Compliance + the EU AI Act obligations stack

The EU AI Act is a stack: Article 4 literacy, Article 5 prohibited practices, Articles 6 to 49 high-risk obligations, Article 26 deployer duties, Article 27 fundamental rights impact assessment, Article 50 transparency, Article 71 EU database registration, Article 72 post-market monitoring, Article 73 incident reporting, Article 99 penalties. This pillar walks the stack end to end with deadlines, documentation, and the audit trail.

Compliance is where the EU AI Act stops being a regulation and starts being a programme. The headline is Article 99 penalties at EUR 35 million or 7% of turnover, but the operational reality is documentation, dates, and roles. The 2 February 2025 prohibited-practice clock is live. Article 4 literacy is live. GPAI Articles 50-55 are live since 2 August 2025. Article 6 high-risk Annex III obligations land 2 December 2027 (delayed from 2 August 2026 by the Omnibus deal of 7 May 2026); Annex I embedded high-risk AI lands 2 August 2028. This page indexes our writing on Compliance, plus the tools that compress the 90 day implementation plan into a working programme.

Articles in this pillar

EU AI Act Compliance Checklist: 10 Steps Before the High-Risk Deadline

A practical 10-step compliance checklist for the EU AI Act. From AI inventory to ongoing monitoring: everything your business needs before enforcement begins.

14 min19 Mar 2026

AI Strategy for Business Leaders: A 90-Day Implementation Plan

A practical 90-day AI strategy for business leaders. From audit to pilot to scale: the step-by-step framework used by organisations across Europe to implement AI responsibly.

18 min27 Mar 2026

Why Your Business Will Be Left Behind Without AI in 2027

AI adoption is accelerating across every industry. Businesses that delay risk falling behind competitors, losing talent, and facing regulatory penalties. Here is what the data says.

16 min25 Mar 2026

AI Incident Response: What to Do When Your AI System Fails

A practical guide to AI incident response under the EU AI Act. 6-step response plan, Article 26(5) reporting obligations, whistleblower protections, and real incident examples.

15 min21 Mar 2026

EU AI Act Article 27 FRIA: How to Run a Fundamental Rights Impact Assessment

Article 27 requires certain deployers of high-risk AI systems to run a fundamental rights impact assessment (FRIA) before deployment. Who's actually in scope is narrower than most read it. This guide covers the 6 things a FRIA must cover, how it differs from a GDPR DPIA, the notification step, and how to scope your first FRIA without over-engineering it.

14 min15 May 2026

EU AI Act Article 55: GPAI Systemic Risk Obligations Explained

Article 55 of the EU AI Act binds providers of general-purpose AI models with systemic risk: model evaluations, adversarial testing, serious incident reporting under Article 55(1)(c), and cybersecurity. The 10^25 FLOP compute threshold triggers classification. Full Commission enforcement starts 2 August 2026. The Omnibus deal did not change this regime.

16 min15 May 2026

EU AI Act Omnibus Deal Explained: New High-Risk Deadlines for 2027 and 2028

On 7 May 2026 the EU Council and Parliament reached a provisional agreement to delay the high-risk AI deadlines. Annex III standalone systems now apply from 2 December 2027, Annex I embedded systems from 2 August 2028. Article 4 literacy and Article 5 prohibited practices are unchanged and still live.

12 min13 May 2026

The True Cost of AI Non-Compliance: EU AI Act Penalties Explained

EU AI Act penalty tiers explained. Article 99 fines up to EUR 35 million or 7% of turnover, enforcement mechanisms, civil liability, and how to avoid penalties. Series finale.

14 min20 Mar 2026

EU AI Act for HR Teams: What Recruitment, Performance Review, and Worker Management AI Needs

Recruitment AI, CV screening, performance scoring, promotion and termination AI, gig allocation, and worker monitoring all sit in Annex III(4) high-risk territory under the EU AI Act. This guide covers what HR teams need to do under Article 26, when an Article 27 FRIA is required, and how to scope a 90-day HR AI compliance ramp.

14 min16 May 2026

EU AI Act for Healthcare AI: Medical Devices, Diagnostics, and Clinical Decision Support

Healthcare AI sits at the intersection of two regimes: the EU AI Act + sectoral product law (MDR / IVDR). This guide covers Annex I embedded high-risk classification, the dual conformity assessment route, Article 73 incident reporting on top of MDR vigilance, and the 2 August 2028 deadline post-Omnibus.

15 min16 May 2026

EU AI Act for Credit Scoring AI: Annex III(5)(b), Article 27 FRIA, and Consumer Credit Law

Credit-scoring AI is one of the few use cases that REQUIRES an Article 27 FRIA under the EU AI Act. This guide covers Annex III(5)(b) classification, the FRIA process, GDPR Article 22 automated-decision rights, the Consumer Credit Directive interaction, and the 2 December 2027 deadline.

14 min16 May 2026