For the better part of a year, the smart-sounding move was to assume the EU AI Act’s high-risk deadline would slip. A late-2025 proposal in Brussels fed that assumption — surely they would blink.

They haven’t. The August 2, 2026 enforcement date for high-risk AI systems still stands, and member states have begun standing up full enforcement powers. “We were waiting for the extension” is not a compliance posture — it is an explanation you give after the fact, and the organizations that bet on a delay have now spent their runway waiting instead of preparing.

If you have EU customers, EU employees, or EU data, and you run AI in employment, credit, biometrics, critical infrastructure, or essential services, you are in scope — and the clock did not stop. For mid-market healthcare and financial-services firms, those high-risk categories are not edge cases; they are the day job.

The number that matters

€35 million, or 7% of global annual revenue — whichever is higher. That is the ceiling for the most serious violations. The penalty is deliberately designed to be larger than the cost of compliance. That is the entire point.

A deadline-real readiness check

Five questions, yes or no:

  • Do you have an inventory of every AI system in production?
  • Do you know which of them fall under the high-risk (Annex III) categories?
  • Has one named person been assigned ownership of the conformity assessment?
  • Does technical documentation exist for the high-risk systems?
  • Is there a documented human-oversight mechanism for each?

A “no” to any of these is not a paperwork gap — it is exposure. And if you cannot answer the first one, the other four are unanswerable, which tells you exactly where to start.

How LANStatus helps

With weeks on the clock, the bottleneck is usually capacity, not knowledge. Our professional services team — backed by deep healthcare and financial-services experience — can run the readiness check with you, build the AI inventory, classify your high-risk systems, and stand up the documentation and oversight a regulator would expect, in the time you actually have.

If the deadline does not move — and the evidence says it won’t — what breaks first in your organization, and who finds out before the regulator does?

Short on runway before August 2? LANStatus can run your readiness check and close the gaps that matter.

Explore Professional Services

Brian Diamond

Founder & CEO, LANStatus · Fractional Chief AI Officer

Brian founded LANStatus in 2001 and works with mid-market healthcare and financial-services organizations on AI strategy, governance, and security. He publishes The CAIO Brief, a weekly briefing for leaders navigating AI in real time.

The CAIO Brief · BrianOnAI · LinkedIn

A version of this article first appeared in The CAIO Brief.