The deadline is a paperwork problem, not a classification problem
Six weeks from now — 2 August 2026 — the EU AI Act’s high-risk regime starts biting. The articles that go enforceable cover providers (Articles 9 through 17) and deployers (Article 26) of high-risk AI systems. The market has spent two years arguing about which systems are in scope. That argument is mostly settled and mostly the wrong one to be having now.
The harder question is who owns the evidence file when the first supervisor knocks. The Act answers it. Most firms have not.
Article 26 requires deployers of high-risk AI systems to monitor operation “on the basis of the instructions for use,” to retain automatically generated logs “for a period of at least six months,” to ensure input data quality where the deployer controls inputs, to report serious incidents under Article 73, and to inform workers before workplace deployment. Every one of those obligations sits downstream of an artefact the provider produces under Article 17: the quality management system, technical documentation under Article 11, the post-market monitoring plan under Article 72, the incident-reporting procedure under Article 73.
That asymmetry is the operating problem.
Article 25 is the contract layer. It is mostly empty
Article 25 is the value-chain article. It says a deployer “becomes a provider” if it puts its name on a system, substantially modifies it, or changes the intended use so the system becomes high-risk. Article 25(2) requires the original provider in those handover cases to “closely cooperate” and supply “the necessary information” and “technical access and other assistance.” Article 25(4) requires a written agreement between the upstream supplier and the deployer covering exactly what gets passed across.
The European Commission can develop voluntary model contract terms through the AI Office. It has not published the model. Targeted consultation on the related classification guidelines for high-risk systems is open only until 23 June 2026 — fewer than six working weeks before the obligations begin to bind, and on a document that is not the contract layer.
Carriers, lenders and HR platforms that depend on a third-party model for an Annex III high-risk use case — credit scoring under 5(b), life and health insurance pricing under 5(c), recruitment under 4(a), in-employment monitoring under 4(b) — land at the deadline with a deployer obligation defined by the Act and a provider obligation defined by a contract many have not redrafted. Where the contract is silent, the Act does not fill it in. Article 25(4) tells the parties to write something. It does not write it for them.
Most firms have not asked yet
The Cloud Security Alliance’s March 2026 enterprise readiness research tested 106 enterprise AI systems. Forty percent could not be cleanly classified under the Act’s risk tiers, and over half of the organisations surveyed have no systematic AI inventory at all. The harmonised technical standards that compliance and audit teams need as a reference framework arrived eight months late, with the first not entering public enquiry until 30 October 2025.
That timing turns the provider–deployer relationship into the bottleneck. Without a usable harmonised standard, a deployer cannot tell its provider what evidence template will satisfy the supervisor. Without a known template, the provider cannot price the work into its contract. Without a contract, the deployer has no enforceable claim to anything beyond what the provider was already willing to ship.
The Commission proposed in November 2025 to extend the high-risk regime to December 2027. The proposal has not been adopted into law. August is still the live date.
What the first post-market review will surface
Three concrete failure modes are already visible inside the firms that have started preparing.
The first is incident-reporting integration. Article 73 requires deployers to inform the provider and the relevant authority “without undue delay” of a serious incident. Most off-the-shelf vendor contracts give the deployer access to logs but no contractual route to the underlying model behaviour, no contact for the provider’s own Article 72 post-market monitoring function, and no service level for how fast the provider will analyse a deployer-flagged event. When a supervisor asks how a credit-scoring decision drifted, “we sent the provider a ticket” is not a defence.
The second is data input quality. Article 26(4) gives the deployer the obligation but leaves it blind to the model’s training distribution and known input sensitivities. Providers must supply instructions for use under Article 13, but the floor is low. Insurers writing pricing on a vendor model need a written specification of which input distributions degrade accuracy, which categorical encodings fail, and which segments require human-overriding logic. A deployer that learns this from a supervisor’s question rather than from the provider’s documentation has already failed Article 26.
The third is log retention. Six months of “automatically generated logs” sounds bounded until a deployer realises the provider controls the logging schema, the storage format, and the retention period at its own layer. Where the provider’s policy deletes inference traces inside the six-month window — a pattern surfacing in deployer-side compliance work this spring — the deployer is in breach of Article 26(6) on day one.
The hiring question, not the compliance question
The market has been treating the August deadline like an extension of the GDPR filing exercise. The Act’s deployer obligations are operational, not documentary. They require an inside-the-firm function — model risk, post-market monitoring, incident response — that does not sit naturally in a privacy team, a legal team or a procurement team.
A handful of insurers and large credit lenders have moved AI deployment governance into the second-line risk function, with named owners for each high-risk use case and a quarterly evidence file against the provider’s deliverables. Most have not. The ones that have not are the ones that will discover, in September, that the provider holds the file, the contract does not give them access, and the supervisor does not care which party drafted the language.
That is the part of the August deadline that is unsexy, expensive and load-bearing. Article 25 was meant to make it a paperwork problem before it became a supervisory problem. There are six weeks to find out whether it did.
Discussion
Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.