← Back to Blog
Regulation

Three Weeks to August 2: An EU AI Act Readiness Checklist

Jozef Juchniewicz, Qonera·13 July 2026·4 min read

On 2 August 2026, most of the remaining obligations of the EU AI Act are due to apply. The date has been argued about all year, and a deferral of parts of the high-risk regime is still being debated in Brussels, but debated is not enacted: as of today, August 2 is the operative date, and it is three weeks away. This is not the moment for another essay about what the Act means. It is the moment for a checklist.

What follows is the practical readiness review a professional team can actually run in the time remaining. None of it requires a legal department. All of it improves the firm’s position whether the date holds, slips, or splits, because every item is something clients are already starting to ask about on their own schedule.

One: can you say where AI touches your work?

Write the inventory. Which workflows involve AI, on what material, producing what outputs, going to whom? Most firms have never actually listed this, and the list is the foundation for everything else: you cannot govern, gate, or answer questions about use you have not mapped. If the honest inventory includes personal accounts and unofficial tools, write those down too. An inventory that flatters is an inventory that fails.

Two: is human oversight real, or assumed?

For each client-facing use, ask: is there a defined point where a person reviews the output before it is relied on, and is that person named? “Someone always looks at it” is the answer that fails the test. The fix is structural: decide which outputs are gated, assign the reviewer role, and let the workflow enforce the stop rather than the calendar. Oversight proportionate to risk is the standard worth aiming at: strict where stakes are high, light where they are not.

Three: would your records survive a question?

Pick a real deliverable from last month and try to reconstruct it: what was asked, what sources grounded it, who reviewed it, who approved it. Time how long the reconstruction takes. If the answer is hours of archaeology across chats and inboxes, the record-keeping is memory wearing a system’s clothes. The goal is a durable trail that builds itself as the work happens and can be produced on request, ideally one that could not have been quietly edited after the fact.

Four: what happens when something goes wrong?

The least-loved item and the most revealing. Is there a way to report a problem with AI-assisted work, someone who triages it, and a record of what was done? A firm with no incident path is betting it will never need one, three weeks before a regime that assumes it will. Even a minimal path, report, triage, resolve, recorded, puts a firm ahead of most.

Five: can your team explain the tools they use?

The AI literacy obligation has applied since February 2025, and in practice it means the people using AI understand where it fails: that confidence is not accuracy, that sources need checking, that review is part of using AI rather than an insult to it. A one-hour session walking the team through the firm’s actual workflow and its actual failure modes does more than a generic training video ever will.

The point of the checklist

Notice that nothing above is speculative compliance. Inventory, oversight, records, incidents, literacy: these are the same five things a demanding client would ask about, deadline or no deadline. That is why the wait-and-see position keeps missing the point. The date may yet move. The questions are already here.

Qonera is built so that most of this checklist is simply how the platform works: gated review with named sign-off, a tamper evident audit trail, incident reporting, and grounded answers inside one review and approval workflow. The details of how we map to the Act’s articles are published on the EU AI Act page. Three weeks is not enough time to become a different firm. It is plenty of time to find out where you stand, and that is the part no one can do for you.

This article is for general information only and does not provide legal advice. Regulatory timelines for the EU AI Act are subject to change, and the status described here reflects the position as understood at the time of writing. Organisations should consult qualified legal counsel about how the EU AI Act and its deadlines apply to their specific systems, workflows, and obligations.

See how Qonera works in practice

Multi-model stress testing, Conflict Heatmap, tamper-evident audit trail, and structured sign-off, built for teams who need defensible AI output.