← Defici Newstech-news

EU AI Act High-Risk Provisions Enter Full Enforcement as Regulators Issue First Guidance

By Defici Editorial · 16 Jul 2026

The European Union's AI Act has reached a critical implementation milestone, with provisions governing high-risk AI systems now fully enforceable across all 27 member states. National market surveillance authorities are beginning their first formal compliance reviews, and the European AI Office has published binding guidance that clarifies obligation scope for AI system providers, deployers, and importers.

High-risk categories under the AI Act include AI used in employment decisions, credit scoring, biometric identification, critical infrastructure management, educational assessment, law enforcement, and border control. Providers of systems in these categories must demonstrate conformity with technical documentation requirements, risk management systems, data governance practices, and human oversight mechanisms before placing systems on the EU market.

The enforcement timeline creates immediate compliance pressure for companies that delayed implementation. While the AI Act's high-risk provisions technically became applicable earlier, many enterprises had treated the period as a grace phase. The formal start of market surveillance activity — including the authority for regulators to issue infringement notices and ultimately impose fines of up to 3% of global annual turnover — has prompted a wave of compliance reviews in major technology companies with EU customers.

For Baltic-region businesses deploying AI in affected categories, the practical implications are significant. Companies using AI for candidate screening, loan assessment, or customer behavior scoring must now have conformity documentation ready for inspection and must ensure their systems meet the Act's transparency and explainability requirements. The Baltic AI Association has published a preliminary compliance checklist for members, though it notes the guidance remains subject to interpretation as enforcement practice develops.

One area of active debate is the obligations on AI deployers — companies that integrate foundation models from providers like Anthropic, Google, or OpenAI into their own products. The Act distinguishes between providers (who develop the original system) and deployers (who adapt and use it), but the boundary is not always clear when a company fine-tunes a model or builds on top of an API. The European AI Office's July guidance addressed this partially but acknowledged that further clarification will be needed as enforcement cases emerge.

ShareXWhatsAppLinkedIn

Get Defici News in your inbox