August 2, 2026 is the compliance deadline for high-risk AI systems under the EU AI Act - and it applies to any team building AI agents or SaaS products that touch EU resident data, regardless of where your company is based.
High-risk is defined broadly: credit scoring, recruitment filtering, healthcare triage, education assessment, and critical infrastructure management all qualify. If your AI system makes or influences decisions in any of these areas for European users, you're in scope.
The practical requirements include automatic logging of every automated decision (with enough detail to reconstruct why the system made that call), human oversight mechanisms that actually work rather than just exist on paper, documented risk assessments before deployment, and registration of qualifying systems in the EU's official AI database.
The extraterritorial reach is what catches most non-European teams off guard. A US startup running recruitment AI for a Berlin company is subject to the Act. A Canadian agency building a credit-risk tool for Dutch banks is subject to the Act. The law follows the data subject, not the developer's address.
Penalties go up to 30 million euros or 6% of global annual turnover for the most serious violations, whichever is higher. For smaller companies, that 6% figure hits harder than the absolute cap.
Most enterprise AI platforms - including tools like Claude and ChatGPT deployed through API integrations in business applications - will need documented evidence of human review processes when used in high-risk contexts. That responsibility typically falls on the developer building the application, not the underlying model provider.
Teams discovering this deadline for the first time today have 75 days to implement logging infrastructure, review their risk classification, and file any required registrations. That's tight starting from zero.