EU AI ACT · AUGUST 2, 2026

The Compliance Risk
Hiding in Your Deal.

Penalties up to €35M. Most PE firms are not yet screening for EU AI Act exposure in their targets.

114days until full enforcement

WHAT IS THE EU AI ACT?

The EU Artificial Intelligence Act is the world's first comprehensive AI regulation, entering full enforcement from August 2, 2026. It applies to any company that develops, deploys, or uses AI systems within the EU — including international companies whose AI systems affect EU-based users.

The Act classifies AI systems into four risk tiers, each with different compliance requirements. The most critical for deal teams: high-risk systems require a formal conformity assessment before they can legally operate. Prohibited systems must be shut down entirely.

For a mid-market PE target, this means a system you did not build — a third-party HR platform with an AI screening algorithm, a credit assessment module in an ERP, an employee monitoring tool — can create material liability the day you close.

THE 4 RISK TIERS

UNACCEPTABLE

Prohibited

PENALTY

€35M or 7% global revenue

EXAMPLES

Social scoring systems, subliminal manipulation, real-time biometric surveillance in public spaces

DEAL IMPLICATION

Hard deal-blocker. System must be decommissioned before close.

HIGH-RISK

Conformity assessment required

PENALTY

€15M or 3% global revenue

EXAMPLES

CV screening AI, credit scoring AI, employee performance evaluation systems, access-to-services AI

DEAL IMPLICATION

Quantifiable compliance cost. Conformity assessment required as condition precedent.

LIMITED RISK

Transparency obligations

PENALTY

€7.5M or 1.5% global revenue

EXAMPLES

Chatbots, deepfake tools, emotion recognition in limited contexts

DEAL IMPLICATION

Minor compliance work. Disclosure requirements solvable in 3–4 weeks.

MINIMAL RISK

No specific obligations

PENALTY

None

EXAMPLES

Spam filters, product recommendations, manufacturing QC with human oversight

DEAL IMPLICATION

Not a compliance concern.

KEY DATES

Feb 2025

Prohibited AI practices banned (Article 5)

Any target using a prohibited system was already non-compliant — immediate deal risk.

Aug 2025

GPAI model obligations apply

Targets integrating third-party LLMs (GPT, Claude, Gemini) in products must comply. Widely overlooked.

Aug 2026

Full enforcement: high-risk systems, conformity assessments, market surveillance

The primary enforcement date. Deals closing after this face immediate regulatory scrutiny.

Aug 2027

High-risk AI embedded in regulated products (medical devices, machinery, vehicles)

Relevant for industrial, medtech, and automotive targets. Larger remediation, longer lead time.

5 QUESTIONS TO ASK IN EVERY DATA ROOM

✓ Good response: Named systems, third-party platforms identified, classification reviewed.

✗ Red flag: "We use standard LinkedIn/ATS features" with no compliance follow-up.

✓ Good response: No, or yes with conformity assessment underway.

✗ Red flag: Yes, with no conformity assessment — especially for fintech or lending targets.

✓ Good response: Documented classification with date and advisor named.

✗ Red flag: The concept is unfamiliar to the CTO or legal team.

✓ Good response: Yes with GPAI compliance review completed.

✗ Red flag: Extensive LLM integration in customer-facing products with no GPAI review.

✓ Good response: Named owner, budget line, external legal counsel engaged, milestones set.

✗ Red flag: No owner, no timeline, no budget allocated.

HOW VALENCE SCREENS FOR EU AI ACT RISK

D4 of the Valence Score™ specifically assesses regulatory and compliance posture, including EU AI Act status.

We map all AI systems in production and classify them against Annex III of the Act.

Financial exposure is quantified and included in the deal valuation module (M2).

GET COMPLIANCE SCREEN →

Don't close a deal with a €35M liability off the balance sheet.

GET ASSESSMENT →