LinkedInTwitter
Fb.Bē.Tw.In.
© 2026 Copiright.
All rights reserved.

EU AI Act: Now What?

Sean Herschmiller Product Management

A Practical 90-Day Game Plan for Product Teams

About Sean
Sean Herschmiller is a senior product leader in AI-driven B2B SaaS. He has built and shipped AI products from concept to adoption, focusing on making compliance and product excellence work together across startups and enterprises.

The EU’s AI Act brought a big shift this summer—especially if you work in product, engineering, or go-to-market for a SaaS company shipping anything AI. As of August 2, 2025, new obligations kicked in for anyone touching general-purpose AI (GPAI) models in the EU market. Even if your company is outside the EU, you likely need to act. There’s no time for panic, but there is no time to waste either.

Here’s how to turn the next 90 days into clear wins—so your AI features remain both compliant and releasable, while your team gets ahead of the next wave of rules.

What Just Changed?

For anyone placing general-purpose AI models on the EU market after August 2, you must now meet new transparency and governance rules. These aren’t abstract. The requirements include publishing clear model summaries, data handling notes, and capability disclosures anyone can understand. There’s support: The EU released a Code of Practice, sample docs, and established the European AI Office to help clarify, enforce, and support teams on the ground.

Even if your models are already in market, you have until August 2027 to comply. But waiting risks technical debt and rushed responses later—instead, you want new processes to become habits now.

Who Needs to Pay Attention?

Don’t assume you’re off the hook if you’re not based in Europe. If your models or AI features reach EU users, or you rely on models sold into the EU, these rules apply. Whether you’re a provider, deployer, or integration partner—you’re on the hook.

Your 90-Day Plan

Start simple and move fast. Here’s a plan that works—one I use to keep teams shipping, even as obligations tighten.

First 30 Days: Inventory and Ownership

  • List every AI-powered feature and model you ship, use, or integrate.
  • Note which rely on general-purpose models, and flag which reach EU users.
  • For each, mark: Are you the provider or using a third party? Was the model placed on the EU market before August 2?
  • Stand up a weekly “AI review” with reps from product, engineering, security, legal, and data. Keep records simple and digital.

Next 30: Documentation and Checks

  • Draft one-pagers for key features: state the purpose, how the model is used, what it can/can’t do, and how users are protected.
  • Align with the Code of Practice and published guidelines—these aren’t long or hard to follow.
  • Create simple checklists for safety, accuracy, and abuse risk. Run these tests before and after you ship.
  • Design your product to handle “refusal states” (when AI says no) and unexpected results, and keep a short playbook for incidents.

Final 30: Vendors and Real-World Drills

  • For every vendor whose AI you use, ask for their disclosures, evals, and a summary matching the new rules. Bake this into onboarding.
  • Update your customer docs (and MSAs, if needed) with a clear, short paragraph on how AI is used and what the limits are.
  • Run a one-hour tabletop drill—walk through a real incident, reviewing roles and communication lines, especially those that might reach EU authorities.

Looking Ahead

August 2026 and 2027 bring new obligations, especially for high-risk systems and any models that were “grandfathered” in. Smart teams will map any feature that might become high-risk now. Waiting means costly sprints and internal fire drills later.

Pro Tips for Speed and Sanity

  • Write all disclosures and docs in plain English. If legal or support can’t use them, edit until they can.
  • Start with a basic red-team checklist and expand only as real bugs or issues appear.
  • Keep model and feature summaries short—attach to each release for easy audits.

Why Compliance Shouldn’t Slow You Down

The EU’s framework isn’t out to trip you up. With published dates, templates, and support from the new AI Office, you can operationalize this with a small set of new habits—inventory, owner assignments, documentation, and evaluation.

Act now, and you’ll free up time for product work while making future audits (and board updates) easy. Wait, and you’ll find yourself scrambling as new standards and high-risk rules land.

Call to Action

Start this week with your inventory. Get the first cross-functional meeting on the calendar. Choose one shipped feature to upgrade with clear disclosure, checks, and fallback by day 30. By 90 days, your team will be in control—and ready for what’s next.

References

European Commission, EU rules on general-purpose AI models start to apply, July 31, 2025
European Commission, AI Act — Regulatory framework for AI
EU AI Act — Implementation Timeline
DataGuard, EU AI Act timeline explainer
European Commission, General-Purpose AI Code of Practice page
AI Act site, Overview of GPAI guidelines
Mayer Brown, GPAI rules and templates summary
Skadden, GPAI obligations in force overview
IAPP, EU AI Act Compliance Matrix
Bird & Bird, AI Act timelines and tensions
DLA Piper, Member State authority setup around August 2025
European Commission, European AI Office role
Commission press, AI Office establishment note
WilmerHale, GPAI guidelines explainer

Leave a Comment