AI Act from August 2026: what changes for AI developers in Italy

The AI Act (EU Regulation 2024/1689) is already partially in force: prohibitions on unacceptable systems since February 2025, GPAI obligations and governance since August 2025. On 2 August 2026 the most substantial part comes into force: the obligations for high-risk systems listed in Annex III. For those developing AI software in Italy, this is the moment when most obligations stop being theoretical. Let’s look at what changes, what is already mandatory now, and what needs to be done before August.

TL;DR

• The AI Act has been in force since 1 August 2024, but application is phased. Three key dates: 2 February 2025 (prohibitions), 2 August 2025 (GPAI + governance), 2 August 2026 (high-risk systems).
• Prohibited systems (social scoring, emotional recognition at work, indiscriminate biometric profiling, etc.) have been banned since February 2025. Fines up to 35 million euros or 7% of global revenue.
• GPAI systems (LLMs and foundation models) have specific obligations for providers already from August 2025: technical documentation, transparency on training data, AI output labelling.
• High-risk systems (employment, credit, education, law enforcement, healthcare, critical infrastructure) have full obligations from August 2026: risk management system, data governance, human oversight, post-market monitoring.
• The competent authority in Italy is AgID, designated as national notifying and supervisory authority by Legislative Decree 28 March 2024.
• Penalties structured by category: up to 35M euros or 7% for prohibitions, 15M or 3% for high-risk obligations, 7.5M or 1.5% for documentation and cooperation.

Why the AI Act matters in 2026 (not just for big tech)

A common distortion of perspective: “AI Act is a thing for OpenAI, Google, Meta”. It’s false for two reasons.

First, the AI Act also regulates those who use high-risk AI systems, not just those who develop them. An Italian software house that integrates an LLM into a CV screening system for its recruiting clients becomes a “deployer” of a high-risk system (employment is in Annex III). With specific obligations and its own penalties.

Second, the AI Act supply chain works like NIS2: your regulated clients will contractually require AI Act compliance. Even if you develop a generic component, the client integrating it into a high-risk system must demonstrate that they selected it in a compliant way. Contractual pressure arrives before inspections.

Software houses that move in 2026 have time to do things calmly and differentiate themselves. Those waiting for 2027 will find their phones ringing with regulated clients asking for evidence they haven’t prepared.

What the AI Act is in 3 minutes

Regulation (EU) 2024/1689 is a risk-based framework: it classifies AI systems into four risk categories and imposes obligations proportional to the category.

Unacceptable risk (prohibited): systems that violate fundamental EU values. Banned.

High risk: systems in 8 specific areas (Annex III) with significant impact on rights, safety, and people’s lives. Heavy obligations.

Limited risk (transparency): chatbots, deepfakes, AI-generated content. Minimal obligations: the user must know they are interacting with AI or seeing AI-generated content.

Minimal risk: everything else. No specific obligations, but voluntary codes of conduct encouraged.

To these four is added a transversal category introduced late in the negotiation: GPAI (General Purpose AI Models). Foundation models like GPT, Claude, Gemini, Llama. They have their own regime with two levels (standard GPAI and GPAI with systemic risk).

The European authority is the AI Office within the European Commission. The Italian national authority is AgID, with coordination from the Italian Data Protection Authority and ACN for their respective competences.

Prohibited systems (in force since February 2025)

Article 5 lists 8 categories of prohibited systems. In operational summary:

1. Subliminal manipulation or exploitation of vulnerabilities (e.g. age, disability, socio-economic situation) to influence behaviours in ways that cause harm.
2. Generalised social scoring by authorities or private entities (Chinese model).
3. Emotional recognition in the workplace or in schools (exceptions for medical or safety reasons).
4. Biometric categorisation to infer race, political opinions, sexual orientation, religion.
5. Real-time remote biometric identification in public spaces by law enforcement (narrow exceptions for specific serious crimes).
6. Predictive policing based exclusively on automated profiling.
7. Massive scraping of facial images from the internet or video surveillance to build facial recognition databases.
8. Real-time biometric inference of emotions or cognitive states in public spaces (specific medical exceptions).

For most Italian software houses these categories do not apply directly. But watch out for borderline cases: a people analytics system that measures employees’ emotional “engagement” from video or audio falls into category 3. A targeted advertising system using vulnerability profiling (e.g. problem gamblers, people in financial difficulty) could fall into 1.

Penalties for violating prohibitions are the highest: up to 35 million or 7% of global revenue.

High-risk systems (full obligations from August 2026)

Annex III of the AI Act lists 8 areas where AI systems are “high-risk”. The most relevant for Italian software houses:

1. Biometrics: identification, categorisation, emotional recognition (in non-prohibited cases).

2. Critical infrastructure: AI for management and operation of road traffic, water, gas, energy, heating.

3. Education and vocational training: AI for student admissions, learning assessment, behavioural monitoring in class.

4. Employment: AI for CV screening, promotion/dismissal decisions, task allocation, performance monitoring.

5. Essential public and private services: credit scoring, welfare assessment, emergency call prioritisation, healthcare.

6. Law enforcement: AI for individual risk assessment, evidence reliability assessment, criminal profiling.

7. Migration, asylum, border control: AI for application assessment, document verification, surveillance.

8. Administration of justice and democratic processes: AI for researching and interpreting facts and laws, influence on elections and referendums.

If you develop systems operating in these areas, full obligations apply from August 2026. Let’s look at them in practice.

Obligation 1: risk management system

Documented system for identification, analysis and mitigation of risks of the AI system throughout its entire lifecycle. Continuously updated. Formal output: risk management document updated at frequency and signed by responsible parties.

Obligation 2: data and data governance

Training, validation and test data must be “relevant, sufficiently representative, free of errors as far as possible, complete with respect to purpose”. Bias and gaps in data must be documented and mitigated. Concretely: data governance document with dataset description, sources, cleaning processes, bias assessment.

Obligation 3: technical documentation

Detailed technical documentation: system architecture, algorithms, training data, performance metrics, known failure cases, instructions for use, maintenance. Annex IV of the AI Act specifies minimum contents (a list of 9 sections). It must be kept updated for 10 years after end of lifecycle.

Obligation 4: record keeping (automatic logging)

The AI system must automatically log events relevant to traceability: inputs, outputs, decisions, anomalies. Logs must be retained for the necessary period (typically consistent with sector regulations: GDPR, fiscal retention, etc.).

Obligation 5: transparency towards deployers

The AI system provider must give the deployer (the one using it) clear instructions: capabilities, limitations, type of output, level of accuracy, cases in which it may fail, human oversight required.

Obligation 6: human oversight

The system must be designed to allow effective human control. The deployer must be able to monitor, intervene, and suspend the system when necessary. It’s not an option: it’s a technical design obligation.

Obligation 7: accuracy, robustness, cybersecurity

The system must achieve appropriate levels of accuracy, technical robustness and cybersecurity. Levels to be declared in documentation and empirically verified. It’s not enough to say “95% accuracy”: you must demonstrate how it was measured, on what dataset, under which conditions.

Obligation 8: conformity assessment

Before placing the system on the market, a conformity assessment must be carried out. For most high-risk systems developed internally it’s a structured self-assessment. For some cases (remote biometrics) a third-party notified body is required.

Obligation 9: CE marking and EU declaration of conformity

The compliant system obtains CE marking (like traditional products) and must be accompanied by an EU declaration of conformity.

Obligation 10: EU database registration

High-risk systems must be registered in a public EU database managed by the Commission, accessible to citizens and authorities.

Obligation 11: post-market monitoring

After go-to-market, continuous performance monitoring system, feedback collection, serious incident management (mandatory reporting within 72 hours or 15 days depending on severity).

GPAI systems (LLMs and foundation models): specific obligations

Since August 2025, specific obligations are in force for providers of GPAI models. These obligations do NOT apply to developers who use GPAI APIs (e.g. calling OpenAI or Anthropic from an app), but to providers of the models themselves.

Base GPAI obligations:

• Technical documentation of the model
• Information and documentation for those integrating the model
• Copyright policy in training data
• Public summary of content used for training

Additional obligations for GPAI with systemic risk (models exceeding the indicated FLOP threshold: over 10^25 FLOPs of compute, a threshold that Claude, GPT-4, Gemini Ultra exceed):

• Model evaluation (state-of-the-art, red teaming included)
• Risk assessment and mitigation
• Incident reporting on serious incidents
• Cybersecurity protection of the model itself

For most Italian software houses: GPAI obligations concern your LLM provider (OpenAI, Anthropic, etc.), not you directly. But if you develop your own model from scratch (rare but possible), or if you do substantial fine-tuning that changes its capability, you can become a GPAI provider with your own obligations.

Transparency for “limited risk” systems

Article 50: minimum transparency obligations for:

• Chatbots: the user must be informed that they are interacting with AI (even if “obvious”).
• Deepfakes and AI-generated content: must be labelled as such (“marked as artificial or manipulated”).
• Systems generating text to inform the public: AI authorship must be declared (unless substantial human review).
• Emotion recognition and biometric categorisation: the user must be informed.

These obligations are light but apply to very many products (any chatbot in production should already have a “you are talking to an AI assistant” disclaimer, it doesn’t always have one).

What exactly changes from 2 August 2026

From 2 August 2026 the following mainly come into force:

1. Full obligations for Annex III high-risk systems (the 7 areas listed above excluding biometrics, which have specific rules since 2025).
2. Operational national competent authorities: AgID with supervisory, sanctioning and inspection powers.
3. Definitive GPAI codes of conduct (currently in consultation and finalisation phase).
4. Harmonised technical standards EN provided by CEN-CENELEC to demonstrate compliance (under development).
5. Active EU database registration procedure for high-risk systems.

Still to come into force (August 2027):

• Obligations for Annex I high-risk systems (safety components of regulated products: machinery, medical devices, toys, lifts, vehicles).
• Some transitional provisions on existing GPAI.

Penalties in detail

Structured in three tiers (art. 99):

Tier 1 (prohibitions, art. 5): violation of prohibited systems. Fine up to 35,000,000 euros or 7% of annual global group revenue (whichever is higher). Reduced to 3% or 1.5M for SMEs/startups.

Tier 2 (high-risk and GPAI obligations): violation of substantive obligations. Fine up to 15,000,000 or 3% of revenue. Reduced to 2% or 1M for SMEs/startups.

Tier 3 (inaccurate/incomplete information to authorities): fine up to 7,500,000 or 1.5% of revenue. Reduced to 1% or 500k for SMEs/startups.

For GPAI providers, specific penalties up to 15M or 3%.

Penalties apply to entities, but authorities can also proceed with individual administrative penalties (responsibility of legal representatives and designated AI Officers).

What to do now: roadmap to August 2026

For an Italian software house that develops or uses AI systems:

Step 1. AI inventory (1-2 weeks)

Complete mapping of AI systems in use and in development:

• Proprietary systems developed internally
• Systems integrated via third-party APIs (LLMs, vision APIs, etc.)
• Systems provided to clients For each: scope of application, AI Act risk category, deployer and provider (you are provider, deployer, or both).

Step 2. Classification (1 week)

For each mapped system, AI Act classification:

• Prohibited (to be removed immediately)
• High-risk (full obligations from August 2026)
• Limited risk (transparency obligations)
• Minimal risk (no specific obligations)
• GPAI (you are provider or deployer)

Step 3. Gap analysis (2-4 weeks)

For high-risk systems (if any), gap analysis on the 11 obligations seen above:

• What we have already documented vs what is missing
• What technical systems are needed (logging, monitoring, human oversight)
• Resources needed to close the gaps

Step 4. AI Officer designation (1 week)

Formal designation of an AI compliance officer (internal or consultant). Board approval of the corporate AI policy. Even if not expressly mandatory for everyone, it’s the first thing auditors and clients will ask you for.

Step 5. Implementation (4-12 months)

For high-risk systems:

• Building a formal risk management system
• Complete technical documentation for Annex IV
• Automatic logging if not present
• Documented human oversight procedure
• Post-market monitoring activated

For transparency systems:

• Adding “you are talking to AI” disclaimers in chatbots
• Labelling AI-generated content published

Step 6. Conformity assessment + CE marking (1-3 months)

For each high-risk system: structured self-assessment (or notified body if required), drafting of EU declaration of conformity, EU database registration, CE marking.

Step 7. Commercial contracts update (2-4 weeks)

Updating contracts with clients using your AI systems:

• Transparency clauses
• Provider/deployer responsibility allocation
• Shared incident reporting procedures

Common mistakes by Italian software houses

1. “We use the OpenAI API, OpenAI handles compliance”. False. OpenAI is responsible as GPAI provider, but you are responsible for the AI system you build by integrating their APIs. The separation of responsibility along the AI supply chain is explicit in the regulation.

2. “We don’t do high-risk, it doesn’t concern us”. Check Annex III carefully. A CV screening system is high-risk. An AI assistant for doctors is high-risk. A calendar bot probably isn’t. The distinction isn’t obvious.

3. “Let’s wait for AgID to provide clarifications”. AgID is working on it but national guidance will arrive gradually. Waiting means finding yourself non-compliant in August 2026 with little room to recover. Better to start now from the text of the regulation and EU AI Office guidelines.

4. AI documentation as one-off PDF. AI Act technical documentation is alive: it must be updated at every significant release of the system. Thinking of it as a closed project leads to obsolete documents that in case of inspection worsen your position.

5. Not formally designating an AI Officer. Governance is a de facto obligation. Without a formal internal role, there’s no one to manage, decide, respond. Companies finding themselves under pressure from regulated clients in 2026 are those that have not designated one.

FAQ

Does an internal corporate RAG system count as AI Act?

It depends on use. A RAG that answers employee questions on HR (e.g. “how much holiday do I have left”) is not high-risk. A RAG that helps in personnel selection decisions (even just suggesting) falls into employment = high-risk. Even just suggesting in high-risk areas activates the obligations.

Do SMEs have exemptions?

Reductions in penalties (see above), and some explicit lightening of technical documentation for SMEs/startups. But no full exemption from substantive obligations: if you develop high-risk systems, full obligations apply anyway.

How do AI Act and GDPR interface?

They are complementary, not in conflict. The AI Act regulates AI systems in themselves; GDPR regulates the processing of personal data. An AI system processing personal data falls under both: DPIA (article 35 GDPR) and AI Act risk assessment are required, which can be coordinated but not identical documents. The Italian Data Protection Authority will cooperate with AgID on overlapping cases.

What will the public administration client ask me?

We are already seeing the first specifications in 2025-2026 PA tenders that include AI Act-related clauses: declaration of risk classification of proposed systems, evidence of technical documentation, supplier AI Officer designation. Italian PAs often act as compliance trailblazers: private requirements will follow.

How do you manage a system in production since 2023 that is now classified as high-risk?

The AI Act provides a transitional regime for pre-existing systems. For high-risk systems already in production on 2 August 2026, full obligations apply starting from significant updates to the system. In practice: if the system remains as is, there’s a grace period; if you substantially update it, the obligations activate. The definition of “substantial modification” is being developed in the guidelines.

Does the AI Act also apply to systems developed for internal use within one’s own company?

Yes if they fall under Annex III. A CV screening system used only internally to hire staff for your company is high-risk even if not commercialised. The AI Act distinction is on the use of the system, not on commercialisation.

Conclusion

The AI Act from 2 August 2026 stops being a conference topic and becomes operational. For Italian software houses developing AI or integrating it, this is the moment to do the inventory, classify, map the gaps. Companies that will arrive at 2 August 2026 with a designated AI Officer, classified systems, basic documentation prepared, will avoid the cost (and stress) peaks that materialise when chasing compliance after it’s already mandatory.

If you are evaluating your AI Act positioning and want an initial assessment of systems in use or in development, let’s talk. The first conversation is free.

To explore other regulatory aspects: the pillar page security-aware custom software, the AI Act compliance implementation page for those wanting operational support, and the related article on NIS2 for Italian software houses.