For the first time since its adoption in 2021, the European Union’s AI Act is being enforced. On February 27 2026, regulators announced that investigations are underway and penalties—up to 7% of a company’s global annual revenue—will be imposed for serious breaches.
What’s Now Enforceable
The Act has been rolled out in phases. Early 2026 marks the point at which the following provisions are active:
- Banned practices: social scoring, real‑time biometric surveillance (with limited exceptions) and AI that exploits vulnerable groups are prohibited.
- Transparency obligations: any system that interacts with people must disclose it is AI. Deepfake content has to be labelled, and chatbots must identify themselves as non‑human.
- High‑risk system requirements: AI used in hiring, credit scoring, law enforcement or critical infrastructure must satisfy strict documentation, testing and human‑in‑the‑loop oversight.
The First Investigations
Regulators have opened their inaugural formal investigations. While no companies have been named publicly yet, industry analysts suggest the focus will be on:
- Generative AI transparency – whether chat‑bot providers disclose AI interactions adequately.
- Training data compliance – documentation of data used to train foundation models.
- High‑risk classification – conformity assessments for AI in recruitment and lending.
"The pattern follows the GDPR playbook: start with high‑profile investigations to establish precedent and signal seriousness," notes Michael Ouroumis, a senior analyst at AIWire.
These steps mark a pivotal shift in how the EU will regulate artificial intelligence, setting a global benchmark for compliance and enforcement.