operational compliance of your AI deployments — governance, traceability, technical documentation, human oversight. Legal interpretation of the regulation and the regulatory classification of your systems rest with your legal counsel, with whom we work alongside.
Go further

Build your operational compliance

From standard to production: the Koneetiv resources and solutions to embed compliance in your deployments.

Standard
ISO 42001
The management system that structures the evidence the EU AI Act expects.
Methodology
LOOP™ governance
Trust zones, living registry and continuous human oversight.
Framing
Claude Ignite
Frame a de-risked AI deployment, compliant by design.
Steering
Claude Cockpit
Observe, audit and steer your agents in production over time.

Where do you stand
on the EU AI Act?

Let's review your AI deployments' exposure and the levers for compliance, without jargon.

Assess my exposure