NOTE: source=other (EU Commission policy page), recommended=article. product_fit=ai-audit, score=96 ≥ 85. Writing a timely article tied to the Aug 2 enforcement deadline.

46 days to EU AI Act enforcement — what "high-risk AI system" actually means for your audit

August 2, 2026. That's when EU AI Act enforcement powers activate for GPAI model providers and high-risk AI systems. The European Commission's enforcement teams can issue fines up to €15M or 3% of global annual turnover — whichever is higher.

If you're running AI in production and wondering whether this applies to you, the answer depends on one classification question: is your system high-risk under Annex III?

what counts as high-risk under the EU AI Act

The EU AI Act defines high-risk AI in Annex III across eight domains:

• Biometric identification and categorization
• Critical infrastructure management (energy, water, transport)
• Educational and vocational training (access decisions, assessments)
• Employment and HR (recruitment, performance evaluation)
• Essential services (credit scoring, insurance, emergency dispatch)
• Law enforcement (risk assessment, evidence evaluation)
• Migration and border control
• Administration of justice

If your AI system makes decisions — or materially influences decisions — in any of these domains, you're high-risk. That's not a gray area.

What's new as of August 2: this isn't prospective. Systems that have been operating in these domains and were not compliant before the deadline are now subject to enforcement, not just new deployments.

the three compliance gaps most teams haven't closed

After auditing several production AI systems against the EU AI Act checklist, three gaps come up consistently:

Gap 1: Risk management documentation. Article 9 requires a documented risk management system that covers the full lifecycle — development through decommission. Most teams have security documentation, not AI-specific risk management that addresses model failures, training data quality, and operational boundaries.

Gap 2: Technical documentation (Article 11). This is the one compliance teams underestimate. It's not an architecture diagram. It's a structured document covering the system's intended purpose, the data used to train or operate it, performance metrics tested before deployment, and limitations and known risks. Most teams have pieces of this scattered across confluence pages. The regulation requires it in one place, in a format an enforcement team can read.

Gap 3: Logging and audit trail (Article 12). Automatically generated logging that covers the full operation period, including data inputs, algorithmic decisions, human oversight actions, and system performance. This is where almost every team fails — the logging exists but wasn't designed to be compliance evidence. It's formatted for debugging, not for an enforcement review.

what the 2-hour AI audit actually produces

The BizSuite AI Audit is a $997, 2-hour working call with a prioritized compliance gap analysis delivered in 48 hours. It's designed to answer two questions a compliance team can't answer from your architecture docs alone:

1. Which EU AI Act obligations apply to your specific system configuration?
2. What are the three highest-priority gaps to close before August 2?

The output is a prioritized action list — not a 40-page report that sits in a folder. The two-hour call covers the system's operational scope, existing documentation, current logging setup, and human oversight mechanisms. The gap analysis that comes back 48 hours later is scoped to what you can actually fix in 46 days.

That's the point. Six weeks is not enough time to rebuild a compliance posture from scratch. It's enough time to close the highest-risk gaps if you know what they are.

the €15M math

For context on why the August 2 deadline isn't aspirational: the maximum fine for non-compliance with high-risk AI system requirements is €15M or 3% of worldwide annual turnover. The Commission has enforcement powers against GPAI providers that activate August 2.

The audit is $997. The calculus isn't complicated.

Book an audit at: https://getbizsuite.com/ai-audit.html