For AI Act August 2 Medical Device Companies questions, the most important thing to understand is which requirements apply now and which have been delayed.
What this is about: You keep seeing “the EU AI Act” and “August 2nd” in the news. This explains, in plain English, what the law actually is, what really happens around that date, and how to tell if it even applies to your company.
Part 1 of 3 in our plain-English EU AI Act series. Part 2 helps you check if your AI product is “high-risk.” Part 3 covers the part most teams underestimate: staying compliant as your AI keeps changing.
First, what is the EU AI Act?
The EU AI Act is Europe’s first big law about artificial intelligence. Its formal name is Regulation (EU) 2024/1689. It came into force on 1 August 2024, and it does not switch on all at once. Different parts of it start on different dates over several years.
The core idea is simple: the law treats AI by how risky it is. The more an AI system could affect people’s health, safety, or basic rights, the more rules it has to follow. A spam filter and an AI that helps diagnose disease are not treated the same way, and that is the whole point.
So before you panic about “AI regulation,” the real question is not “does this law exist.” It does. The real question is “which risk level am I in,” because that decides whether you have a lot of work, a little, or almost none.
The four risk levels, in one quick pass
The Act sorts AI into four buckets. Here they are, plainest version first.
1. Banned (unacceptable risk). A short list of AI uses that Europe decided are simply not allowed. Think manipulative systems and certain kinds of social scoring. These bans have applied since 2 February 2025. Almost no normal product lands here.
2. High-risk. AI that can seriously affect someone’s health, safety, or rights. This is the heavy bucket: it comes with real obligations like risk management, good data practices, documentation, logging, human oversight, and ongoing monitoring. Most AI built into medical devices lands here. If you make an AI medical product, this is your bucket, and Part 2 helps you confirm it.
3. Limited risk (transparency). AI where the main rule is simply “be honest about it.” For example, telling people they are talking to a chatbot, or labelling AI-generated images and video so they are not mistaken for real ones. This sits in Article 50 of the Act. Lighter touch, but real.
4. Minimal risk. Everything else. The vast majority of everyday AI, with no specific obligations under the Act.
That is the entire framework. Four buckets. Your job is to find out which one you are in, not to memorise the whole law.
So what actually happens on August 2nd?
Here is where the news gets confusing, because “August 2nd” has meant different things at different times.
For most people, “August 2nd” (2 August 2026) is shorthand for “the AI Act date.” The honest answer is that one specific part really does go live that day: the transparency rules. From 2 August 2026, if your AI talks to people or makes synthetic content, you generally have to be open about it. That obligation was not delayed. It is happening.
But here is the twist that catches people out. 2 August 2026 was also originally the date when the big high-risk obligations were supposed to start. That part has been pushed back. A package of changes known as the Digital Omnibus on AI (published 19 November 2025, with a provisional political agreement on 6 May 2026, confirmed by the Council on 13 May 2026) moved the high-risk deadlines later.
The new, provisional dates look like this:
- Transparency rules (Article 50): live from 2 August 2026, as planned.
- High-risk standalone AI systems: now from 2 December 2027.
- High-risk AI built into regulated products (like medical devices): now from 2 August 2028.
Two important warnings. First, these new dates are provisional. As of June 2026 they still have to be formally published in the EU’s Official Journal, and the timeline has already shifted more than once. Plan for the substance, not the exact day. Second, “2028” does not mean “ignore it until 2028.” It means you have more runway, not less work.
Does this even apply to my small company?
This is the part that calms most founders down. For a typical startup or SME, you can usually figure it out in a few minutes.
Ask yourself, in order:
- Do I even use or build AI in my product? If not, the Act largely does not touch you. Done.
- Is my AI use on the banned list? Almost certainly not, unless you are doing something like manipulation or social scoring. If you are not sure, this list is short and specific.
- Could my AI seriously affect someone’s health, safety, or rights? This is the high-risk question. If you make AI that goes into a medical device, the answer is very likely yes, and Part 2 walks you through the exact test.
- Does my AI just talk to people or generate content? Then you are probably in the transparency bucket: be clear it is AI, and label AI-made content.
- None of the above? You are most likely minimal risk, with no specific obligations.
Notice what this means. Most companies are not in the heavy bucket. The startups that are, mainly the ones building AI into regulated products like medical devices, already do a lot of structured compliance work, and the AI Act mostly rides on top of that rather than replacing it. More on that in Part 2.
The big takeaway from Part 1: the EU AI Act is real, it is risk-based, and “August 2nd” mostly means the transparency rules go live while the heavy high-risk rules move to 2027 and 2028. Knowing your bucket is 90% of the battle.
How qmsWrapper fits in
If your product is in the high-risk bucket (most AI medical devices are), the AI Act asks you to keep a lot of connected evidence: which model version is live, what data trained it, how you manage risk, how you tested it, and how you fix problems. qmsWrapper is a connected Medical Device Compliance QMS that keeps all of that linked and current, so when a regulator or notified body asks, you can show you are in control instead of digging through scattered files. See AI QMS for medical devices for how that works, or book a qmsWrapper demo to see it.
Common Questions About the EU AI Act
What is the EU AI Act in simple terms?
It is Europe’s first broad law on artificial intelligence, Regulation (EU) 2024/1689. It groups AI into four risk levels (banned, high-risk, limited/transparency, and minimal) and gives each level its own rules. The riskier the use, the more obligations apply.
What actually happens on 2 August 2026?
The transparency rules (Article 50) go live. From that day, AI that interacts with people or creates synthetic content generally has to be disclosed and labelled. The bigger high-risk obligations that were once tied to this date have been moved later.
Did the EU AI Act get delayed?
The high-risk parts did, through a package called the Digital Omnibus on AI. High-risk standalone systems now start from 2 December 2027 and high-risk AI inside regulated products from 2 August 2028. These dates are provisional as of June 2026 and still need formal publication.
Does the EU AI Act apply to small startups?
It can, but for most small companies the obligations are light or none. It depends entirely on your risk level. If you are not doing anything banned and your AI does not seriously affect health, safety, or rights, you are usually in the transparency or minimal bucket.
Is my AI banned under the Act?
Almost certainly not. The banned list is short and targets specific harmful uses like manipulation and certain social scoring. A normal business or medical product does not fall here.
Where does AI in medical devices land?
Usually in the high-risk bucket, which carries the most obligations. Part 2 of this series gives you a simple test to confirm whether your AI medical product is high-risk and what that really involves.
