GLACIS·EU AI Act series·Updated June 2026
EU AI Act high-risk compliance, before the cliff edge.
The Act applies to any provider or deployer whose AI outputs are used in the EU. Prohibited-practice fines reach €35M or 7% of global turnover. The high-risk obligations remain scheduled for 2 August 2026 in the legal text; a Digital Omnibus on AI provisional agreement — reached in May 2026 and pending formal adoption — would move them to 2 December 2027 (stand-alone) or 2 August 2028 (embedded). Either way, the technical documentation and Article 12 logs must be ready before the audit.
On 6–7 May 2026 Parliament and Council reached a provisional political agreement on the Digital Omnibus on AI. It would move the delayed high-risk obligations to fixed deadlines: 2 December 2027 for stand-alone systems and 2 August 2028 for systems embedded in regulated products. As of June 2026 this is not yet formally adopted — it still needs a Parliament plenary vote, Council adoption and Official Journal publication (expected before 2 August 2026). Until then, 2 August 2026 remains the legal text. The Omnibus is not purely deregulatory: it also adds a new Article 5 prohibition targeting AI “nudifier” apps and non-consensual intimate imagery.
The GPAI Code of Practice was finalised in July 2025 and is now signed by roughly two dozen providers (Anthropic, Google, IBM, Microsoft, Mistral, OpenAI, Cohere, Aleph Alpha, Almawave and others); Meta has not signed and xAI signed only the Safety and Security chapter. CEN-CENELEC accelerated the harmonised-standards programme (target Q4 2026), which is the principal driver of the Omnibus delay proposal.
High-risk systems under Annex III
Annex III lists the eight domains where an AI system is classified high-risk if it materially affects natural persons. Crossing into one of these categories triggers Articles 9–15 (risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy/robustness/cybersecurity), plus Article 17 quality management.
| Domain | Typical systems in scope |
|---|---|
| Biometrics | Remote identification, categorisation, emotion recognition (outside law-enforcement carve-outs) |
| Critical infrastructure | Safety components for water, gas, electricity, traffic management, digital networks |
| Education & vocational training | Admissions scoring, exam evaluation, attainment-level assignment, prohibited-behaviour detection |
| Employment | Recruitment, selection, performance evaluation, termination, work allocation |
| Essential services | Creditworthiness, life and health insurance pricing, public-benefit access decisions, emergency triage |
| Law enforcement | Risk assessment of natural persons, polygraphs, evidence reliability, profiling |
| Migration, asylum & border | Risk assessment, document verification, application examination support |
| Justice & democratic processes | Judicial-decision support, alternative dispute resolution, election influence systems |
Employment screening is Annex III high-risk: recruitment, ranking and evaluation systems carry the full Articles 9–15 load. See how signed runtime evidence works for hiring AI. Clinical AI embedded in regulated products follows the embedded-product track; start with medical devices.
What Articles 9–15 actually require
| Article | Requirement |
|---|---|
| Art. 9 | Risk management system across the lifecycle: identify, evaluate, mitigate, monitor. |
| Art. 10 | Data governance for training, validation, testing — relevance, representativeness, error checks. |
| Art. 11 | Technical documentation per Annex IV (nine substantive sections). |
| Art. 12 | Automatic event logging for traceability — the line GLACIS attests. |
| Art. 13 | Transparency and instructions for downstream deployers. |
| Art. 14 | Effective human oversight measures. |
| Art. 15 | Accuracy, robustness, cybersecurity — including resilience to adversarial input. |
| Art. 17 | Quality management system covering compliance, post-market monitoring, incident reporting. |
Penalty structure under Article 99
Three penalty bands. Whichever amount is higher applies. National competent authorities set the actual fine within these ceilings; the AI Office handles GPAI providers directly.
| Violation | Maximum fine | Or % of global turnover |
|---|---|---|
| Prohibited practices (Article 5) | €35,000,000 | 7% |
| Other non-compliance (Articles 9–15, 17, etc.) | €15,000,000 | 3% |
| Incorrect information to authorities | €7,500,000 | 1% |
No public enforcement actions against prohibited practices have been confirmed as of June 2026. Several member states are still finalising their market surveillance authorities; the recognised “enforcement gap” is one reason the Omnibus is reshaping the high-risk timeline.
How GLACIS fits the obligations
GLACIS produces continuous technical documentation and a tamper-evident Article 12 log from your AI's actual runtime behaviour — not manually edited PDFs. Conformity assessors and notified bodies receive verifiable evidence rather than written assertions.
| Article | What GLACIS produces |
|---|---|
| Art. 9 Risk management | Continuous risk-posture telemetry with evidence of control execution at every inference. |
| Art. 11 Technical docs | Auto-generated Annex IV sections sourced from live system behaviour and configuration. |
| Art. 12 Logging | Cryptographically attested decision log, full provenance, zero sensitive-data egress collection. |
| Art. 14 Human oversight | Operator-action receipts and override traces tied to the decisions they applied to. |
| Art. 15 Robustness | Resilience evidence: adversarial-input behaviour, drift detection, recovery actions. |
| Art. 17 QMS | Continuous post-market monitoring with serious-incident escalation triggers. |
Article 12 requires logging that can stand behind a notified-body review; signed runtime receipts are that record.
Go deeper
| Full compliance guide | Risk categories, Articles 9–15 in detail, GPAI obligations, conformity assessment paths, the Omnibus status. |
| For Chief Compliance Officers | Programme architecture, audit-readiness checklist, board reporting, certification routes. |
| For CISOs | Article 12 logging architecture, Article 15 robustness, sec-eng integration. |
| For General Counsel | Liability allocation, vendor and deployer contracts, extraterritorial scope. |
| EU AI Act vs HIPAA | Crosswalk for healthcare and life-sciences operators with US obligations. |
| Colorado ADMT law (SB 26-189) | The US transparency analogue — covered automated decision-making technology, with substantive compliance from 1 January 2027; what stacks with the EU regime. |
By member state
| Germany | BNetzA designated as main market surveillance authority under draft KI-MIG; BaFin for financial-sector high-risk AI; KoKIVO coordination centre planned. |
| France | Decentralised model: CNIL on workplace/education emotion-recognition; ANSSI on cybersecurity; PEReN technical support; multi-authority bill still pending. |
| Italy | National AI Law No. 132/2025 in force October 2025; AgID notifying authority, ACN market surveillance, Garante on data; implementing decrees due October 2026. |
| Spain | AESIA operational since June 2024; 16 detailed compliance guides published December 2025; regulatory sandbox; draft national AI Law (March 2025). |
| Netherlands | Hybrid 10-authority model led by AP; AP+RDI co-coordinate; public consultation on Implementation Act open 20 April – 1 June 2026. |
| Belgium | BIPT designated main market surveillance authority (2025-2029 Federal Government Agreement); 21 fundamental-rights bodies under Article 77. |
| Poland | New body KRiBSI under construction (single-authority model); operational support nested in Ministry of Digital Affairs; UODO disputing advisory-only role. |