EU AI Act high-risk AI deadline: August 2, 2026. A proposed delay is under discussion — but it is not yet law. Prepare now.Check if EU AI Act applies to you →
AI Governance

AI Governance &
Risk Management

EU AI Act compliance. AI risk register. Model inventory. Board-level AI oversight documentation. NIST AI RMF alignment. ISO 42001 readiness. One platform for your entire AI governance programme.

Start your AI inventory →Talk to a specialist
EU AI ActNIST AI RMFISO 42001Model riskSR 11-7GDPR Art. 22Bill C-27 AIDABoard AI oversight
Aug 2
2026
Current operative deadline for high-risk AI obligations — still binding law
Annex III
high-risk
HR, hiring, credit, education AI — full conformity assessment required
€35M
or 7%
maximum EU AI Act fine for prohibited AI practices
Feb 2025
active
prohibited AI practices already banned — manipulation, social scoring, real-time biometrics
EU AI Act — Regulation (EU) 2024/1689

The August 2, 2026
deadline is still law.

If your company uses AI for HR decisions, hiring, credit scoring, or education in the EU, you are in scope for the EU AI Act Annex III high-risk provisions. The operative deadline remains August 2, 2026. A proposed amendment (the AI Act Omnibus, political agreement reached May 2026) would defer some obligations — but it is not yet enacted law. The prudent position: prepare for August 2, 2026 and treat any deferral as a bonus, not a plan.

AI system inventory and Annex III risk classification
Article 11 technical documentation generation
Conformity assessment workflow and evidence pack
EU AI database registration preparation
Transparency notice templates for affected individuals
Board AI oversight framework and governance documentation
EU AI Act Annex III — High-risk categories
Employment & HR
Aug 2, 2026
CV screening, candidate ranking, performance management, task allocation
Credit & finance
Aug 2, 2026
Credit scoring, loan approval, insurance risk assessment
Education
Aug 2, 2026
Student assessment, admissions, monitoring during exams
Essential services
Aug 2, 2026
Access to public benefits, emergency services dispatch
Law enforcement
Aug 2, 2026
Polygraphs, risk assessment, evidence evaluation
Migration & border
Aug 2, 2026
Risk assessment, document verification, applications
Platform capabilities

Your complete AI governance programme.

AI system inventory
Comprehensive register of all AI systems across your organisation. Purpose, data inputs, outputs, affected individuals, and deployment context — all documented and version-controlled.
Risk classification
Automated EU AI Act risk classification (prohibited, high-risk Annex III, limited risk, minimal risk) with justification documentation. Updated as regulation evolves.
Technical documentation
Article 11 technical documentation generation for high-risk AI systems. System description, training data, accuracy metrics, robustness testing, and human oversight measures.
NIST AI RMF alignment
Map, Measure, Manage, Govern — ThemisIQ structures your AI risk management programme around the NIST AI Risk Management Framework and tracks maturity over time.
Board AI governance
Board-level AI oversight documentation, AI ethics policy management, accountability framework, and executive AI risk reporting — designed for directors, not just technologists.
Conformity assessment
Step-by-step conformity assessment workflow for high-risk AI systems. Evidence collection, gap identification, remediation tracking, and EU database registration preparation.
Framework coverage

Every AI governance framework. One platform.

FrameworkJurisdictionApplies toKey requirementThemisIQ coverage
EU AI ActEU (global scope)Any AI affecting EU residentsRisk classification + conformity assessment for high-risk AI✓ Full
NIST AI RMFUSA (voluntary/mandatory)US federal agencies + voluntaryMap, Measure, Manage, Govern framework✓ Full
ISO 42001:2023GlobalOrganisations using or developing AIAI management system — policies, controls, continuous improvement✓ Full
GDPR Article 22EU/UKAutomated decision-making affecting individualsRight to explanation + human review for automated decisions✓ Partial
Bill C-27 AIDA (proposed)CanadaHigh-impact AI systemsImpact assessment + registration when enacted✓ Monitored
SR 11-7 (Fed Reserve)USA financial servicesBanks using models for decisionsModel risk management — validation and governance✓ Partial
EU AI Act timeline

What's already in force. What's coming.

Active
Prohibited AI
Feb 2, 2025
Manipulation, social scoring, real-time biometric surveillance in public spaces, and emotion recognition in workplaces banned. Non-compliance: fines up to €35M or 7% global revenue.
Active
GPAI obligations
May 2, 2025
General Purpose AI models (GPT-4-class and above) subject to transparency, copyright, and systemic risk provisions. GPAI providers must publish technical documentation.
71 days
High-risk AI (Annex III)
Aug 2, 2026
HR, hiring, credit, education, essential services AI — full conformity assessment, Article 11 documentation, EU database registration required. Fines up to €15M or 3% global revenue.
Prepare now
High-risk AI (Annex II)
Aug 2, 2027
AI embedded in regulated products (medical devices, machinery, vehicles) subject to full Annex III obligations. CE marking integration required.

71 days to the EU AI Act deadline.
Start your inventory today.

The first step is knowing what AI systems you have and whether they're high-risk. ThemisIQ's AI inventory wizard walks you through every system in days — not months.

Start your AI inventory →Talk to a specialist