AI GovernanceJun 10, 2026 14 min

EU AI Act Enforcement in 2026: What Actually Changed

General-purpose AI obligations went live in August 2025. High-risk system obligations phase in through August 2026. Here is what national authorities are actually enforcing — and what they are not.

EU flag stars arranged around a stylized neural-network graph on a deep blue background
By Priya Ramesh

The EU AI Act entered into force on 1 August 2024 with a staggered application schedule. In 2026 we are past the theatrical phase — the Article 5 prohibitions applied from 2 February 2025, the general-purpose AI (GPAI) obligations from 2 August 2025, and the bulk of the high-risk obligations under Annex III apply from 2 August 2026. What used to be conference-slide compliance is now audit-desk compliance.

This piece is not legal advice. It is a summary of what the AI Office and national authorities have actually done in the first ten months of enforcement, based on published decisions, guidance notes and the AI Office's Q1 2026 activity report.

What the AI Office is actually doing

The European AI Office — sitting inside DG CNECT — has three main workstreams in 2026:

  • GPAI oversight. Model providers above the 10^25 FLOPs systemic-risk threshold (Article 51) file model documentation, incident reports and evaluation summaries. The first round of filings closed in Q1 2026; the Office has confirmed receipt from all major frontier labs operating in the EU market.
  • Code of Practice compliance. The GPAI Code of Practice, finalised in mid-2025, is the practical yardstick for Article 53–55 obligations. Signatories get a presumption of conformity; non-signatories must demonstrate equivalence, which so far has been slower and more expensive.
  • Coordination with national authorities. Market surveillance is national. The Office coordinates but does not enforce against deployers directly.

What national authorities are actually enforcing

The enforcement pattern in 2025–2026 has been narrower than the press coverage suggested:

  • Article 5 prohibitions. Several social-scoring and untargeted facial-image-scraping cases opened by CNIL (France), Garante (Italy), and the Dutch AP. Fines have been in the low millions of euros so far, well below the theoretical 7% of turnover cap.
  • Transparency (Article 50). Deepfake and AI-generated-content labelling is being enforced primarily through consumer-protection channels. The German BfDI and the Spanish AEPD have both issued notices to platforms.
  • Deployer obligations (Article 26). Human oversight, input-data quality, and log-keeping requirements for high-risk systems have generated the largest volume of enforcement correspondence — mostly informal, mostly resulting in remediation rather than fines.
  • AI literacy (Article 4). The most-cited article in enforcement letters. It is cheap for authorities to check and cheap for organisations to fix; expect it to remain the most common finding.

The theoretical maximum penalties (Article 99: up to €35M or 7% of worldwide annual turnover for prohibited practices, €15M or 3% for most other violations) have not been used. Authorities have signalled they are keeping powder dry for cases involving demonstrable harm.

What is not being enforced yet

  • Annex III high-risk classifications for systems placed on the market before 2 August 2026 benefit from transitional provisions.
  • Fundamental rights impact assessments (Article 27) are required only for specific deployer categories; enforcement is nascent.
  • Post-market monitoring (Article 72) obligations exist on paper but authorities are still finalising the reporting templates.

What CISOs and AI leads should have in place by August 2026

  • A written classification of every AI system your organisation develops or deploys, mapped to Annex I, II or III and to Article 6.
  • A GPAI-use register — which foundation models are used where, with which provider, under which terms, and with which documentation on file.
  • Article 4 AI literacy programme. Documented, role-appropriate, refreshed annually. This is the single cheapest compliance win available.
  • Article 26 deployer file for each high-risk system: human oversight design, input-data governance, logs, monitoring, incident response.
  • Serious-incident reporting workflow aligned with Article 73 timelines (15 days for most, 2 days for widespread infringements, 10 days for critical infrastructure).
  • Contractual flow-down to providers and integrators: allocation of responsibility under Article 25, evidence rights, notification duties.

Interaction with other regimes

The AI Act does not replace GDPR, NIS2, DORA, the Cyber Resilience Act or the Product Liability Directive — it stacks on top. In 2026 most enforcement actions cite two or three of these together. A prompt-injection incident against a healthcare chatbot in Germany last quarter was pursued under GDPR (data breach), the AI Act (Article 15 cybersecurity), and the Medical Devices Regulation simultaneously.

The practical implication: your AI Act file and your existing security/privacy files must reference each other, not sit in separate binders.

The uncomfortable prediction

The first headline-grade AI Act fine will not come from a frontier model provider. It will come from a mid-sized deployer that used a general-purpose model in a high-risk context without an Article 26 file, and whose incident was noticed because of an unrelated data-protection complaint. Prepare the deployer file first.

The AI Act rewards organisations that can produce a binder on demand. Build the binder now, in 2026, while the enforcement climate still favours remediation over fines.
Share this article
Keep Reading

© 2026 TrendGuru AI