What is the EU AI Act?

The EU AI Act (Regulation EU 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It entered into force on August 1, 2024, and applies to all companies operating AI systems in the European Union from August 2, 2026. Non-compliance carries fines of up to €35 million or 7% of global annual turnover.

Who does the EU AI Act apply to?

The EU AI Act applies to any company that develops, deploys, or uses AI systems within the EU — regardless of where the company is headquartered. This includes Series A and Series B startups using AI in their products, HR tools, credit scoring, medical devices, or customer-facing applications.

What does EU AI Act compliance include?

A full compliance package includes: AI system risk classification (prohibited, high-risk, limited-risk, minimal-risk), gap analysis against Articles 9–15, technical documentation, conformity assessment support, and board-ready reports. Verumt covers all of this in a single 12-week engagement.

What are the penalties for non-compliance with the EU AI Act?

Fines for non-compliance range from €7.5 million (or 1.5% of global annual turnover) for minor violations, up to €35 million (or 7% of global annual turnover) for the most serious breaches.

How is Verumt different from a law firm?

Verumt combines legal expertise with technical knowledge — our team includes both compliance lawyers and engineers. This allows us to deliver audit-ready compliance in 12 weeks at a fraction of the cost of traditional law firms (from €2,500 vs. €50,000+).

What AI systems are considered high-risk under the EU AI Act?

High-risk AI systems include those used in hiring and HR decisions, credit scoring, medical diagnosis, biometric identification, and systems used in critical infrastructure. Article 6 and Annex III of the EU AI Act define the full list.

When does EU AI Act compliance need to be completed?

The full regulation applies from August 2, 2026. However, investor due diligence and enterprise sales cycles mean that most Series A/B companies need to be audit-ready 6–12 months before the deadline — meaning the window to act is now.

Legal Checklist

EU AI Act Compliance Checklist for General Counsel

← Back to EU AI Act Complete Guide

A practical guide for General Counsel, CLOs, and Heads of Legal to navigate EU AI Act obligations, protect board members from personal liability, and close investor due diligence faster.

Reviewed by the Verumt legal compliance team · Last updated: March 2026 · Sources: EU AI Act (EUR-Lex) · European Commission AI Office

What Does the EU AI Act Mean for General Counsel?

The EU AI Act (Regulation EU 2024/1689) creates direct legal obligations for companies operating AI systems in the EU. For General Counsel, this means two distinct responsibilities: ensuring the company meets its compliance obligations before August 2, 2026, and protecting board members and directors from personal liability exposure in the event of regulatory action. Companies with high-risk AI systems face fines of up to €35 million or 7% of global annual turnover.

Personal Liability for Directors and Board Members

The EU AI Act includes governance requirements that create potential personal liability for company officers. Article 26 requires deployers of high-risk AI systems to implement governance structures, assign responsibility, and maintain oversight — obligations that regulators can trace to named individuals. Investor due diligence increasingly scrutinizes AI governance as a board-level risk factor.

The EU AI Act Compliance Checklist for Legal Teams

Phase 1: Assessment (Weeks 1–4)

Inventory all AI systems used or developed by the company
Classify each system by risk category (prohibited / high-risk / limited / minimal)
Identify which systems require conformity assessment before August 2, 2026
Map AI systems to applicable articles (Articles 6–15 for high-risk)
Identify third-party AI providers and review their compliance status
Review existing contracts with AI providers for compliance clauses

Phase 2: Documentation (Weeks 5–8)

Draft or commission technical documentation per Article 11
Implement risk management system per Article 9
Establish data governance framework per Article 10
Document human oversight mechanisms per Article 14
Create post-market monitoring plan per Article 72
Prepare Declaration of Conformity (for high-risk systems)

Phase 3: Board Readiness (Weeks 9–12)

Prepare board-level AI governance report
Establish AI governance policy and assign named responsibilities
Create investor due diligence pack (AI Act compliance summary)
Implement incident reporting procedures per Article 73
Register high-risk AI systems in EU database (where required)
Brief board members on personal liability exposure and mitigation

EU AI Act Timeline — Key Dates for Legal Teams

Date	Obligation	Who It Affects
February 2, 2025	Prohibited AI practices banned (Article 5)	All companies
August 2, 2025	GPAI model obligations apply	AI model providers
August 2, 2026	Full regulation applies — high-risk AI obligations enforceable	All companies with high-risk AI
August 2, 2027	High-risk AI systems already on market must be compliant	Existing product deployments

How Verumt Helps General Counsel

What You Need	What Verumt Delivers	Timeline
Risk assessment across AI stack	Full system inventory + risk classification report	Weeks 1–2
Regulatory mapping	Article-by-article obligation map per system	Weeks 2–4
Technical documentation	Article 11-compliant documentation package	Weeks 4–8
Board-ready report	Executive summary + governance recommendations	Week 10
Investor due diligence pack	Compliance summary formatted for investor review	Week 12

Frequently Asked Questions for General Counsel

Does the EU AI Act apply to companies headquartered outside the EU?+

Yes. The EU AI Act applies to any company whose AI systems affect users in the European Union — regardless of where the company is incorporated. This includes US, UK, Israeli, and Asian companies selling into European markets.

Are directors personally liable for EU AI Act violations?+

The EU AI Act itself does not create direct personal criminal liability, but it does require named individuals to be assigned governance responsibilities — creating a clear paper trail for regulatory action. Additionally, investor agreements and D&O insurance policies are beginning to include AI compliance representations that create indirect personal exposure.

Do we need external legal counsel or can we handle EU AI Act compliance internally?+

Companies with a single minimal-risk AI system may be able to self-assess. Companies with multiple AI systems, high-risk applications, or investor reporting obligations typically require external expertise — both to ensure completeness and to demonstrate independence to regulators and investors.

How does EU AI Act compliance affect Series B fundraising?+

EU and US institutional investors conducting due diligence on European Series B rounds are increasingly requesting AI governance documentation as part of the legal data room. Companies with audit-ready EU AI Act compliance close rounds faster and with fewer conditions than those that cannot demonstrate compliance readiness.

What is the difference between the EU AI Act and GDPR for legal teams?+

GDPR governs data privacy — how personal data is collected, stored, and processed. The EU AI Act governs AI system safety and governance — how AI systems are designed, tested, documented, and overseen. The two regulations overlap significantly for AI systems that process personal data, and a compliance program should address both simultaneously.

How quickly can Verumt have us audit-ready?+

Verumt delivers a complete audit-ready compliance package in 12 weeks. The Professional package (€5,900) covers up to five AI systems and includes all documentation, risk assessment, regulatory mapping, and board-ready reporting. For companies with upcoming investor due diligence or enterprise deals, we offer expedited timelines.

Also see: EU AI Act Guide for CTOs · EU AI Act FAQ

Audit-ready in 12 weeks. Your next investor will ask — have the answer ready.

Board-ready reports. Investor due diligence pack. Full documentation. From €5,900.

Book a legal assessment