EU AI Act in force August 2: 7% global revenue fines and what your company needs to do

On August 2, 2026, the European Union's AI Act becomes fully enforceable — including the complete penalty regime. It is the first real enforcement milestone of the most comprehensive artificial intelligence legislation ever passed by an economic bloc, and it affects any company serving users, clients or partners in Europe, regardless of where the company is headquartered.

The penalty regime follows three tiers: prohibited practices (Art. 5) carry fines of up to EUR 35 million or 7% of worldwide annual revenue; high-risk systems, up to EUR 15 million or 3%; incorrect or incomplete information provided to authorities, up to EUR 7.5 million or 1%. The "whichever is greater" calculation means that for large companies, the percentages are the relevant number — not the fixed values.

What the AI Act prohibits starting in August

Prohibited AI practices taking effect in August 2026 include: (1) social scoring systems by governments; (2) AI exploiting vulnerabilities of specific groups (elderly, children, people with disabilities) to manipulate behavior; (3) real-time biometric identification in public spaces, with limited exceptions for national security; (4) emotion inference in workplaces and schools.

General-purpose AI systems — models like Claude, GPT-4, Gemini — must have accessible technical documentation, acceptable use policy, copyright protections and serious incident reporting.

What companies need to do before August

Chatbots and assistants: clear identification as an AI system when not obvious to the user. There is no need to announce "I am a robot" at every conversation turn — but the user must have been informed.

AI-generated content: synthetic texts, images, videos and audio must be identifiable. Implementation can be via metadata, watermark or explicit declaration in the product.

Deepfakes and image manipulation: any content manipulating the appearance or voice of real people requires explicit synthetic labeling. This includes advanced photo and video filters that alter features.

High-risk systems: credit scoring, job candidate selection, AI-assisted medical diagnosis, critical infrastructure — require documented conformity assessment before operating in the EU.

Why Brazilian companies need to pay attention

The AI Act applies to any company offering products or services to users in the EU or whose AI outputs affect people in the EU — regardless of where the company is located. It is the same extraterritorial principle as GDPR.

Brazilian SaaS company with European clients: subject. E-commerce platform with European users using AI for pricing or recommendations: subject. HR startup using AI for candidate screening with any client or candidate in Europe: subject.

The real deadline for high-risk systems

August 2026 is the start of enforcement for prohibited practices and GPAI. For high-risk systems in critical sectors, the full compliance deadline is December 2027. But initial registration and documentation must begin now — there is no "start in 2027."

For 10Dobro

Our AI system deliveries already include documentation that the system uses AI, automated decision logs and human verification points in critical decisions. European regulation is not distant — it is the minimum standard that will raise the floor for the global market. Those who start compliance now have a competitive advantage over those waiting for the fine.