Services · EU AI Act · Deadline 2 Aug 2026

EU AI Act compliance — the technical implementation, before August 2026

On 2 August 2026 the rules for high-risk AI systems and the transparency obligations start to apply. Your legal team decides what the Act requires and signs it off — but someone has to build the controls that satisfy it. That's the part I do, under their direction.

The build problem sitting next to the legal one

I'm an engineer, not a lawyer — and I won't pretend otherwise. Your legal and compliance advisers decide which systems are high-risk, what obligations apply and whether you're compliant. What they usually can't do is actually implement the controls in your systems: the oversight interface, the audit-grade logging, the content labelling, the evals that prove accuracy and robustness, the Annex IV technical documentation. That engineering layer is the part I deliver — turning their obligations into shipped, working controls, and the AI-literacy programme into something your teams actually do.

Classify & scope

Inventory every AI system, decide your role (provider vs deployer) and classify risk so you only build what the Act actually requires.

Build the controls

Logging & traceability, human-oversight interfaces, data governance, transparency and content labelling — engineered into your stack.

Document & prove

Annex IV technical documentation, evals for accuracy, robustness and cybersecurity, and the records a conformity assessment needs.

Monitor & hand over

Post-market monitoring, incident logging and a documented pattern your team keeps running after the deadline.

The three ways I help

Most companies start with the assessment, then move into implementation. Each is scoped and priced on its own.

Why the August 2026 date matters now

The Act applies in waves. Prohibited AI practices and the AI-literacy obligation have applied since February 2025; general-purpose AI model obligations since August 2025. The wave that catches most companies is 2 August 2026, when obligations for high-risk systems (Annex III) and the Article 50 transparency rules become enforceable. Building audit-grade logging, human oversight and technical documentation retroactively, across live systems, takes months — which is why the work starts now, not in July.

How an engagement runs

  1. Assess (with your legal team)Inventory every AI system and gather the technical facts. Your legal advisers classify risk and confirm roles; I turn that into a prioritised engineering gap analysis and roadmap.
  2. ImplementBuild the required controls for each high-risk system — risk-management tooling, data governance, logging, human oversight, robustness.
  3. Document & evidenceProduce Annex IV technical documentation and the risk, eval and logging evidence your legal team's conformity assessment and declaration rely on.
  4. Monitor & enableStand up post-market monitoring and run the AI-literacy programme, then hand over a pattern your team can keep extending.

Where I stop and your legal team starts

Being clear about the boundary is part of doing this honestly. I'm not a substitute for legal advice, and the calls with legal exposure stay with the people qualified to make them.

I do

Build the technical controls, the logging and oversight interfaces, the transparency mechanisms, the evals, the Annex IV documentation tooling, and the AI-literacy programme.

Your legal / compliance team does

Interprets the Act, classifies risk, decides your provider/deployer role, runs the formal conformity assessment and signs the declaration of conformity.

If you don't have that legal cover in place, the honest first step is to get it — I'm happy to work in alongside a firm you already trust, or to focus purely on the transparency and AI-literacy work, which needs the least legal interpretation.

Why me

I'm Vilva Athiban P B, a Lead AI Engineer at Omio. I build agentic AI and MCP systems in production, where logging, evals, access control, human oversight and monitoring are already core engineering concerns — the exact controls the AI Act asks for. And I've coached whole organisations on AI adoption, which is what the Article 4 literacy obligation needs. You get the engineer who builds the controls and the coach who gets teams to use them.

Frequently asked questions

When does the EU AI Act actually apply to us?

The Act entered into force in August 2024 and applies in stages. Prohibited practices and AI-literacy obligations already apply (since February 2025), and general-purpose AI obligations since August 2025. The big one is 2 August 2026, when the rules for high-risk AI systems (Annex III) and the Article 50 transparency obligations start to apply. If you build, deploy or even just use AI systems that touch the EU, this is the deadline to be ready for.

Are you a law firm or a compliance consultancy?

No — and that's the point. I'm a Lead AI Engineer. Law firms and GRC consultancies tell you what the Act requires; I build the technical controls that actually satisfy it — logging and traceability, human-oversight interfaces, transparency and content-labelling, evals and monitoring, and the Annex IV technical documentation. I work alongside your legal and compliance function, turning their obligations into shipped, working systems.

Does the Act even apply to us if we only use AI we bought?

Very likely yes. The Act creates obligations for deployers, not just providers. If you deploy a high-risk AI system you have duties around human oversight, monitoring, logging and transparency. And if you fine-tune, significantly modify or rebrand a system, you can become the provider yourself — with the full obligation set. Part of the readiness assessment is working out exactly which role you hold for each system.

What does non-compliance cost?

Fines scale with the severity of the breach — up to €35M or 7% of global annual turnover for prohibited practices, and up to €15M or 3% for most other obligations, whichever is higher. Beyond fines, non-compliant high-risk systems can be forced off the EU market. The engineering work to comply is a fraction of that exposure, and most of it (logging, evals, oversight) makes your AI more reliable anyway.

How do we start, and how long does it take?

Start with the technical readiness assessment — usually 1–2 weeks to inventory your systems, gather the technical facts your legal team needs to classify risk, and produce a prioritised engineering roadmap. Implementation depends on how many high-risk systems you run and how much control tooling already exists; I scope it as fixed, phased work after the assessment so you know the deliverables and the number up front.

Why you, specifically?

I'm Vilva Athiban P B, a Lead AI Engineer at Omio. I build agentic AI and MCP systems in production, where logging, evals, access control, human oversight and monitoring are exactly the controls the Act asks for. I've also coached whole organisations on AI adoption — which is what the Article 4 literacy obligation needs. So you get the engineer who builds the controls and the coach who gets teams to actually use them.

This service delivers the technical implementation of EU AI Act controls and is not legal advice. I work alongside your own legal and compliance advisers, who remain responsible for legal interpretation.