EU AI Act enforcement . 2 August 2026 . High-risk systems in scope
Regulation . Not optional . Starts 2 Aug 2026

EU AI Act readiness for teams without a compliance officer.

Enforcement of the high-risk provisions begins 2 August 2026. Most SMBs do not have a compliance lead, a dedicated legal budget, or the bandwidth to read a 144-page regulation. We do. Copenhagen HQ, Danish Datatilsynet + Digitaliseringsstyrelsen sandbox access, fixed-scope packages so you know the bill before we start.

--
Days
--
Hours
--
Minutes
--
Seconds

until enforcement of Article 6 high-risk provisions

What actually changes 2 Aug 2026

General-purpose AI obligations have been live since 2 Aug 2025. From 2 Aug 2026 the majority of remaining provisions apply, including the full framework for high-risk AI systems: risk management, data governance, technical documentation, logging, human oversight, transparency and post-market monitoring. If your SMB uses AI in hiring, credit, education, access to essential services, biometrics, critical infrastructure, or law enforcement-adjacent tooling, you are in scope.

Article 6 . Risk classification
Unacceptable
Banned outright. Social scoring, real-time biometric ID in public spaces, emotion recognition at work or school, manipulative systems.
Do not build
High-risk
Full compliance required. Hiring, credit scoring, education access, essential services, critical infrastructure, law-enforcement tooling, biometrics.
Annex IV dossier
Limited risk
Transparency obligations. Chatbots, deepfakes, emotion-recognition in non-work contexts. Users must be told they are interacting with AI.
Disclosure notice
Minimal risk
No mandatory obligations. Spam filters, AI in video games, inventory forecasting. Voluntary code of conduct recommended.
Voluntary

From inventory to enforcement-ready

01 . Inventory
Catalogue AI use
Every system, vendor, data flow, user group.
02 . Classify
Article 6 tier
Score each system, flag grey areas.
03 . Document
Annex IV dossier
Design, data, risk, oversight, logs.
04 . Operate
Post-market monitor
Incident log, annual review, regulator contact.
01 . Scoping

Scoping review

2 weeks . light touch
EUR 5,000GBP 4,200
  • Full AI system inventory (every use, every vendor)
  • Risk classification under Article 6
  • Gap list: what is missing vs. what is in scope
  • Decision: scope in, scope out, or redesign
02 . Dossier

Full conformity dossier

6 weeks . most common choice
EUR 15,000GBP 12,700
  • Everything in scoping
  • Technical documentation per Annex IV
  • Data governance policy + dataset declarations
  • Human oversight protocol + logging schema
  • Internal governance pact signed by leadership
03 . Sandbox

Readiness + sandbox routing

10 weeks . regulator-facing
EUR 25,000GBP 21,200
  • Everything in dossier
  • Danish regulatory sandbox submission (Datatilsynet + Digitaliseringsstyrelsen)
  • SME priority access per Apply AI Strategy (Oct 2025)
  • Post-market monitoring plan
  • 12-month governance retainer included

What the 6-week dossier package actually looks like

Week 1
Kick-off + inventory. Map every AI system. Vendor, purpose, data flow, user population. One half-day workshop, asynchronous forms for the rest.
Week 2
Risk classification. Annex III check. Score each system against Article 6 high-risk criteria. Legal memo on grey areas.
Week 3
Technical documentation. Annex IV package per system: system description, design, development, data, metrics, risk management.
Week 4
Data governance. Dataset declarations, bias review, retention policy, GDPR reconciliation.
Week 5
Human oversight + logging. Oversight protocol per system, logging schema, incident response runbook.
Week 6
Internal governance pact. Signed by leadership, published on the SMB's own site at /governance/. Post-market monitoring plan handed over.

Why Copenhagen-based matters

Denmark operates an EU AI Act regulatory sandbox co-run by Datatilsynet and Digitaliseringsstyrelsen, with SME priority access announced under the Apply AI Strategy (October 2025). We are registered in Denmark. When it is right for your system, we route you through the sandbox rather than the open-market conformity route. That turns a 10-week compliance project into a structured pilot with the regulator in the loop.

Book scoping . 14 weeks to enforcement

Every week you wait, options narrow. We still have scoping slots in May. Fill the cohort form at /smb/ and mention "compliance" in the notes; we will route you to the compliance track.

Apply for scoping slot