AI Act 2026: what French companies need to know
The countdown has begun. On August 2, 2026, several major obligations under the European regulation on artificial intelligence — commonly known as the AI Act — will come into force for companies operating in the European Union. For French organizations that use, deploy or provide AI systems, the time to act is now.
What is the AI Act?
Adopted in 2024, the AI Act is the world's first comprehensive regulatory framework dedicated to artificial intelligence. Its ambition is to establish clear rules to ensure that AI systems used in Europe are safe, transparent and respectful of fundamental rights.
The text applies to a wide range of actors: companies that develop AI systems, those that deploy them in their business processes, and even importers of AI solutions designed outside the EU. In short, if your company uses an AI tool that interacts with personal data, makes automated decisions or supports critical processes, you are very likely concerned.
The timeline: what applies from August 2, 2026
The AI Act was designed with gradual implementation. On August 2, 2026, the following obligations become fully applicable:
- Transparency rules: AI systems that interact with humans (chatbots, virtual assistants) must clearly inform users that they are interacting with a machine.
- The ban on unacceptable-risk practices: social scoring systems, subliminal cognitive manipulation and certain uses of real-time facial recognition in public spaces are definitively prohibited.
- Team training: companies must ensure that employees who use AI tools have a level of AI literacy appropriate to their role.
Note: following the provisional agreement known as the "Digital Omnibus" reached in May 2026, the heaviest obligations for high-risk AI systems in Annex III (HR systems, credit scoring, candidate selection, etc.) have been postponed to December 2, 2027, giving the companies concerned additional time.
Risk classification: where does your AI stand?
The AI Act is based on classification by risk level. Understanding which category your tools fall into is the essential first step.
Unacceptable risk (prohibited)
Systems that manipulate human behavior without users' knowledge, generalized social scoring, real-time biometric identification in public spaces for law enforcement purposes (with rare regulated exceptions).
High risk
Systems used in critical infrastructure, education, employment (automated CV screening, performance evaluation), essential services (credit, insurance) and justice. These systems will have to meet strict requirements: technical documentation, audit logs, mandatory human oversight and registration in the European database of the AI Office.
Limited risk
Systems such as chatbots or deepfakes, which primarily require transparency and labeling obligations.
Minimal risk
The vast majority of common AI tools (spam filters, simple content recommendations) fall into this category and are not subject to any additional obligations.
Sanctions: amounts that make companies think twice
Failure to comply with the AI Act exposes companies to significant financial penalties, modeled on the GDPR:
- Up to 35 million euros or 7% of global turnover for the most serious infringements (use of a prohibited system).
- Up to 15 million euros or 3% of global turnover for breaches of obligations applicable to high-risk systems.
- Up to 7.5 million euros or 1.5% of global turnover for providing inaccurate information to authorities.
In France, the authorities designated to monitor enforcement are the CNIL, the DGCCRF and Arcom. The CNIL has already announced that it will intensify its checks on AI systems used in HR processes from autumn 2026.
How can you prepare in practical terms?
For French companies that have not yet started their compliance process, here are the priority steps:
1. Map your AI tools
List all AI systems used in your organization, whether developed in-house, purchased from a vendor or accessible via API. Do not forget solutions embedded in third-party software (CRM, HR, ERP).
2. Assess the risk level of each tool
For each identified system, determine its category according to the AI Act framework. Focus your efforts on high-risk systems, especially those involving human resources, credit or automated decisions that affect individuals.
3. Check your suppliers' compliance
If you use third-party AI solutions, your suppliers have their own obligations. Check that they are listed in the register of the European AI Office and that they provide you with the required technical documentation.
4. Train your teams
The obligation to provide training in "AI literacy" comes into force on August 2, 2026. All employees using AI tools must understand the capabilities, limits and risks of the systems they use. Short, targeted training courses can meet this requirement.
5. Document and audit
For high-risk systems, start building your technical files now: system description, training data, performance, human oversight measures. This documentation will be required in the event of an inspection.
A text that shapes the future of Europe's digital landscape
The AI Act is often perceived as a constraint, but it also represents an opportunity. Companies that anticipate compliance will gain trust among their customers, partners and investors. In a context where mistrust of AI remains strong in French public opinion, displaying a responsible approach can become a genuine competitive advantage.
France, which has unlocked an additional 655 million euros for AI through the France 2030 plan, intends to be both a leading player in AI development and a pioneer in its responsible regulation. The AI Act is its regulatory cornerstone.
The AI Act does not aim to slow innovation, but to ensure that AI serves people, not the other way around. — European Commission
In summary: the date of August 2, 2026 marks a turning point. Companies that prepare seriously today will avoid tomorrow's fines while building a lasting relationship of trust with their users and employees.
AI Act 2026: what French companies need to know
The countdown has begun. On August 2, 2026, several major obligations under the European regulation on artificial intelligence — commonly known as the AI Act — will come into force for companies operating in the European Union. For French organizations that use, deploy or provide AI systems, the time to act is now.
What is the AI Act?
Adopted in 2024, the AI Act is the world's first comprehensive regulatory framework dedicated to artificial intelligence. Its ambition is to establish clear rules to ensure that AI systems used in Europe are safe, transparent and respectful of fundamental rights.
The text applies to a wide range of actors: companies that develop AI systems, those that deploy them in their business processes, and even importers of AI solutions designed outside the EU. In short, if your company uses an AI tool that interacts with personal data, makes automated decisions or supports critical processes, you are very likely concerned.
The timeline: what applies from August 2, 2026
The AI Act was designed with gradual implementation. On August 2, 2026, the following obligations become fully applicable:
- Transparency rules: AI systems that interact with humans (chatbots, virtual assistants) must clearly inform users that they are interacting with a machine.
- The ban on unacceptable-risk practices: social scoring systems, subliminal cognitive manipulation and certain uses of real-time facial recognition in public spaces are definitively prohibited.
- Team training: companies must ensure that employees who use AI tools have a level of AI literacy appropriate to their role.
Note: following the provisional agreement known as the "Digital Omnibus" reached in May 2026, the heaviest obligations for high-risk AI systems in Annex III (HR systems, credit scoring, candidate selection, etc.) have been postponed to December 2, 2027, giving the companies concerned additional time.
Risk classification: where does your AI stand?
The AI Act is based on classification by risk level. Understanding which category your tools fall into is the essential first step.
Unacceptable risk (prohibited)
Systems that manipulate human behavior without users' knowledge, generalized social scoring, real-time biometric identification in public spaces for law enforcement purposes (with rare regulated exceptions).
High risk
Systems used in critical infrastructure, education, employment (automated CV screening, performance evaluation), essential services (credit, insurance) and justice. These systems will have to meet strict requirements: technical documentation, audit logs, mandatory human oversight and registration in the European database of the AI Office.
Limited risk
Systems such as chatbots or deepfakes, which primarily require transparency and labeling obligations.
Minimal risk
The vast majority of common AI tools (spam filters, simple content recommendations) fall into this category and are not subject to any additional obligations.
Sanctions: amounts that make companies think twice
Failure to comply with the AI Act exposes companies to significant financial penalties, modeled on the GDPR:
- Up to 35 million euros or 7% of global turnover for the most serious infringements (use of a prohibited system).
- Up to 15 million euros or 3% of global turnover for breaches of obligations applicable to high-risk systems.
- Up to 7.5 million euros or 1.5% of global turnover for providing inaccurate information to authorities.
In France, the authorities designated to monitor enforcement are the CNIL, the DGCCRF and Arcom. The CNIL has already announced that it will intensify its checks on AI systems used in HR processes from autumn 2026.
How can you prepare in practical terms?
For French companies that have not yet started their compliance process, here are the priority steps:
1. Map your AI tools
List all AI systems used in your organization, whether developed in-house, purchased from a vendor or accessible via API. Do not forget solutions embedded in third-party software (CRM, HR, ERP).
2. Assess the risk level of each tool
For each identified system, determine its category according to the AI Act framework. Focus your efforts on high-risk systems, especially those involving human resources, credit or automated decisions that affect individuals.
3. Check your suppliers' compliance
If you use third-party AI solutions, your suppliers have their own obligations. Check that they are listed in the register of the European AI Office and that they provide you with the required technical documentation.
4. Train your teams
The obligation to provide training in "AI literacy" comes into force on August 2, 2026. All employees using AI tools must understand the capabilities, limits and risks of the systems they use. Short, targeted training courses can meet this requirement.
5. Document and audit
For high-risk systems, start building your technical files now: system description, training data, performance, human oversight measures. This documentation will be required in the event of an inspection.
A text that shapes the future of Europe's digital landscape
The AI Act is often perceived as a constraint, but it also represents an opportunity. Companies that anticipate compliance will gain trust among their customers, partners and investors. In a context where mistrust of AI remains strong in French public opinion, displaying a responsible approach can become a genuine competitive advantage.
France, which has unlocked an additional 655 million euros for AI through the France 2030 plan, intends to be both a leading player in AI development and a pioneer in its responsible regulation. The AI Act is its regulatory cornerstone.
The AI Act does not aim to slow innovation, but to ensure that AI serves people, not the other way around. — European Commission
In summary: the date of August 2, 2026 marks a turning point. Companies that prepare seriously today will avoid tomorrow's fines while building a lasting relationship of trust with their users and employees.
AI Act 2026: what French companies need to know
The countdown has begun. On August 2, 2026, several major obligations under the European regulation on artificial intelligence — commonly known as the AI Act — will come into force for companies operating in the European Union. For French organizations that use, deploy or provide AI systems, the time to act is now.
What is the AI Act?
Adopted in 2024, the AI Act is the world's first comprehensive regulatory framework dedicated to artificial intelligence. Its ambition is to establish clear rules to ensure that AI systems used in Europe are safe, transparent and respectful of fundamental rights.
The text applies to a wide range of actors: companies that develop AI systems, those that deploy them in their business processes, and even importers of AI solutions designed outside the EU. In short, if your company uses an AI tool that interacts with personal data, makes automated decisions or supports critical processes, you are very likely concerned.
The timeline: what applies from August 2, 2026
The AI Act was designed with gradual implementation. On August 2, 2026, the following obligations become fully applicable:
- Transparency rules: AI systems that interact with humans (chatbots, virtual assistants) must clearly inform users that they are interacting with a machine.
- The ban on unacceptable-risk practices: social scoring systems, subliminal cognitive manipulation and certain uses of real-time facial recognition in public spaces are definitively prohibited.
- Team training: companies must ensure that employees who use AI tools have a level of AI literacy appropriate to their role.
Note: following the provisional agreement known as the "Digital Omnibus" reached in May 2026, the heaviest obligations for high-risk AI systems in Annex III (HR systems, credit scoring, candidate selection, etc.) have been postponed to December 2, 2027, giving the companies concerned additional time.
Risk classification: where does your AI stand?
The AI Act is based on classification by risk level. Understanding which category your tools fall into is the essential first step.
Unacceptable risk (prohibited)
Systems that manipulate human behavior without users' knowledge, generalized social scoring, real-time biometric identification in public spaces for law enforcement purposes (with rare regulated exceptions).
High risk
Systems used in critical infrastructure, education, employment (automated CV screening, performance evaluation), essential services (credit, insurance) and justice. These systems will have to meet strict requirements: technical documentation, audit logs, mandatory human oversight and registration in the European database of the AI Office.
Limited risk
Systems such as chatbots or deepfakes, which primarily require transparency and labeling obligations.
Minimal risk
The vast majority of common AI tools (spam filters, simple content recommendations) fall into this category and are not subject to any additional obligations.
Sanctions: amounts that make companies think twice
Failure to comply with the AI Act exposes companies to significant financial penalties, modeled on the GDPR:
- Up to 35 million euros or 7% of global turnover for the most serious infringements (use of a prohibited system).
- Up to 15 million euros or 3% of global turnover for breaches of obligations applicable to high-risk systems.
- Up to 7.5 million euros or 1.5% of global turnover for providing inaccurate information to authorities.
In France, the authorities designated to monitor enforcement are the CNIL, the DGCCRF and Arcom. The CNIL has already announced that it will intensify its checks on AI systems used in HR processes from autumn 2026.
How can you prepare in practical terms?
For French companies that have not yet started their compliance process, here are the priority steps:
1. Map your AI tools
List all AI systems used in your organization, whether developed in-house, purchased from a vendor or accessible via API. Do not forget solutions embedded in third-party software (CRM, HR, ERP).
2. Assess the risk level of each tool
For each identified system, determine its category according to the AI Act framework. Focus your efforts on high-risk systems, especially those involving human resources, credit or automated decisions that affect individuals.
3. Check your suppliers' compliance
If you use third-party AI solutions, your suppliers have their own obligations. Check that they are listed in the register of the European AI Office and that they provide you with the required technical documentation.
4. Train your teams
The obligation to provide training in "AI literacy" comes into force on August 2, 2026. All employees using AI tools must understand the capabilities, limits and risks of the systems they use. Short, targeted training courses can meet this requirement.
5. Document and audit
For high-risk systems, start building your technical files now: system description, training data, performance, human oversight measures. This documentation will be required in the event of an inspection.
A text that shapes the future of Europe's digital landscape
The AI Act is often perceived as a constraint, but it also represents an opportunity. Companies that anticipate compliance will gain trust among their customers, partners and investors. In a context where mistrust of AI remains strong in French public opinion, displaying a responsible approach can become a genuine competitive advantage.
France, which has unlocked an additional 655 million euros for AI through the France 2030 plan, intends to be both a leading player in AI development and a pioneer in its responsible regulation. The AI Act is its regulatory cornerstone.
The AI Act does not aim to slow innovation, but to ensure that AI serves people, not the other way around. — European Commission
In summary: the date of August 2, 2026 marks a turning point. Companies that prepare seriously today will avoid tomorrow's fines while building a lasting relationship of trust with their users and employees.
English
French
German
Spanish
Hindi
Italian
Japanese
Korean
Norwegian
Chinese


