New: The Enterprise AI Evaluation Playbook (2026 edition) is out — download it free.
Qapitol
← All research

Qapitol Research · First edition

EU AI Act Readiness Index 2026

Most regulated enterprises remain structurally unprepared for EU AI Act obligations despite partial enforcement beginning February 2025, with 78% taking no meaningful compliance steps and 83% lacking even basic AI system inventories—the foundation for all subsequent requirements.

June 2026·Designed PDF · 35 pages·Free with email
Download the report →

Executive summary

  • The EU AI Act entered partial enforcement in February 2025 with prohibited practices taking immediate effect, yet as of June 2026 the vast majority of regulated enterprises have taken no substantive compliance steps. The implementation deficit is not informational—organizations understand their obligations—but structural: they lack the foundational capabilities, cross-functional ownership, and operational processes required to inventory systems, classify risk, generate technical documentation, and demonstrate conformity before upcoming deadlines in December 2027 for standalone high-risk systems and August 2028 for safety-critical embedded AI.
  • The compliance gap manifests across every major obligation category. Eighty-three percent of organizations have no formal inventory of AI systems they use or deploy, preventing the risk classification and conformity assessment that follows. Sixty-one percent have no process for generating the technical documentation that Article 11 requires before market placement and mandates retaining for ten years. Only 28% have implemented audit-survivable human oversight capabilities, 24% meet Article 10 data governance standards, and 22% satisfy Article 11 technical documentation requirements. These deficits compound: without system inventories, risk classification is impossible; without data lineage, Article 10 compliance fails; without documented risk management systems, Article 9 conformity cannot be demonstrated.
  • The organizational substrate for compliance is absent. Seventy-four percent of enterprises have no designated internal owner coordinating AI Act obligations across the multiple functions the regulation touches—legal, technical, procurement, HR, and operations. Where governance roles exist, they are weakly integrated, positioned below executive level, and lack authority to enforce cross-functional accountability. This creates predictable implementation failure: compliance ownership without clear accountability across interconnected teams results in programs that consume 37% more time than planned yet fail to deliver the documented evidence auditors and notified bodies will require. The deferral granted by the May 2026 AI Omnibus—moving standalone Annex III obligations from August 2026 to December 2027—provides 18 additional months, but time alone will not close gaps rooted in missing governance structures, inadequate vendor contracts, and absent data lineage capabilities.

Headline prediction

The 18-month window to standalone high-risk system compliance (deferred to December 2027) will not close the implementation gap without fundamental changes in governance ownership, vendor contractual frameworks, and data lineage capabilities.

What this report covers

  • Current compliance performance across system inventory, risk classification, technical documentation, human oversight, and data governance obligations
  • Organizational accountability gaps and the structural reasons 74% of enterprises have no designated AI Act compliance owner
  • Vendor risk and third-party AI supply chain challenges, including contractual gaps in training-data lineage and technical transparency requirements
  • Cost models and implementation timelines for enterprise-wide AI governance programs, readiness assessments, and control-mapping automation
  • Article-by-article readiness levels for high-risk system requirements and the December 2027 and August 2028 compliance deadlines

Download the report

Get “EU AI Act Readiness Index 2026” — designed PDF, 35 pages

Free with your details. We’ll send the PDF to your inbox and tailor what we share next to your role.

No spam. We’ll only send research relevant to your role. Unsubscribe anytime.

Sources

  • AI Act | Shaping Europe’s digital future — https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
  • EU AI Act (Regulation 2024/1689) | Comparative AI — https://comparativeai.org/en/rules/eu/ai-act/
  • Annex IV | AI Act Service Desk — https://ai-act-service-desk.ec.europa.eu/en/ai-act/annex-4
  • AI Act reloaded? What the latest AI Act changes mean in practice | Stibbe — https://www.stibbe.com/publications-and-insights/ai-act-reloaded-what-the-latest-ai-act-changes-mean-in-practice
  • EU AI Act Enforcement 2026: The Post-Omnibus Guide — https://axis-intelligence.com/eu-ai-act-enforcement-guide/
  • EU AI Act Compliance Statistics 2026 - Axis Intelligence — https://axis-intelligence.com/eu-ai-act-compliance-statistics/
  • EU AI Act Readiness Benchmark — 50 Enterprises | MindMap Digital — https://www.mindmapdigital.ai/blog/eu-ai-act-readiness-benchmark-2026
  • The Double Gap — https://www.bdcllc.io/research/2026-04-01-double-gap.pdf
  • 78% of Enterprises Are Not Ready for the EU AI Act — Here Is What They Are Missing | ClearAct — EU AI Act Compliance — https://clearact.net/en/articles/78-percent-of-enterprises-unprepared-eu-ai-act-2026
  • The EU AI Act Has a Question Your Board Will Ask in August. 83% of Enterprises Can't Answer It. | Cerevisor — https://cerevisor.com/blog/eu-ai-act-august-board-question-2026
  • 78% of Enterprises Are Not Ready for the EU AI Act — Here Is What They Are Missing | ClearAct — EU AI Act Compliance — https://clearact.net/en/articles/78-percent-of-enterprises-unprepared-eu-ai-act-2026
  • https://www.ey.com/content/dam/ey-unified-site/ey-com/pt-pt/services/technology-risk/document/ey_ew-tech-risk-ai-grc-survey-2025.pdf
  • https://labs.cloudsecurityalliance.org/research/csa-research-note-eu-ai-act-high-risk-compliance-deadline-20/
  • EU AI Act Readiness Report 2026: Why 64% of Companies Aren't Ready | Matproof Blog — https://matproof.com/blog/eu-ai-act-readiness-report-2026
  • Vision Compliance Releases 2026 EU AI Act Readiness Report, Finds — https://natlawreview.com/press-releases/vision-compliance-releases-2026-eu-ai-act-readiness-report-finds-78
  • EU AI Act Compliance Readiness: 2024 Statistics | FluxForce — https://www.fluxforce.ai/statistics/ai-act-compliance-readiness
  • EU AI Act Readiness Benchmark — 50 Enterprises | MindMap Digital — https://www.mindmapdigital.ai/blog/eu-ai-act-readiness-benchmark-2026
  • The Double Gap — https://www.bdcllc.io/research/2026-04-01-double-gap.pdf
  • Article 15: Accuracy, robustness and cybersecurity | AI Act Service Desk — https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-15
  • Article 14: Human oversight | AI Act Service Desk — https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-14
  • EU AI Act Readiness Assessment Guide: Gap Analysis to Evidence Pack | Glocert International — https://www.glocertinternational.com/resources/guides/eu-ai-act-readiness-assessment-guide/
  • Full article: ‘Human oversight’ in the EU artificial intelligence act: what, when and by whom? — https://www.tandfonline.com/doi/full/10.1080/17579961.2023.2245683
  • 2026 State of Data Integrity and AI Readiness — https://www.lebow.drexel.edu/sites/default/files/2026-01/lebow-precisely-state-data-integrity-ai-readiness-2026.pdf
  • EU AI Act Data Governance: 93% Not Ready | Unwind Data — https://unwinddata.com/eu-ai-act-data-governance-readiness-2026
  • EU AI Act Readiness Benchmark — 50 Enterprises | MindMap Digital — https://www.mindmapdigital.ai/blog/eu-ai-act-readiness-benchmark-2026
  • CDO Insights 2026: Data governance and the trust paradox of data and AI literacy take center stage — https://resources.wisdominterface.com/wp-content/uploads/2026/01/resources.asset_.5801f6a8d7c09ce001041f8b4df6e9f6.pdf
  • AI Data Governance: A Practical Framework for UK and EU Organisations — https://helium42.com/blog/ai-data-governance?hs_amp=true
  • Responsible AI and third-party risk management: PwC — https://www.pwc.com/us/en/tech-effect/ai-analytics/responsible-ai-tprm.html
  • Artificial Intelligence Standard — https://assets.ctfassets.net/nkxx3d6xsed1/6goQ97CV3qcJBPP6pWy0Hz/f36883efa6d8dad253ebbf743b8fd9fb/Artificial_Intelligence_Standard_EN.pdf
  • Managing Third-Party Risk: What Legal Teams Must Focus on in 2026 - Reg Tech Post — http://regtechpost.com/tprm/managing-third-party-risk-what-legal-teams-must-focus-on-in-2026/
  • Health Industry Cybersecurity — https://healthsectorcouncil.org/wp-content/uploads/2026/04/AI-Third-Party-Risk-Guide.pdf
  • AI Addendum — https://www.basf.com/dam/jcr:296353df-bff1-4ecd-8993-35ddb2b64a55/BASFGroupGermany_Software_&_Related_Services_AIAddendum.pdf
  • EU AI Act for chief compliance officers — GLACIS — https://www.glacis.io/guide-eu-ai-act-cco
  • 78% of Enterprises Are Not Ready for the EU AI Act — Here Is What They Are Missing | ClearAct — EU AI Act Compliance — https://clearact.net/en/articles/78-percent-of-enterprises-unprepared-eu-ai-act-2026
  • AI Governance Roles: Who Owns What | CTAIO — https://ctaio.dev/en/ai-governance/ai-governance-roles/
  • Where Are the AI Governance Roles? An Early-Stage Empirical Mapping of Presence, Absence, and Structure in Organisational AI Oversight — https://www.mdpi.com/2673-7116/6/2/18
  • Law and Policy Brief — https://pollicinoaidvisory.eu/wp-content/uploads/2026/02/STAZZONE.pdf
  • Multi-Framework Compliance Automation Guide — https://josefkamara.com/multi-framework-compliance-automation/
  • How To Centralize Regulatory Obligations Across Products And Markets | Blog | ComplySafe.io | ComplySafe.io — https://complysafe.io/en/blog/how-to-centralize-regulatory-obligations-across-products-and-markets
  • Regulatory Compliance Automation Across Jurisdictions in 2026 — https://neota.com/cross-jurisdiction-compliance-automation/
  • From Vision to Victory: Best Practices for Architecting Enterprise-Wide Compliance Ecosystems — https://www.ijcaonline.org/archives/volume187/number87/from-vision-to-victory-best-practices-for-architecting-enterprise-wide-compliance-ecosystems/
  • Automated Compliance Software for DORA, NIS2 & ISO 27001 | Matproof — https://matproof.com/automated-compliance
  • What Enterprise AI Actually Costs: An Honest Breakdown | AI Advisory Practice — https://aiadvisorypractice.com/blog/enterprise-ai-actually-costs-honest-breakdown
  • AI Implementation Cost: From PoC to Production Budget Guide | Blog ARDURA Consulting — https://ardura.consulting/blog/ai-implementation-cost-poc-to-production/
  • AI Adoption Roadmap: 5-Phase Enterprise Plan | The Thinking Company — https://thinking.inc/en/pillar-pages/ai-adoption-roadmap/
  • Enterprise AI Budget Allocation 2026: Where the Spend Actually Goes | Presenc AI — https://presenc.ai/research/enterprise-ai-budget-allocation-2026
  • AI Readiness Assessment: Cost & Who Needs One | Elevated Signal — https://elevatedsignal.com/insights/ai-readiness-assessment-guide/
  • Enterprise AI Implementation Cost, Timeline & Framework (2026 Guide) — https://ssntpl.com/enterprise-ai-implementation-complete-2026-guide/
  • Bundesnetzagentur -
  • Prohibited practices — https://bundesnetzagentur.de/EN/Areas/Digitalisation/AI/08_ProhibitedPractices/start.html
  • Annex IV - Technical documentation referred to in Article 11(1) - AI Act — https://ai-act-law.eu/annex/4/
  • Article 9: Risk management system | AI Act Service Desk — https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-9
  • Article 50 AI Act: what applies on 2 August | aiacto — https://www.aiacto.eu/en/blog/article-50-ai-act-what-actually-applies-2-august-2026
  • General-purpose AI obligations under the AI Act | Shaping Europe’s digital future — https://digital-strategy.ec.europa.eu/en/factpages/general-purpose-ai-obligations-under-ai-act
  • AI Act | Shaping Europe’s digital future — https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
  • 78% of Enterprises Are Not Ready for the EU AI Act — Here Is What They Are Missing | ClearAct — EU AI Act Compliance — https://clearact.net/en/articles/78-percent-of-enterprises-unprepared-eu-ai-act-2026
  • AI Governance in 2026: 50% of Companies Lack Compliance Inventory Amid Strict Regulations — https://aipressa.com/ai-business/ai-governance-in-2026-50-of-companies-lack-compliance-inventory-amid-strict-regulations/
  • The EU AI Act Has a Question Your Board Will Ask in August. 83% of Enterprises Can't Answer It. | Cerevisor — https://cerevisor.com/blog/eu-ai-act-august-board-question-2026
  • New Research Finds Only 25 Percent of Organizations Report a ... — https://www.prnewswire.com/news-releases/new-research-finds-only-25-percent-of-organizations-report-a-fully-implemented-ai-governance-program-302517095.html
  • AI Act: Risk Classification of AI Systems from a — https://www.appliedai.de/uploads/files/AI-Act-Risk-Classification-Study-EN.pdf
  • Governing at the Speed of AI: The Future Demands a New Playbook — https://www.onetrust.com/blog/governing-at-the-speed-of-ai-the-future-demands-a-new-playbook/
  • 78% of Enterprises Are Not Ready for the EU AI Act — Here Is What They Are Missing | ClearAct — EU AI Act Compliance — https://clearact.net/en/articles/78-percent-of-enterprises-unprepared-eu-ai-act-2026
  • Artificial Intelligence: Council and Parliament agree to simplify and streamline rules - Consilium — https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/
  • The EU AI Act Has a Question Your Board Will Ask in August. 83% of Enterprises Can't Answer It. | Cerevisor — https://cerevisor.com/blog/eu-ai-act-august-board-question-2026
  • Technical Documentation Requirements (Article 11 + Annex IV) | Regumatrix | Regumatrix — https://regumatrix.eu/compliance/technical-documentation
  • EU AI Act Compliance Statistics 2026 - Axis Intelligence — https://axis-intelligence.com/eu-ai-act-compliance-statistics/
  • EU AI Act Compliance Statistics 2026 - Axis Intelligence — https://axis-intelligence.com/eu-ai-act-compliance-statistics/
  • https://labs.cloudsecurityalliance.org/research/csa-research-note-eu-ai-act-high-risk-compliance-deadline-20/