EU AI Act Readiness Advisory
EU AI Act readiness for US organizations. Understand scope, classify risk, and build a defensible compliance roadmap before enforcement begins.
From scope uncertainty to a defensible EU AI Act roadmap.
The readiness workflow turns scattered AI use cases into a sequenced evidence path: scope, classification, gaps, documentation, and board-ready next steps.
Scope
Article 2 EU nexus, provider/deployer role, and market exposure.
Classify
Risk tier analysis under Article 6 and Annex III.
Document
Technical files, risk management, and transparency records.
Assess
Conformity assessment and gap closure planning.
Roadmap
Prioritized compliance plan, owners, timelines, and next actions.
The world's first binding, risk-based AI regulation.
The EU AI Act (Regulation (EU) 2024/1689) is a European Union regulation establishing a risk-based framework for AI systems. It entered into force on 1 August 2024 and categorizes AI into four tiers: prohibited practices, high-risk systems, limited-risk systems, and minimal-risk systems. Each tier carries distinct obligations for providers and deployers.
Extraterritorial reach under Article 2.
Under Article 2, the EU AI Act applies to any organization that places an AI system on the EU market or puts it into service within the EU, regardless of where the company is headquartered. A US company whose AI system is used by European employees, customers, or partners may fall within scope. Physical presence in the EU is not required.
However, the exact scope determination depends on the specific facts of each case: where the AI system is deployed, who it affects, and the nature of the output. Lexara Advisory provides scope analysis to help organizations assess their exposure cautiously and accurately.
Eight categories of high-risk AI systems.
Annex III lists eight categories of high-risk AI systems, including employment, education, essential services, law enforcement, migration, and biometric identification. AI systems used in HR, credit scoring, or certain biometric applications are considered high-risk by default and subject to the strictest compliance requirements.
We help organizations determine whether each AI system falls under Annex III, whether Article 6(3) exemptions apply, and whether the system performs narrow procedural tasks or preparatory functions that may qualify for exemption. This analysis must be documented and defensible.
Building evidence that withstands regulatory scrutiny.
For high-risk AI systems, providers must prepare technical documentation (Annex IV), establish a risk management system (Article 9), implement data governance measures (Article 10), maintain record-keeping capabilities (Article 12), ensure transparency (Article 13), provide human oversight (Article 14), and demonstrate accuracy and robustness (Article 15).
Lexara Advisory assists with documentation planning, gap analysis against these requirements, and the creation of a conformity assessment roadmap tailored to your organization's AI portfolio.
Required for non-EU providers of high-risk AI systems.
Non-EU providers of high-risk AI systems must appoint an EU Authorised Representative (Article 22). This representative acts as a point of contact with EU authorities, maintains technical documentation, and cooperates with market surveillance authorities. Lexara Advisory can coordinate with EU Representative services to ensure this requirement is met.
Key dates and the Digital Omnibus update.
Important timeline update: The Digital Omnibus deal of May 7, 2026 introduced changes to some EU AI Act timelines. Some obligations were delayed, while others remain in effect. The exact timeline for your organization depends on your AI systems' risk classification and the final adopted text. This page reflects the regulatory situation as of June 27, 2026. Consult current official EU sources for the latest adopted deadlines.
The EU AI Act entered into force on 1 August 2024. Prohibited AI practices and AI literacy obligations have earlier effective dates. For high-risk AI systems, Annex III obligations were originally scheduled for August 2026, but the Digital Omnibus deal may have adjusted this timeline. The specific dates applicable to your organization should be verified against the final adopted text.
Common questions about the EU AI Act.
What is the EU AI Act? +
The EU AI Act (Regulation (EU) 2024/1689) is a European Union regulation establishing a risk-based framework for AI systems. It categorizes AI into prohibited, high-risk, limited-risk, and minimal-risk tiers, with corresponding obligations for providers and deployers.
Does the EU AI Act apply to US companies? +
Yes, under Article 2, the EU AI Act applies to any organization that places an AI system on the EU market or puts it into service within the EU, regardless of where the company is headquartered. A US company whose AI system is used by European employees, customers, or partners may fall within scope. Physical presence in the EU is not required.
What is a high-risk AI system under the EU AI Act? +
Article 6 and Annex III define high-risk AI systems. These include AI used in employment, education, essential services, law enforcement, migration, and biometric identification. AI systems used in HR, credit scoring, or certain biometric applications are considered high-risk by default and subject to the strictest compliance requirements.
When does the EU AI Act apply to my organization? +
The EU AI Act entered into force on 1 August 2024. Prohibited AI practices and AI literacy obligations apply sooner. The Digital Omnibus deal of May 7, 2026 introduced changes to some timelines. The specific timeline for your organization depends on your AI systems' risk classification and the final adopted text. Consult current official EU sources for the latest adopted deadlines.
What are the fines for violating the EU AI Act? +
Under Article 99, fines for prohibited AI practices can reach up to EUR 35 million or 7% of global annual turnover. Violations of high-risk AI obligations carry fines up to EUR 15 million or 3% of global turnover. These fines apply to global revenue, not only EU revenue. Exact amounts depend on the nature and severity of the violation.
Explore more EU AI Act resources.
Legal caveat: Lexara Advisory provides readiness advisory, not guaranteed compliance. The information on this page is for guidance purposes and does not constitute legal advice. Regulatory timelines and obligations may change. Consult current official EU sources and, where appropriate, qualified legal counsel for your specific situation. Last Legally Reviewed: June 27, 2026.