NewsIndustry AnalysisSecurity

EU AI Act August 2: What Developers Must Do Now

EU flag and developer code editor illustrating EU AI Act compliance deadline for developers
EU AI Act August 2, 2026 transparency obligations — what developers must ship before the deadline

August 2, 2026 is 31 days away. Most developers have been watching it as the EU AI Act’s big enforcement moment — the day high-risk AI systems face the full weight of Articles 11 through 14. That deadline just moved. But before you close the browser tab, here’s what the Digital Omnibus didn’t move, and why August 2 still matters.

What the Digital Omnibus Actually Changed

The EU Council gave its final green light to the Digital Omnibus on June 29. The EU Parliament had already voted on June 16. The text is pending publication in the Official Journal — at which point it enters into force. Practically speaking, it’s done. Here’s the delta:

Deferred: High-risk AI obligations for standalone Annex III systems move from August 2, 2026 to December 2, 2027. Systems embedded in regulated products (Annex I) move to August 2, 2028.

Not deferred: Article 50 transparency obligations. Those still apply August 2, 2026, on the original schedule. So does Article 5 (prohibited practices, in force since February 2025) and the GPAI model rules that went live in August 2025.

The August 2 deadline didn’t disappear. It just changed what it’s measuring.

Article 50: The August 2 Requirement Developers Actually Have to Ship

Article 50 is the transparency title, and it’s not abstract. Four concrete obligations kick in on August 2:

  • AI disclosure in user-facing systems. Any chatbot, virtual assistant, or AI system that interacts directly with people must inform those people they’re talking to an AI — unless it’s obvious from context. If you’re shipping a customer-facing product with an AI backend, you need a disclosure UI before August 2.
  • Emotion recognition disclosure. If your product uses emotion detection (sentiment analysis of user video, audio, or behavior), you must tell users when it’s active.
  • Synthetic media labeling. AI-generated or AI-manipulated images, video, and audio for public consumption must be labeled as such. Deep fakes, AI avatars, synthetic voiceovers in public-facing content — all need disclosure.
  • AI-generated public information text. Text produced by AI for public information purposes must be labeled. There are carve-outs for authorized satire and creative works, but news summaries, product descriptions, and public-facing AI copy generally need labeling.

Penalties for non-compliance with Article 50 under the EU AI Act: up to €15 million or 3% of global annual turnover. National authorities are fully authorized to act from August 2 onward.

What Got Deferred: High-Risk AI (Annex III)

The categories that concerned developers most — and that now have until December 2027 — include AI used for employment decisions (resume screening, productivity monitoring, task allocation), credit scoring, insurance pricing, benefit eligibility, student assessment, and biometric identification. If you’re building in those spaces, the full compliance burden of Articles 11–14 (technical documentation, audit logging, human oversight design, conformity assessment, CE marking) has a new due date. You can review the complete Annex III high-risk categories to check where your system lands.

That doesn’t mean stop. It means reprioritize. Article 12’s requirement that event logging be integrated into core design — not bolted on afterward — is an architectural constraint that’s painful to retrofit under deadline pressure. Start the inventory now. Classify your systems against Annex III. The difference between doing this in 2026 versus 2027 is significant.

The Grandfathering Question

Here’s the strategic wrinkle that product teams need to discuss with legal counsel: the Act is not retroactive. AI systems already on the market before an enforcement deadline may be partially exempt from certain obligations for that enforcement tier. This means systems deployed before December 2, 2027 could claim grandfathering on some Annex III requirements. Whether that argument holds in specific national courts is genuinely uncertain — but the incentive exists, and it’s driving some enterprise teams to accelerate deployment timelines. It’s a real calculation, not a loophole.

GPAI Model Obligations: Already Your Problem

If you’re building products on top of any large language model — Claude, GPT-5, Gemini, any of them — Articles 51 through 55 have applied since August 2025. Most of the heavy lifting falls on model providers (they must provide technical documentation, copyright compliance policies, and training data summaries). But deployers are responsible for not enabling prohibited use cases and for verifying that vendors are compliant. Ask your API vendor for their GPAI compliance documentation. “We comply with the AI Act” in a blog post isn’t documentation. The EU Council’s Digital Omnibus announcement confirms GPAI rules remain on the original schedule.

What to Do Before August 2

Four actions, in order of urgency:

  1. Audit your user-facing AI features for Article 50 disclosure gaps. Every chatbot, AI assistant, synthetic media feature, and AI-generated content surface needs a compliance check before August 2.
  2. Ship the disclosure UI. This is usually a banner, modal, or persistent indicator. It needs to be in the product, not buried in the privacy policy footer.
  3. Start your AI system inventory. Even with the Annex III deferral to December 2027, knowing what you have is step one of all future compliance work. An inventory built now is 16 months ahead of the crowd.
  4. Get vendor documentation. If you use third-party AI systems or APIs in products affecting EU users, request their Article 11-compliant technical documentation now. Vendors that can’t produce it are a compliance risk — and finding that out in November 2027 is far worse than finding out today.

The EU AI Act isn’t a distant regulatory abstraction anymore. For transparency requirements, the deadline is five weeks out. For a deeper dive into what high-risk compliance actually looks like technically, Augment Code’s developer guide is worth bookmarking. Know your tier, act on your tier.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:News