The EU's Big AI Law Kicks In on August 2 — Here's Who Actually Needs to Care
In one month, the EU AI Act's rules for 'high-risk' AI become enforceable — affecting companies that use AI for hiring, credit scoring, and more. A possible delay to 2027 is in the works, but counting on it would be a gamble. A plain-language guide to what's happening.
On August 2 — one month from now — the EU AI Act stops being a document companies “should probably read” and starts being enforceable law. If that sentence made your eyes glaze over, stay with me for two paragraphs, because whether this affects you comes down to one simple question.
That question: does your company use AI to make decisions about people or safety? The law’s “high-risk” category isn’t about how powerful the AI is — it’s about where it’s used. AI that screens job applications, scores creditworthiness, grades students, or runs in medical devices and critical infrastructure counts. AI that drafts your emails or summarizes meetings doesn’t. If you’re in the first group, the deadline comes with real teeth: fines can reach €35 million or 7% of global revenue.
What do affected companies actually have to do? In plain terms: prove the AI is being used responsibly. That means documentation showing how the system works and what its known weaknesses are, an ongoing process for spotting and managing risks, a real human being with the power to overrule the system, and registration in a public EU database. It’s paperwork with a purpose — the point is that “the algorithm decided” stops being an acceptable answer when someone’s job application or loan is on the line.
Now the plot twist: the deadline might move. The EU recently approved a “simplification package” that would push the high-risk rules back to December 2027. But — and this is the part law firms keep underlining — that delay isn’t legally in force until it’s published in the EU’s Official Journal. Until that happens, August 2 is the real date. Lawyers are telling clients to treat the extension as a possible bonus, not a plan. It’s also worth knowing that enforcement will vary by country: Germany and France have signaled they intend to take it seriously from day one.
What this means for you: If you’re using AI for personal stuff or everyday work tasks, nothing changes — this law isn’t aimed at you. If you run or work at a company that uses AI anywhere near hiring, lending, grading, or safety decisions, July is the month to check whether you fall under the rules (the law’s “Annex III” is the list to look at) — and to get the documentation started rather than betting on the delay. Being able to explain what your AI does and who checks it is becoming table stakes in Europe, deadline or not.
Sources
Source: https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
Using Cursor? Update It Today — Two Serious Security Holes Just Got Fixed
Security researchers found two critical flaws in Cursor, the popular AI code editor: simply opening a malicious project could let attackers run commands on your computer. The fix is easy — update to version 3.0. Here's what happened and what it teaches all of us about AI tools.