August 2, 2026 · EU AI Act Enforcement
Is your AI ready for
---
days until enforcement
Aug 2, 2026 · 00:00 CEST
Is your AI ready for
August 2?
If your AI touches EU residents, you're in scope. US headquarters doesn't change that. By August 2, 2026 at 00:00 CEST, your high-risk systems need a documented quality management system, a risk framework, audit-ready records, human oversight, and continuous monitoring. Miss any one of those, and non-compliance fines start at €15M or 3% of global turnover.
Who's in scope
If your AI touches any of these, you're in scope.
The EU AI Act applies extraterritorially, the same way GDPR does. If your AI decisions affect EU residents, the high-risk provisions apply to you. Where your company is incorporated is irrelevant.
Employment & HR
Credit & lending
Education & grading
Insurance & banking
Law enforcement
Biometric ID
Critical infrastructure
Migration & asylum
Healthcare triage
The requirements, mapped
Every AI Act requirement, already covered.
Your conformity assessor will ask one thing: show how this decision was governed. You'll need the policy node that authorized it, the reasoning trace behind it, and the rule version at the moment it fired. For every high-risk decision. Every time. Every artifact produced automatically, the moment the decision commits.
| EU AI Act Requirement | Navedas Capability |
|---|---|
| Quality Management SystemDocumented processes for AI system lifecycle management | Context Graph. Your policies, structured into enforceable versioned rules, each with a citation path regulators can follow. |
| Risk Management FrameworkOngoing identification, analysis, and mitigation of AI risks | Reasoning Ledger. Every decision is logged with its risk assessment and the policy citation that governed it. Immutable. |
| Technical DocumentationDetailed records of system design, capabilities, and limitations | Every verdict traces to a specific policy node. Documentation is produced as a byproduct of operation, not assembled afterwards. |
| Conformity AssessmentSelf-assessment or third-party audit proving compliance | Audit-ready from day one. Every decision is immutable, timestamped, and citable against your policy graph. |
| Human OversightMeaningful human control over AI decisions | Operator Console. Your team gets real-time visibility, override capability, and documented escalation paths for every high-risk decision. |
| Transparency & ExplainabilityClear disclosure of AI involvement and reasoning | No Citation, No Output. Every AI decision ships with the exact policy rule that authorized it. No citation, no action. |
| Record KeepingAutomatic logging of operations and decisions | The Reasoning Ledger is immutable, timestamped, and linked to the policy node that governed the decision. Exportable, queryable, regulator-ready. |
| Runtime Policy EnforcementStopping non-compliant actions before they reach the user | Inference-Time Interceptor. Violations are blocked before the action commits. Not flagged after the customer saw them. |
Three ways to get ready
Assessment. Monitoring. Or let us run it.
Start with a paid Readiness Assessment so you know where you stand. Convert to ongoing monitoring to stay compliant. Or hand the whole governance layer to Navedas.
TRACK 01
Readiness Assessment
$5K – $25K one-time
One week delivery
AI system inventory, gap analysis against every EU AI Act requirement, prioritized remediation roadmap, and executive briefing. Three tiers: self-serve ($5K), guided ($15K), white-glove ($25K).
- Every AI system classified by risk level
- Gap analysis per high-risk system
- Compliance posture and fine exposure
- Prioritized remediation roadmap
- 30-minute executive briefing
TRACK 02
Ongoing Monitoring
$2K – $10K/month
Starts after assessment
Continuous governance, immutable audit trail, monthly compliance reporting, and regulatory update service. Navedas deployed on your AI systems, evaluating every decision against EU AI Act requirements in real time.
- Runtime policy enforcement
- Immutable Reasoning Ledger
- Operator Console real-time dashboard
- Monthly compliance reports
- Automatic regulatory updates
TRACK 03
Managed Governance
$10K – $50K/month
Month 3+, annual contracts
You hand us the keys. We run the governance layer on your behalf: monitoring, incident response, policy updates, conformity assessment prep. No in-house AI governance team needed. Right for companies that have AI in production and want the accountability out of their hands.
- Fully managed operations
- Incident analysis & remediation
- Proactive policy updates
- Monthly executive briefings
- Conformity assessment preparation
How Navedas compares
Assessment tools report. Navedas prevents.
The EU AI Act created a scramble. Most "AI governance" platforms tell you what went wrong after the customer already saw it. Navedas is the runtime gate that stops the violation before it reaches the decision log.
| Capability | Navedas | Credo AI | MS Toolkit | Agent 365 |
|---|---|---|---|---|
| Runtime policy enforcement | Blocks before action | Reports after | Build it yourself | MS agents only |
| Human + AI governance, same engine | Yes, unified | AI only | AI only | AI only |
| Vendor-agnostic | Any framework, any vendor | Yes | Multi-framework | Microsoft stack |
| Immutable audit trail | Reasoning Ledger | Compliance reports | Logs you build | Activity logs |
| Deployment speed | One week (assessment) | Weeks to months | DIY timeline | Weeks |
| Managed service option | Yes | Enterprise tier | Open source only | No |
| EU AI Act mapping | Built-in | Built-in | Manual | Partial |
The fine math
The exposure isn't theoretical.
The EU enforces. Meta: €1.3 billion under GDPR. Amazon: €887 million. The AI Act uses the same enforcement architecture, with larger maximum fines. Companies that waited until the last minute of GDPR spent 3–5x more on compliance than those who moved early. The same curve is setting up now.
€35M
or 7% of global turnover
Prohibited AI practices. Deploying AI in categories the EU has banned outright.
€15M
or 3% of global turnover
High-risk AI non-compliance. The category most in-scope companies will be measured against.
€7.5M
or 1% of global turnover
Providing incorrect, incomplete, or misleading information to regulators.
For a $500M-revenue company, maximum exposure is ~$35M. That's more than 50x the cost of a Readiness Assessment plus a year of Managed Governance. The math only works in one direction.
Compliance team FAQ
Questions your general counsel is already asking.
When does the EU AI Act become enforceable?
High-risk AI provisions become fully enforceable on August 2, 2026. After that date, companies deploying in-scope AI systems without compliance face fines of up to €35 million or 7% of global annual turnover.
Does the EU AI Act apply to US companies?
Yes. The Act has extraterritorial reach, the same way GDPR does. If your AI decisions affect EU residents (customer service, credit, hiring, healthcare, recommendations), you're in scope. Where your company is headquartered doesn't matter.
What counts as a high-risk AI system?
AI used in: employment and worker management, credit scoring, education, essential private/public services (insurance, banking, benefits), law enforcement, biometric identification, critical infrastructure, and migration / asylum / border control.
How long does a Readiness Assessment take?
One week from kickoff to delivery. You receive an AI system inventory, per-system gap analysis, remediation roadmap, and a 30-minute executive briefing. The white-glove tier includes a 30-day follow-up.
How does Navedas compare to Credo AI and Microsoft Agent 365?
Credo AI assesses and reports. It tells you what went wrong after it happened. Microsoft's Agent Governance Toolkit is open-source developer plumbing that your engineers have to integrate, wire up, and maintain. Agent 365 governs only Microsoft's own agents. Microsoft gives you the Lego blocks. Navedas gives you the assembled, operating, accountable system. And Navedas governs AI agents and human agents with the same engine, across any vendor's stack.
How is this different from GDPR?
GDPR governs personal data. The AI Act governs AI systems. Both can apply simultaneously to the same deployment. If an AI decision affects an EU resident and uses their personal data, you need GDPR compliance for the data and AI Act compliance for the decision logic.
Do we need to start from scratch?
No. Navedas sits on top of your existing AI stack, whichever LLM, framework, or workflow platform you're running. The Readiness Assessment works against your current deployment. Monitoring and Managed Governance deploy without infrastructure changes on your side.
--- days is enough. If you start now.
One week for the assessment. Two weeks for your team to review. That still leaves time to remediate before August 2. Every week you wait is a week you don't get back.