
EU AI Act ab 2. August 2026: Was Unternehmen jetzt tun müssen
EU AI Act from 2 August 2026: What Companies Must Do Now
This article is part of our guide AI Agents for SMEs: The 2026 Playbook.
The EU AI Act reaches its most important milestone on 2 August 2026: numerous core obligations of the regulation become enforceable. For SMEs this means that anyone using AI – and especially AI agents – in production needs clear responsibilities, a use-case classification and a documentation structure in place by then. This guide summarizes what applies and what to do.
The EU AI Act timeline at a glance
| Date | What applies |
|---|---|
| 2 February 2025 | Prohibited practices (Art. 5) & AI literacy obligation (Art. 4) |
| 2 August 2025 | Obligations for General-Purpose AI models (GPAI) |
| 2 August 2026 | Governance structure & further core obligations become enforceable |
The risk classes – and what they mean for you
- Prohibited AI (e.g. social scoring): banned since February 2025.
- High-risk AI (e.g. HR, credit scoring, critical infrastructure): extensive obligations – risk management, data governance, technical documentation, human oversight, conformity assessment.
- Limited risk (e.g. chatbots, generated content): transparency obligations – users must know they are interacting with AI.
- Minimal risk: no special obligations.
GPAI: obligations also for users of AI agents
If you use GPAI models (such as large language models) in productive workflows, you must classify, document and monitor your use cases – whether you are a provider or a deployer. The mandatory documentation typically covers four blocks:
- Risk classification per use case
- Inventory of the data categories used
- Human oversight mechanisms
- Conformity assessment records
Fines: why this is a board-level topic
Violations can be costly: up to €15 million or 3% of global annual turnover for high-risk breaches, and up to €35 million or 7% for prohibited practices. SMEs receive relief – including a 50% reduced fine ceiling, priority access to AI regulatory sandboxes and simplified documentation templates.
Your 7-point checklist for August 2026
- Create an AI inventory: which AI systems and agents are in use?
- Assign each use case to a risk class.
- Name responsibilities (who owns AI compliance?).
- Set up a documentation framework (the four GPAI blocks).
- Define and log human oversight mechanisms.
- Ensure employee AI literacy under Art. 4.
- Add transparency notices for AI interactions.
A structured approach: AI Governance for SMEs.
Conclusion: set up governance now
Even though the Digital Omnibus extends some deadlines, the organizational base structure – classification, documentation, responsibilities, literacy – should be in place by August 2026. Companies that do this now avoid fine risks and create the foundation to scale AI agents safely.
EU AI Act readiness check
We classify your AI use cases and build the required governance and documentation structure – practical and BAFA-eligible. Free initial consultation with BAFA consultant #213652.
Book free consultation →BAFA-Certified Expertise for Your Success
Benefit from over 20 years of enterprise experience
Andreas Indorf
Managing Director, mysoftwarelab GmbH
Qualification: BAFA-certified management consultant for digitalization and artificial intelligence (consultant number #213652)
Expertise: Over 20 years of developing and implementing IT systems for DAX companies and international corporations. Specialized in AI automation for mid-sized businesses since 2021.
Hands-on Experience: As a model operation, mysoftwarelab already runs 80% of its own IT services through AI. This hands-on experience flows directly into our client consulting.
Focus: Pragmatic AI adoption for mid-sized manufacturing and service companies (50-200 employees) with measurable cost savings and government funding.
E-E-A-T Proof: All information complies with Google's E-E-A-T guidelines (Experience, Expertise, Authoritativeness, Trustworthiness) for high-quality consulting content.
