EU AI Act: Four Months Until the Main Deadline – What SMEs Must Review Now
5 min Read Time
On 2 August 2026, most provisions of the EU AI Act enter into force. High-risk AI systems will then need to comply with transparency obligations, conformity assessments, and documentation requirements. This affects not only AI providers but also companies deploying AI – in recruitment, credit granting, and quality control. Germany has already missed its national implementation deadline. The draft Artificial Intelligence Market Surveillance and Innovation Promotion Act (KI-MIG) remains pending in the legislative process. For SMEs, this means: four months until the deadline, no national law yet – and urgent action is still required.
The Key Takeaways
- On 2 August 2026, the core rules of the EU AI Act take effect: obligations for high-risk AI systems, transparency requirements, and enforcement mechanisms.
- Germany has missed the deadline for national implementation. The Artificial Intelligence Market Surveillance and Innovation Promotion Act (KI-MIG) is still undergoing legislative review.
- Affected parties include not only AI providers but all companies deploying AI in high-risk areas: HR, credit assessment, and safety-critical components.
What Happens on 2 August
The EU AI Act has been in force since August 2024 and is being rolled out in stages. Stage one – the AI literacy obligation and bans on certain AI practices – has applied since February 2025. Stage two entered into force in August 2025 and concerns providers of general-purpose AI models. Stage three – the most comprehensive – takes effect on 2 August 2026: rules governing high-risk AI systems listed in Annex III.
Concretely, this means: AI systems deployed in areas such as personnel selection, creditworthiness assessment, law enforcement, or critical infrastructure must undergo a conformity assessment from August 2026 onward. They must be accompanied by technical documentation, a risk management system, human oversight, and transparency toward affected individuals.
Who Is Affected in the SME Sector?
The AI Act distinguishes between providers, deployers, and distributors of AI systems. For SMEs, the “deployer” role is decisive: every company using a high-risk AI system bears legal obligations. Most common use cases among SMEs include:
Recruitment: AI-assisted CV screening or automated pre-selection fall under Annex III. Companies using tools like HireVue, Personio AI, or similar solutions must verify whether these systems are classified as high-risk. Data quality of training data becomes a compliance issue.
Credit granting: AI-based creditworthiness assessments or automated lending decisions require transparency toward affected individuals and documented human oversight.
Quality control: AI systems serving as safety components in regulated products (e.g., medical devices, machinery, toys) will face additional requirements starting in August 2027.
Germany: Implementation Delayed
Germany failed to meet its national implementation deadline. The draft bill from the Federal Ministry for Digital Affairs – the Artificial Intelligence Market Surveillance and Innovation Promotion Act (KI-MIG) – dates from September 2025 and is currently progressing through the legislative process following consultations with federal states and industry associations. The Federal Network Agency (Bundesnetzagentur, BNetzA) is designated as the central market surveillance authority.
For SMEs, this delay means, in practice: there is still no national authority empowered to conduct conformity assessments or operate regulatory sandboxes. At the same time, the EU AI Act applies directly as an EU regulation – the obligations take effect on 2 August 2026 regardless of whether Germany enacts its national law.
“The AI Act applies directly as an EU regulation – regardless of whether Germany enacts its national law on time. Waiting is not an option. Any company operating high-risk AI from August 2026 must be compliant.”
– mybusinessfuture editorial assessment
What to Do Now
Four steps to complete within the next four months. First: Create an AI inventory. Which AI systems are in use? Which of them fall under Annex III (high-risk)? Often, departmental teams are unaware their tools are AI-based – a CV screening tool in HR or a predictive analytics module in ERP may be affected.
Second: Contact your vendors. Conformity assessment rests primarily with the provider – not the deployer. But the deployer must ensure the provider fulfils its obligations. Specifically: Is there a CE marking? Is technical documentation available? Are details on the system’s functioning provided?
Third: Implement human oversight. For each high-risk use case, define who monitors AI decisions and can override them when necessary. This is an organisational – not a technical – task.
Fourth: Build AI competence. The “AI literacy” obligation has applied since February 2025. Every company must ensure staff working with AI systems receive adequate training.
Frequently Asked Questions
Does the AI Act apply to small businesses too?
Yes. The AI Act does not exempt deployers based on company size. Any business deploying a high-risk AI system bears deployer obligations. However, SMEs benefit from simplified procedures and are intended to receive preferential access to the planned AI Regulatory Sandboxes.
What happens in case of violations?
Fines are tiered. Violations of banned AI practices: up to €35 million or 7% of global annual turnover. Violations of high-risk requirements: up to €15 million or 3%. False statements to authorities: up to €7.5 million or 1.5%. Lower caps apply to SMEs.
Do I have to shut down my AI tool if I’m not compliant in time?
Not automatically. However, from August 2026, market surveillance authorities may prohibit the use of non-compliant AI systems. The pragmatic recommendation: begin your audit now, hold vendors accountable, and start building documentation. A company that has initiated the process stands far better in an inspection than one that has done nothing.
Editor’s Reading Recommendations
Header Image Source: Pexels / RDNE Stock project (px:7821937)
