AI Act 2026: Mandatory Record-Keeping for High-Risk AI Systems – Deadlines and Penalties
Table of Contents
New Obligations Under the AI Act
The EU AI Act (Regulation (EU) 2024/1689) introduces mandatory documentation requirements for providers and deployers of high-risk AI systems. Starting August 2, 2026, organizations must maintain a register of processing activities, conduct conformity assessments, and issue CE declarations of conformity. These obligations aim to ensure transparency, accountability, and compliance with fundamental rights.
Who Is Affected?
Any organization that develops, deploys, or uses high-risk AI systems within the EU market must comply. High-risk systems include those used in critical infrastructure, education, employment, law enforcement, and biometric identification. Even if your organization is based outside the EU, if your AI system affects individuals in the EU, you are subject to these rules.
Key Deadlines
The AI Act was published in the Official Journal of the EU on July 12, 2024. Most provisions become applicable on August 2, 2026. However, some rules on prohibited practices and governance will apply earlier. Organizations should start preparing now to avoid last-minute compliance gaps.
Documentation Requirements
You must maintain a register of processing activities that includes: the purpose of the AI system, categories of data subjects, categories of personal data processed, retention periods, and technical security measures. Additionally, a conformity assessment must be conducted before placing the system on the market or putting it into service. The CE marking indicates compliance with the AI Act and other relevant EU legislation.
Penalties for Non-Compliance
Fines for violating the AI Act can reach up to 3% of the company's annual worldwide turnover or €15 million, whichever is higher. For SMEs, the maximum fine is capped at the higher of 3% of turnover or €7.5 million. Non-compliance with documentation obligations specifically can result in administrative fines and corrective measures imposed by national supervisory authorities.
For more details, refer to the official text: Regulation (EU) 2024/1689 (AI Act).
| Task | Status | Deadline |
|---|---|---|
| Identify high-risk AI systems in your portfolio | Pending | Q1 2026 |
| Establish a register of processing activities | Pending | August 2, 2026 |
| Conduct conformity assessment | Pending | Before market placement |
| Draft CE declaration of conformity | Pending | Before market placement |
| Implement risk management and data governance | Pending | August 2, 2026 |
| Appoint an authorized representative (if non-EU) | Pending | August 2, 2026 |
NakedPact Editorial Committee
Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.
Sources and Legal References
Recommended Readings
Don't trust, verify.
Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.
Analyze Your Contract Now