With the AI Act’s full application date of August 2, 2026 approaching, enforcement infrastructure across EU member states remains incomplete. As of March 2026, only eight of 27 member states had designated single contact points for AI Act governance, a requirement under the regulation. Each member state must also establish at least one AI regulatory sandbox at national level by the same date. The European AI Office, established in 2025, has begun conducting preliminary audits and can impose fines reaching up to 7% of global annual turnover for the most serious violations (prohibited AI practices under Article 5).
The European Commission’s proposed Digital Omnibus package, introduced in late 2025, has added uncertainty by potentially postponing certain high-risk AI system obligations for Annex III systems until December 2027. Support instruments to help organisations comply are expected in the second quarter of 2026, leaving businesses with limited lead time before the August deadline.
Who it affects: All organisations deploying or developing AI systems within the EU. The enforcement gap creates uneven compliance pressure across member states, with some having designated supervisory authorities and sandbox infrastructure while others have neither.
What is notably missing: Nineteen member states have not yet publicly designated their AI Act contact points. The regulatory sandbox timeline is at risk of being missed in multiple jurisdictions. No centralised EU-wide enforcement database or compliance portal has been announced for the August 2026 deadline.