August 2, 2026* · EU AI Act Enforcement
* Final enforcement date subject to EU Council ratification. The deadline may shift. We recommend planning as if August 2 holds.
--- days until enforcement Aug 2, 2026 · 00:00 CEST

Is your AI ready for
August 2?

If your AI touches EU residents, you're in scope. US headquarters doesn't change that. By August 2, 2026 at 00:00 CEST, your high-risk systems need a documented quality management system, a risk framework, audit-ready records, human oversight, and continuous monitoring. Miss any one of those, and non-compliance fines start at €15M or 3% of global turnover.

Book Readiness Assessment See the requirement map
Or jump to your role: Financial Services Law Firms CEO Brief
Choose your path

Three ways to engage, depending on who you are.

The August 2 deadline is the same for everyone. The starting point is not. Pick the page that matches your role and we will tell you the version of the story that fits.

For Financial Services

The CRO Playbook

If you run risk at a bank, fintech, or insurer with AI in credit, lending, fraud, KYC, or trading.

  • Five named Annex III use cases, broken down
  • What your MRM file does not cover
  • The 6–12 week path to defensible
Read the playbook → For Law Firms

Implementation Backbone

If your firm has signed AI Act advisory engagements and needs the technical platform to deliver them.

  • White-label or named-partner structure
  • You own the client; we own the engineering
  • 30-minute partnership scoping call
Open a partnership conversation → For Your CEO

The 2-Minute Brief

A scannable executive summary designed to be forwarded upward. Deadline, exposure, decision matrix, next step.

  • Two minutes to read, one click to forward
  • The decision in three options, plainly
  • Print- and screenshot-friendly
Read the brief →
Who's in scope

If your AI touches any of these, you're in scope.

The EU AI Act applies extraterritorially, the same way GDPR does. If your AI decisions affect EU residents, the high-risk provisions apply to you. Where your company is incorporated is irrelevant.

Employment & HR Credit & lending Education & grading Insurance & banking Law enforcement Biometric ID Critical infrastructure Migration & asylum Healthcare triage
The requirements, mapped

Every AI Act requirement, already covered.

Your conformity assessor will ask one thing: show how this decision was governed. You'll need the policy node that authorized it, the reasoning trace behind it, and the rule version at the moment it fired. For every high-risk decision. Every time. Every artifact produced automatically, the moment the decision commits.

EU AI Act Requirement Navedas Capability
Quality Management SystemDocumented processes for AI system lifecycle management Context Graph. Your policies, structured into enforceable versioned rules, each with a citation path regulators can follow.
Risk Management FrameworkOngoing identification, analysis, and mitigation of AI risks Reasoning Ledger. Every decision is logged with its risk assessment and the policy citation that governed it. Immutable.
Technical DocumentationDetailed records of system design, capabilities, and limitations Every verdict traces to a specific policy node. Documentation is produced as a byproduct of operation, not assembled afterwards.
Conformity AssessmentSelf-assessment or third-party audit proving compliance Audit-ready from day one. Every decision is immutable, timestamped, and citable against your policy graph.
Human OversightMeaningful human control over AI decisions Operator Console. Your team gets real-time visibility, override capability, and documented escalation paths for every high-risk decision.
Transparency & ExplainabilityClear disclosure of AI involvement and reasoning No Citation, No Output. Every AI decision ships with the exact policy rule that authorized it. No citation, no action.
Record KeepingAutomatic logging of operations and decisions The Reasoning Ledger is immutable, timestamped, and linked to the policy node that governed the decision. Exportable, queryable, regulator-ready.
Runtime Policy EnforcementStopping non-compliant actions before they reach the user Decision Gate. Violations are blocked before the action commits. Not flagged after the customer saw them.
If you build with Claude

Claude is the model. Navedas is the layer.

Anthropic's Claude handles the reasoning, the refusals, the tool use. The EU AI Act asks the questions Anthropic cannot answer for you. What is your policy? Where is the audit trail? Who exercised human oversight? Why did your AI decide this for this customer at this moment? Those answers live in your workflow. Not in Claude's training data.

What Claude provides natively
  • ◇ Constitutional AI safety and refusal patterns
  • ◇ System prompts, tool use, agent orchestration
  • ◇ Built-in citations on retrieval
  • ◇ Prompt caching and conversation memory
  • ◇ Anthropic's content policy
Compliance layer
What Navedas adds on top
  • ◆ Your policy nodes encoded in the Context Graph
  • ◆ Decision Gate intercepts Claude's output before action commits
  • ◆ Reasoning Ledger captures timestamp, citation, model version
  • ◆ Operator Console for human oversight (Article 14)
  • ◆ Customer-owned IP. The governance stack stays with you.

Same architectural pattern works with GPT, Gemini, Bedrock, or your own fine-tuned model. The Decision Gate sits between the model output and the customer action, regardless of which model wrote the output. Read the architectural argument on why vertical AI →

Three ways to get ready

Assessment. Monitoring. Or let us run it.

Start with a paid Readiness Assessment so you know where you stand. Convert to ongoing monitoring to stay compliant. Or hand the whole governance layer to Navedas.

TRACK 01
Readiness Assessment
$5K – $25K one-time
One week delivery
AI system inventory, gap analysis against every EU AI Act requirement, prioritized remediation roadmap, and executive briefing. Three tiers: self-serve ($5K), guided ($15K), white-glove ($25K).
  • Every AI system classified by risk level
  • Gap analysis per high-risk system
  • Compliance posture and fine exposure
  • Prioritized remediation roadmap
  • 30-minute executive briefing
Book a call
TRACK 02
Ongoing Monitoring
$2K – $10K/month
Starts after assessment
Continuous governance, immutable audit trail, monthly compliance reporting, and regulatory update service. Navedas deployed on your AI systems, evaluating every decision against EU AI Act requirements in real time.
  • Runtime policy enforcement
  • Immutable Reasoning Ledger
  • Operator Console real-time dashboard
  • Monthly compliance reports
  • Automatic regulatory updates
Book a call
TRACK 03
Managed Governance
$10K – $50K/month
Month 3+, annual contracts
You hand us the keys. We run the governance layer on your behalf: monitoring, incident response, policy updates, conformity assessment prep. No in-house AI governance team needed. Right for companies that have AI in production and want the accountability out of their hands.
  • Fully managed operations
  • Incident analysis & remediation
  • Proactive policy updates
  • Monthly executive briefings
  • Conformity assessment preparation
Book a call
How Navedas compares

Assessment tools report. Navedas prevents.

The EU AI Act created a scramble. Most "AI governance" platforms tell you what went wrong after the customer already saw it. Navedas is the runtime gate that stops the violation before it reaches the decision log.

Capability Navedas Credo AI MS Toolkit Agent 365
Runtime policy enforcement Blocks before action Reports after Build it yourself MS agents only
Human + AI governance, same engine Yes, unified AI only AI only AI only
Vendor-agnostic Any framework, any vendor Yes Multi-framework Microsoft stack
Immutable audit trail Reasoning Ledger Compliance reports Logs you build Activity logs
Deployment speed One week (assessment) Weeks to months DIY timeline Weeks
Managed service option Yes Enterprise tier Open source only No
EU AI Act mapping Built-in Built-in Manual Partial
The fine math

The exposure isn't theoretical.

The EU enforces. Meta: €1.3 billion under GDPR. Amazon: €887 million. The AI Act uses the same enforcement architecture, with larger maximum fines. Companies that waited until the last minute of GDPR spent 3–5x more on compliance than those who moved early. The same curve is setting up now.

€35M
or 7% of global turnover
Prohibited AI practices. Deploying AI in categories the EU has banned outright.
€15M
or 3% of global turnover
High-risk AI non-compliance. The category most in-scope companies will be measured against.
€7.5M
or 1% of global turnover
Providing incorrect, incomplete, or misleading information to regulators.
For a $500M-revenue company, maximum exposure is ~$35M. That's more than 50x the cost of a Readiness Assessment plus a year of Managed Governance. The math only works in one direction.
Compliance team FAQ

Questions your general counsel is already asking.

When does the EU AI Act become enforceable?
High-risk AI provisions become fully enforceable on August 2, 2026*. After that date, companies deploying in-scope AI systems without compliance face fines of up to €35 million or 7% of global annual turnover.

* The final enforcement date is subject to EU Council ratification and may shift. We recommend planning as if August 2 holds.
Does the EU AI Act apply to US companies?
Yes. The Act has extraterritorial reach, the same way GDPR does. If your AI decisions affect EU residents (customer service, credit, hiring, healthcare, recommendations), you're in scope. Where your company is headquartered doesn't matter.
What counts as a high-risk AI system?
AI used in: employment and worker management, credit scoring, education, essential private/public services (insurance, banking, benefits), law enforcement, biometric identification, critical infrastructure, and migration / asylum / border control.
How long does a Readiness Assessment take?
One week from kickoff to delivery. You receive an AI system inventory, per-system gap analysis, remediation roadmap, and a 30-minute executive briefing. The white-glove tier includes a 30-day follow-up.
How does Navedas compare to Credo AI and Microsoft Agent 365?
Credo AI assesses and reports. It tells you what went wrong after it happened. Microsoft's Agent Governance Toolkit is open-source developer plumbing that your engineers have to integrate, wire up, and maintain. Agent 365 governs only Microsoft's own agents. Microsoft gives you the Lego blocks. Navedas gives you the assembled, operating, accountable system. And Navedas governs AI agents and human agents with the same engine, across any vendor's stack.
How is this different from GDPR?
GDPR governs personal data. The AI Act governs AI systems. Both can apply simultaneously to the same deployment. If an AI decision affects an EU resident and uses their personal data, you need GDPR compliance for the data and AI Act compliance for the decision logic.
Do we need to start from scratch?
No. Navedas sits on top of your existing AI stack, whichever LLM, framework, or workflow platform you're running. The Readiness Assessment works against your current deployment. Monitoring and Managed Governance deploy without infrastructure changes on your side.

--- days is enough. If you start now.

One week for the assessment. Two weeks for your team to review. That still leaves time to remediate before August 2. Every week you wait is a week you don't get back.

Book Readiness Assessment Talk to the team