August 2, 2026 is the date circled in red at boardrooms from San Francisco to Bengaluru to Berlin. That's when the European Union's AI Act begins full enforcement for high-risk AI systems — with penalties of up to €35 million or 7% of global annual turnover for violations. Seven weeks out, a significant portion of global companies are not compliant. Here's what the deadline means, who it affects, and exactly what needs to happen before August 2.
What the EU AI Act Actually Requires by August 2, 2026
The August 2 enforcement date covers Articles 9–17 (provider requirements) and Article 26 (deployer requirements) for high-risk AI systems. By that date, companies using high-risk AI must have: completed conformity assessments, finalized technical documentation, affixed CE marking, and completed EU database registration for each high-risk system. The EU defines high-risk AI as systems used in biometric identification, critical infrastructure, education and vocational training, employment (including CV screening and job interview tools), access to essential services (credit scoring, insurance, benefits), law enforcement, migration and border management, and administration of justice. According to Holland & Knight's April 2026 legal alert, US companies operating in European markets face the most complex compliance challenge because their AI systems are subject to EU enforcement even if the company has no EU headquarters. India-headquartered IT companies providing AI services to EU clients — including major firms like Infosys, TCS, and Wipro — are equally exposed.
The Fine Structure: What's Actually at Stake Financially
The EU AI Act's penalty structure is tiered by severity. Using a prohibited AI practice (such as social scoring systems or real-time biometric surveillance in public spaces) carries the highest fine: €35 million or 7% of global annual turnover, whichever is higher. Non-compliance with high-risk AI requirements carries €15 million or 3% of global turnover. Supplying incorrect information to authorities carries €7.5 million or 1.5% of global turnover. To put these numbers in perspective: for a company with $10 billion in global revenue, the maximum fine for a prohibited practice would be $700 million. For a mid-sized AI startup with $500 million revenue, the maximum is $35 million — enough to be company-threatening. Beyond financial penalties, national competent authorities have the power to withdraw noncompliant AI systems from the EU market entirely, which for enterprise SaaS companies with European customers could mean immediate and irreversible revenue loss.
The Action Checklist: What Must Be Done Before August 2
According to legal guidance from Baker McKenzie and Tredence's EU AI Act compliance guide, companies must complete: (1) AI system inventory — catalogue every AI tool in use and classify by risk level. (2) For high-risk systems, complete a conformity assessment documenting data governance, risk management, and human oversight measures. (3) Establish a post-market monitoring system for high-risk AI outputs. (4) Appoint an EU AI representative (required for non-EU companies with EU-facing high-risk AI). (5) Register applicable systems in the EU AI database. The EU has not announced a grace period extension — a resolution in May 2026 indicated the August 2 deadline stands firm. The before/after is stark: companies that are compliant by August 2 can continue operating in EU markets uninterrupted; those that are not face the choice of withdrawing AI systems from EU use or risking enforcement action.
What Indian IT Companies and Global Startups Need to Know
India's large IT services sector has significant EU exposure. Infosys, TCS, Wipro, HCL, and Tech Mahindra collectively generate tens of billions of euros in EU revenue annually. Many of their client engagements involve deploying AI systems that touch employment, finance, or healthcare — all high-risk categories under the AI Act. These companies need to audit AI tools deployed in EU client environments, update client contracts to allocate compliance responsibilities, and potentially withdraw or redesign non-compliant AI modules. For Indian AI startups targeting EU market entry, the August 2 deadline creates a compliance moat — startups that build EU AI Act compliance into their products from day one will have a significant advantage over competitors who need to retrofit it. The EU AI Act, in this sense, is not just a regulation but a market access differentiator for companies that treat compliance as a product feature rather than a legal burden.
What This Means for You
Whether you're a US tech company, an Indian IT services provider, or a startup building AI products, the August 2 deadline is not optional. Start with an AI system audit this week — the McKenna Consultants technical readiness guide is freely available and provides a structured framework. If your company uses any AI in HR, credit, or healthcare in the EU, get legal counsel immediately. The compliance investment is real but manageable. The non-compliance risk is existential for EU-dependent businesses.
Frequently Asked Questions (FAQs)
Q: Does the EU AI Act apply to US companies that don't have offices in Europe?
A: Yes. The EU AI Act has extraterritorial reach — it applies to any provider or deployer of AI systems whose outputs are used in the EU, regardless of where the company is headquartered. US and Indian companies with EU customers must comply, the same way GDPR applies to non-EU companies processing EU personal data.
Q: Which AI tools are classified as high-risk under the EU AI Act?
A: High-risk AI includes systems used for: biometric identification, critical infrastructure management, educational assessment, CV screening and job interview automation, credit scoring, insurance underwriting, benefits administration, law enforcement, border control, and judicial decisions. If your company uses AI in any of these areas for EU customers, you are in scope for the August 2 requirements.
Q: How does the EU AI Act affect Indian IT companies like Infosys and TCS that serve EU clients?
A: Indian IT services companies deploying AI tools in EU client environments must treat those deployments as within EU AI Act scope. This means auditing all AI components in EU client projects, updating contracts to clarify compliance responsibilities, and potentially withdrawing or redesigning AI modules that don't meet high-risk requirements by August 2, 2026.
Q: Is there any EU AI Act grace period extension after August 2, 2026?
A: No. A May 2026 EU resolution confirmed the August 2 deadline stands firm with no general grace period. Individual member states may vary in enforcement aggressiveness in the first months, but legally, liability begins August 2. Companies should not plan around lenient early enforcement — the financial and market-access risks are too significant.
The EU AI Act's August 2 deadline is the most consequential AI governance event of 2026 for global businesses. It connects directly to the broader shift from AI hype to AI accountability happening across the industry, and will shape how companies building on Microsoft MAI models and other platforms design compliance features for the rest of the decade.
