June 3, 2026

The EU AI Act Enforcement Machine Takes Shape

Two months from now, on August 2, 2026, the bulk of the EU AI Act switches from text on paper to live law. The past week made clear that Brussels is not coasting toward that deadline. It is building the machinery to enforce it, and industry is scrambling to keep up.

60 Experts, One Scientific Panel

On June 1, the European Commission appointed a Scientific Panel of 60 independent experts to advise the AI Office and national authorities on general-purpose AI models, systemic risks, evaluation methodologies, and cross-border market surveillance[1]. Alongside it, an Advisory Forum drawn from academia, civil society, and industry (including SMEs and startups) will weigh in on standardisation and implementation challenges. Both bodies serve two-year terms. EU agencies like ENISA and the Fundamental Rights Agency get permanent seats at the forum table.

This is not a symbolic gesture. The Panel will directly influence how the Commission classifies GPAI models, evaluates systemic risks, and conducts technical audits. For anyone deploying or developing foundation models in Europe, these 60 people now matter.

Article 50 Consultation Closes Today

The AI Office's Article 50 transparency consultation closes at the end of June 3[2]. The 40-page draft guidelines cover interactive AI disclosure, deepfake labelling, and emotion-recognition and biometric-categorisation notifications. All of these obligations go live on August 2 alongside Article 50 itself. If you have not filed feedback yet, you have hours, not days.

A parallel consultation on Article 6 high-risk classification remains open until June 23[3]. That one is arguably more consequential, because the four Annex III exemptions in the draft guidance are sharp enough to define product roadmaps for the next two years.

110 Firms Ask for a Pause

More than 110 EU-based businesses signed a coordinated submission asking the Commission to pause high-risk enforcement until both the guidelines and the harmonised standards are final[4]. The concern is straightforward: you cannot comply with rules that have not been fully written yet. The Annex III exemptions, in particular, create genuine ambiguity about which products fall in scope and which do not. Firms are not asking to avoid regulation. They are asking for the regulation to exist in its final form before enforcement begins.

The Commission's response so far has been to consolidate, not retreat. Its Article 112 annual review of the Annex III high-risk list and the Annex II prohibited-practices list proposes no amendments, despite submissions from civil society proposing additional bans and new high-risk categories[5]. The political signal is that Brussels wants the current scope bedded down before opening new fronts.

Member States: The Authority Gap

Enforcement does not happen in Brussels. It happens in national capitals, and most of them are not ready. Italy has formally designated its two primary AI Act authorities through Law No. 132/2025: AgID as the notifying authority and the National Cybersecurity Agency (ACN) as the market surveillance authority[6]. Implementing decrees defining sanctioning powers are expected by October 2026. Germany's KI-MIG implementation bill continues its Bundestag reading, with the Bundesnetzagentur on track as lead supervisor. Beyond these two, the authority gap across most member states remains wide open.

The sanction tiers are eye-catching: up to 35 million euros or 7 per cent of turnover for prohibited practices, 15 million or 3 per cent for other infringements. But no formal AI Act fines have been levied yet. The Commission's GPAI inquiry under Article 51 remains live but unresolved. Everything is prospective, pointing at August 2.

What This Means

The trajectory is clear. Enforcement infrastructure is being assembled piece by piece: expert panels, consultation processes, national authority designations, sanction frameworks. The industry pushback is real and organized, but Brussels is not slowing down. For anyone building or deploying AI systems in Europe, the clock is not theoretical. Two months is enough time to map your obligations, not enough time to rewrite your compliance architecture from scratch.

The companies that treat the next 60 days as an early-warning period will be in a very different position from those waiting for the final standards to land. The final standards may not land before enforcement does.

  1. European Commission, "AI Act enforcement gets independent expert support," June 1, 2026. digital-strategy.ec.europa.eu ^
  2. European Commission, "Consultation on draft guidelines on transparency obligations under the AI Act," opened May 8, 2026. digital-strategy.ec.europa.eu ^
  3. European Commission, "Draft Commission guidelines on classification of high-risk AI systems," consultation open until June 23, 2026. digital-strategy.ec.europa.eu ^
  4. AI in Europe, "EU AI Act this week: the Article 50 window closes Wednesday as 110 firms ask for a pause," June 1, 2026. aiineurope.co ^
  5. European Commission, Article 112 annual review report on Annex III and Annex II. digital-strategy.ec.europa.eu ^
  6. Securiti, "Italy AI Law Guide: Law No. 132/2025." securiti.ai ^
← All posts