u/Reyyzzz

August 2nd isn't just the transparency deadline. It's when the enforcement powers actually switch on.

I keep seeing August 2 described as "the transparency deadline" for the EU AI Act, and I think that framing makes people underrate it. The date is doing more than that.

Three things happen at once. The Article 50 transparency obligations start applying, sure. But it's also when the AI Office gets its penalty powers over general purpose AI providers, and when national market surveillance authorities get the actual power to investigate, request documentation, run inspections, and sanction. The obligation and the enforcement machinery go live on the same day.

That last part is what gets missed. For most of the AI Act's life so far it's been law without a fully operational enforcement apparatus behind it. After August 2 that stops being true. It doesn't mean raids on August 3, national authorities are still staffing up and early enforcement usually goes after the clearest breaches and complaints first. But the option exists now, and that changes the calculus for anyone quietly betting nobody could actually do anything yet.

The realistic near term risk isn't a surprise fine. It's a competitor or a user filing a complaint, an authority asking you to demonstrate compliance, and you having nothing documented. Or an enterprise customer's procurement team asking for evidence as a renewal condition. "We think we're fine" gets a lot weaker when someone has the standing to ask for the paperwork.

One thing worth flagging because a lot of people got it wrong last week: the Digital Omnibus that just got adopted did not move this date. It pushed the high risk documentation track to December 2027, but Article 50 transparency stayed at August 2. If you read "the AI Act got delayed" and relaxed, double check which track you're actually on.

Curious how others here are reading the enforcement side. Anyone expecting national authorities to be active early, or is the consensus that year one is mostly complaint driven?

reddit.com
u/Reyyzzz — 4 days ago

The final Code of Practice on marking AI content dropped last week, here's what actually stood out

The Commission published the final version on June 10 and I spent a while going through it. Most of the coverage I've seen is pretty surface level so figured I'd share the parts that surprised me.

The thing nobody seems to be talking about is that it's split into two sections, and the second one is aimed at deployers, not just the companies building the models. Everyone assumes this is OpenAI and Google's problem, but if you're a company using generative AI to actually publish things, you've got your own obligations around labelling deepfakes and AI generated text on public interest topics. That's a much wider group than people realize.

The part I found genuinely useful is the carve out for text. If a human reviews the AI generated text and takes editorial responsibility for it, you generally don't need to label it as AI. So an AI draft your editor signs off on is fine, but an automated feed pushing out unreviewed content isn't. Feels like a reasonable line to draw.

The voluntary thing trips people up. The way I read it, signing it is basically the cleanest way to show you're complying with Article 50 once enforcement starts August 2. Not signing doesn't get you out of anything, you just have to prove compliance some other way, which sounds like a worse spot to be in.

What I can't figure out is whether companies are actually going to sign it or just quietly do their own thing and hope it holds up. Anyone here closer to that call? Are you treating the Code as the spec or building your own approach?

reddit.com
u/Reyyzzz — 20 days ago
▲ 0 r/gdpr

The EU AI Act kicks in August 2026 — here's what GDPR compliance does and doesn't cover

Been researching the EU AI Act overlap with GDPR and figured this might be useful here since a lot of us are already dealing with GDPR.

Short version: if your product uses AI and serves EU users, the AI Act adds obligations on top of GDPR starting August 2, 2026. Some of your existing GDPR work carries over, but a lot doesn't.

What carries over from GDPR:

  • Data protection impact assessments partially cover the AI Act's risk management requirements (Article 9)
  • Your existing data processing records help with data governance documentation (Article 10)
  • Lawful basis documentation and transparency notices give you a head start

What GDPR doesn't cover that the AI Act requires:

  • Model accuracy and performance documentation
  • Bias testing across protected characteristics
  • Conformity assessment (think CE marking for AI)
  • Continuous post-market monitoring plans
  • Technical documentation specific to AI systems (Annex IV has 9 required sections)
  • Registration in the EU public database for high-risk AI

The transparency deadline (Article 50) is August 2, 2026 — about 74 days out. If you have customer-facing chatbots or AI-generated content features, those need clear disclosure.

The high-risk deadline is December 2, 2027 and covers AI used in hiring, credit scoring, insurance, healthcare, and education.

Fines are steeper than GDPR — up to €35M or 7% of global revenue.

Anyone else here already working through this? Curious how others are approaching the overlap.

reddit.com
u/Reyyzzz — 2 months ago
▲ 5 r/gdpr+1 crossposts

The EU AI Act enforcement deadline for Annex III high-risk AI systems is August 2, 2026. Most companies I talk to haven't started yet.

I've been building ActReady (getactready.com) — it's an AI compliance tracker for the EU AI Act. It covers:

  • Free risk classifier: describe your AI system in plain English, get your risk tier with specific article references
  • Compliance tracker for all 11 high-risk obligations
  • AI-generated technical documentation (Annex IV technical file, risk management plan, DPA, etc.)
  • Regulatory alerts feed for enforcement milestones and GPAI Code of Practice updates

For people already working with GDPR compliance — the AI Act overlaps significantly but has major gaps. I also built a free GDPR/ISO 27001 → EU AI Act overlap mapping if that's useful: getactready.com/overlap-mapping

Happy to answer any questions about the AI Act obligations or what the tool covers.

u/Reyyzzz — 1 month ago