Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending Regulation

78% of Enterprises Are Unprepared for the EU AI Act

A Vision Compliance report finds most businesses have no AI system inventory, no compliance owner, and no plan as the EU AI Act deadlines close in.

Enterprise DNA | | via National Law Review
78% of Enterprises Are Unprepared for the EU AI Act

A new readiness assessment released on April 1, 2026 by Vision Compliance found that 78% of enterprises have not taken meaningful steps toward EU AI Act compliance — despite the regulation being in active enforcement and major deadlines arriving within months.

The assessment spanned organisations across financial services, healthcare, technology, manufacturing, energy, retail, telecoms, and transport. What they found across all sectors was consistent: most businesses know the EU AI Act exists, but very few have translated that awareness into action.

The numbers behind that headline are worse than the headline suggests:

  • 83% have no formal inventory of AI systems they currently operate or deploy
  • 74% lack a designated internal compliance owner — no one owns the obligation
  • High-risk AI application areas covered by the regulation include hiring, credit decisions, education, critical infrastructure, and law enforcement

What the EU AI Act Actually Requires

The EU AI Act entered into force in August 2024. General-purpose AI rules and prohibited practices already apply. The next significant deadline is August 2, 2026 — when compliance rules kick in for high-risk AI systems in categories like employment, education, and financial access.

For businesses operating these kinds of systems, that means:

  1. Classifying every AI system by risk tier — most organisations cannot do this without first knowing what AI systems they run, which is why the 83% without an inventory figure is so damaging
  2. Conformity assessments for high-risk systems, including documentation of how the system was built, tested, and validated
  3. Human oversight mechanisms — someone accountable, with the ability to intervene
  4. Registration in the EU AI Act database, even for systems providers believe may be exempt from high-risk classification
  5. Ongoing monitoring after deployment, not just at launch

The regulation has extraterritorial reach. If your AI system produces outputs used in the EU — by your own customers, partners, or downstream users — you can fall within scope even if your company is headquartered outside Europe.

Why Enterprises Are This Far Behind

Compliance timelines for major technology regulations tend to follow a predictable pattern: initial awareness, extended denial, and then a last-minute scramble that is expensive and often incomplete. GDPR in 2018 is the canonical example — the regulation gave organisations two years to prepare, and most waited until the final six months.

The EU AI Act is on the same trajectory, but with a complicating factor: the foundational work is harder. GDPR required companies to audit their data. The AI Act requires companies to audit their AI systems — which most organisations cannot do because they do not have a complete picture of what AI tools their teams are actually using. Shadow AI (AI tools adopted by individual teams without IT or legal approval) is widespread.

The 74% without a designated compliance owner reflects a related problem. When AI governance is everyone’s job, it ends up being no one’s job. The organisations that are ahead of this deadline tend to have assigned it to a named individual — a Chief AI Officer, a General Counsel with a specific AI mandate, or an existing compliance lead who has taken ownership.

What This Means for Business

If your business operates in Europe or serves European customers, the August 2026 deadline for high-risk AI is not an abstract future event. It is four months away.

The practical actions that should be happening right now:

First, build your AI system inventory. This means asking every department — not just IT — what AI tools they are using, purchasing, or building. Tools that sit in the high-risk categories (anything touching employment, credit, healthcare, or education) need to be flagged for deeper review.

Second, designate an owner. Compliance programs without an accountable person do not move. Name someone, give them authority, and give them a budget.

Third, classify your systems by risk tier. The EU AI Act provides detailed criteria. Most organisations will find that many of their AI tools fall into minimal or limited risk categories, which carry lighter obligations — but you need to have done the classification work to rely on that finding.

Fourth, start the documentation trail now. Conformity assessments require evidence of how systems were designed, tested, and validated. Retroactively reconstructing this is significantly harder than capturing it during development and deployment.

For organisations that have rushed into AI adoption over the past two years without building governance frameworks in parallel, this is the moment of reckoning. The Vision Compliance data suggests most companies are still in that position.

The Broader Pattern

The EU AI Act readiness gap is a specific instance of a broader problem playing out across enterprise AI: adoption has raced ahead of governance. Businesses have added AI tools, AI agents, and AI-generated outputs into their operations at a pace that compliance, legal, and risk functions have not kept up with.

That gap creates regulatory exposure, but it also creates operational risk. AI systems in hiring, credit assessment, or customer interactions that have not been properly audited for bias, accuracy, or consistency are liabilities regardless of what regulators eventually do.

The August 2026 deadline is a forcing function. The organisations that use it to build proper AI governance infrastructure will be better positioned not just for compliance, but for running AI systems that are actually reliable and defensible.

Those that wait for enforcement action to trigger change will pay more — in penalties, in remediation costs, and in reputational damage — than they would have by starting the process earlier.


Want the practical version of this? The free Working With Claude field guide covers the full Claude ecosystem, Claude Code, and how to roll it out across a real business. Download it here.