The bottom line: From August 2, 2025, companies must demonstrate operationally documented governance structures for high-risk AI systems or face fines up to €30 million.
From August 2, 2025, companies must demonstrate that they have established governance structures for high-risk AI systems. The EU regulation requires Chief Data Officers and risk management teams to implement documented processes.
The second wave of the EU AI Act comes into force on August 2, 2025, and focuses on high-risk AI applications. From this date onwards, companies must be able to demonstrate active governance structures – not merely formal ones, but with evidence-based documentation of roles, responsibilities and escalation procedures.
For Chief Data Officers, this concretely means: establishing AI risk management systems, conducting regular audits of training data and model outputs, and tracking compliance deviations. The regulation addresses systems with significant impacts on fundamental and human rights – such as in recruitment, credit lending, border controls or law enforcement.
Companies must not only designate a KI compliance officer, but also integrate data governance, quality assurance and impact assessments into their operational reality. Authorities demand evidence such as standard operating procedures, training documentation and incident reports. Those unable to demonstrate documented structures by August 2 risk fines up to €30 million or 6 percent of annual turnover.
Source: news.google.com · Published June 7, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.