The EU AI Act Hits in August. Here’s What Greek Enterprises Actually Need to Do.

August 2, 2026. That’s the date. High-risk AI system obligations under the EU AI Act become enforceable. Not guidelines. Not recommendations. Law. With fines up to €35 million or 7% of global turnover.

We covered the broader cultural implications in our piece on the Absorption Gap. This article is narrower and more practical: a step-by-step guide for Greek enterprises that need to get compliant before the deadline.

Step 1: Find out what you’re actually running (Week 1–2)

83% of European organizations don’t have a formal inventory of their AI systems. You can’t classify risk for systems you haven’t catalogued. We wrote a practical 5-step shadow AI audit framework that doubles as the EU AI Act inventory baseline.

Start with a company-wide audit. Every department. Every tool. Every vendor that uses the phrase “AI-powered” or “machine learning” in their marketing. Your HR screening tool? AI. Your fraud detection system? AI. That chatbot your marketing team set up last year? AI.

Document each system: what it does, what data it uses, what decisions it influences, and who’s responsible for it. This is your AI inventory. Everything else depends on it.

Step 2: Classify each system by risk level (Week 2–3)

The Act uses four risk tiers. For enterprise purposes, you mainly care about two:

High-risk systems include those used in employment decisions, credit scoring, essential services access, and critical infrastructure management. These face the full compliance requirements: documentation, human oversight, accuracy standards, ongoing monitoring.

Limited-risk systems (chatbots, content generators) must disclose that they are AI. Straightforward to implement, easy to overlook.

Most enterprise AI falls into one of these two categories. Map every system from your inventory against these tiers. When in doubt, classify higher. It’s easier to downgrade later than to scramble after an audit.

Step 3: Document what exists (Week 3–5)

High-risk systems need technical documentation covering: training data descriptions, design choices, testing procedures, performance metrics, and risk mitigation measures.

If you’ve been building AI responsibly, you likely have much of this already. If you haven’t. And most Greek enterprises haven’t, you need to start creating it now. Retroactive documentation is tedious but not impossible. What’s impossible is producing it on demand during an audit.

Step 4: Establish human oversight (Week 4–6)

The Act requires that humans can understand, override, and intervene in high-risk AI decisions. This means actual people in actual roles with actual authority to overrule the system. Not a theoretical possibility buried in the admin panel.

Practically: designate a human reviewer for each high-risk system. Define the escalation path. Document when and how the human can override. Test it regularly.

Step 5: Set up monitoring (Week 5–8)

Compliance isn’t a one-time exercise. High-risk systems must be monitored for accuracy, bias, and performance degradation throughout their lifecycle. You need automated monitoring that alerts when performance drifts, plus regular human reviews.

If you’re already tracking model performance in production, as anyone deploying AI responsibly should be. This is an extension of what you’re doing. If you’re not, it’s a significant infrastructure gap that needs to be closed.

Step 6: Designate an AI owner (Now)

This is the step most organizations skip, and it’s the one that makes everything else stick. Someone needs to own AI governance. Not as a side project. As an explicit responsibility with board-level visibility.

For smaller companies, this can be a part-time role. For larger enterprises, it should be dedicated. The key is that when the regulator asks “who is responsible for AI compliance at your organization?”, you have a name. Not a department. A name.

The Greek-specific wrinkle

The Absorption Gap data tells us that only 9% of Greek enterprises have formal AI governance. That’s 91% of companies that need to build a governance function from scratch before August. The harder part is that most don’t even know which AI tools their employees are using outside IT visibility, that inventory is the prerequisite for any compliance work.

The good news: Greece’s PHAROS AI Factory and the Ministry of Digital Governance’s €82.5 million upskilling budget are creating real infrastructure for this. The bad news: infrastructure doesn’t help if enterprises don’t use it.

The Commission’s Digital Omnibus proposal might push some deadlines to late 2027. But that’s a gamble. The prohibited-practices rules and GPAI model obligations are already in force. Building compliance now is cheaper than catching up later.

Don’t do this alone

We help Greek enterprises build AI governance from scratch: system inventories, risk classification, documentation frameworks, monitoring infrastructure, and the ongoing review processes that keep you compliant as your AI portfolio grows. If August feels close, it’s because it is. Get in touch at inbusiness.gr.