EU AI Act August 2 Deadline: What GPAI Operators Need to Do in the Next 38 Days

the August 2, 2026 compliance date is 38 days away. most of the remaining EU AI Act rules become active on that date — including GPAI model obligations and the Article 52 transparency requirements that catch a lot of teams off guard.

here's a plain read of what's actually due, who's in scope, and what an audit in the next 38 days needs to cover.

what goes live on August 2

the EU AI Act's big remaining deadline covers three areas:

GPAI (General Purpose AI) model obligations — if you deploy a GPAI model in an EU context, you need technical documentation, a copyright summary policy, and an acceptable use policy. for GPAI models with "systemic risk" (>10^25 FLOPs training compute), you also need adversarial testing results and incident reporting channels.

Article 52 transparency requirements — AI systems that interact with humans (chatbots, voice assistants, generative interfaces) must disclose they're AI systems at first contact. systems generating synthetic content must label it.

High-risk AI system registration — certain high-risk AI categories (credit scoring, employment screening, law enforcement tools, biometric systems) require EU database registration before deployment.

the fines that come with non-compliance: up to €15M or 3% of global annual turnover for most violations. up to €35M or 7% of global turnover for prohibited AI practices.

who's actually in scope

the GPAI requirements catch more teams than expected. if you're:

• an API provider wrapping a foundation model (GPT-4o, Claude, Gemini, Mistral)
• building autonomous agents that make decisions in EU-regulated contexts (finance, HR, healthcare)
• running a customer-facing AI that replaces a human workflow

…you're likely in scope for at least the Article 52 transparency requirements. the registration requirements hit harder for specific verticals, but the transparency and documentation obligations are broad.

one misconception worth clearing up: "we don't train models, we just call APIs" doesn't take you out of scope. deployers have obligations under the Act, not just developers.

what an audit in 38 days needs to cover

this is the question that actually matters right now. with 38 days, there's no time for a multi-month compliance program. a useful pre-deadline audit covers:

inventory and classification — map every AI system in your stack. for each one, determine whether it falls into prohibited, high-risk, or limited-risk categories. most teams don't have this documented.

decision-point logging — GPAI and high-risk system obligations require that you can reconstruct the context for consequential AI decisions. if you can't show what inputs produced what outputs for a given decision, you're not audit-ready.

transparency controls — for any customer-facing AI, verify the disclosure mechanism fires at first contact. this is often a product issue, not a compliance issue — but it needs to be verified and logged.

documentation completeness — technical documentation for GPAI includes model capabilities, known limitations, training data sources, and a risk mitigation summary. most companies have bits of this in Notion or a README; regulators want it in a consistent format.

the BizSuite AI audit is built for exactly this window: a 2-hour working call where we map your AI stack against the Act's requirements, identify the live exposure, and deliver a prioritized remediation plan within 48 hours. $997. the goal is something defensible before August 2 — not a perfect compliance program, but a documented risk position you can show a regulator.

the real deadline risk

the August 2 date is when enforcement authority activates, not when the enforcement wave crests. the GPAI obligations in particular give national authorities discretion on when to start formal investigations — so you won't see fines on August 3.

what you will see: audit requests from enterprise customers and procurement requirements citing EU AI Act conformity. B2B companies that deploy AI in EU contexts are already getting questionnaires from their customers' legal teams. the August 2 date is the point where "we're working on it" stops being a sufficient answer.

38 days is tight. the right move is a fast inventory and classification, closing the documentation gaps, and having something on paper before the deadline — not a complete program, but a defensible one.

getbizsuite.com/ai-audit.html — 2-hour working call, plan in 48h, $997.