⚠ EU AI ACT ENFORCEMENT — 2 AUGUST 2026 — FINES UP TO €35,000,000 OR 7% GLOBAL TURNOVER — MOST COMPANIES ARE NOT READY — ARE YOU? ⚠ EU AI ACT ENFORCEMENT — 2 AUGUST 2026 — FINES UP TO €35,000,000 OR 7% GLOBAL TURNOVER — MOST COMPANIES ARE NOT READY — ARE YOU? ⚠ EU AI ACT ENFORCEMENT — 2 AUGUST 2026 — FINES UP TO €35,000,000 OR 7% GLOBAL TURNOVER — MOST COMPANIES ARE NOT READY — ARE YOU?
annexIII.eu · The EU AI Act audit
Your AI Systems Are Either Compliant. Or Illegal.
On 2 August 2026 the EU AI Act fully enforces. If your fintech, HR-tech, or healthtech uses AI to make decisions, you are in scope. Most companies don't know it yet.
30 min · No pitch · No proposal you have to sit through · Reply within 24h
Recent engagements (NDA)
Series B Fintech · Warsaw·EU Healthtech · DACH·Pan-EU HR Platform·Insurtech · Nordics·B2B SaaS · Berlin
€35M
Maximum fine for non-compliance — or 7% of global annual turnover
40%
Of enterprise AI systems have unclear risk classification right now
Until enforcement. Most companies need 8–12 weeks minimum to comply.
0
Specialist firms in Poland that audit AI under the Act AND read your model code
Not ready to talk? Get the EU AI Act 27-Point Readiness Checklist — the same one annexIII.eu runs on every audit.
The Problem
Most Companies Have No Idea How Exposed They Are.
Future-pace this:
Tuesday, 4 August 2026. 9:14 AM. Your COO walks into your office white-faced. UODO has just opened a formal investigation into your CV-screening platform. They want full Article 11 technical documentation, your risk-management framework, and your human-oversight protocols. By Friday. You don't have any of it. Your board chair is on the phone. Your biggest enterprise customer just emailed asking for proof of compliance before contract renewal.
This is not a hypothetical. The first enforcement actions will be made into examples. The only question is whether you're the example or the case study.
Your AI inventory doesn't exist
You can't classify what you haven't counted. Over half of organizations don't know what AI systems are running in production right now. That's your first problem.
High-risk systems need documentation you don't have
Credit scoring, CV screening, medical diagnostics — all explicitly listed under Annex III. Without technical documentation, conformity assessments, and human-oversight protocols, you're exposed.
Your lawyers can't do this alone
The EU AI Act is technical. A lawyer can tell you the law. They can't review your model architecture, assess your data governance, or write the technical documentation that survives an audit.
Big 4 firms won't take your call
PwC and Deloitte start EU AI Act engagements at €100,000+. Their minimum project is 3 months. You need answers in weeks, not quarters.
SaaS tools don't solve the problem
OneTrust and Securiti are powerful software. They're not consultants. They don't classify your systems, write your documentation, or tell you what you actually need to do before August.
The clock is running
A full compliance implementation takes 8–12 weeks. You needed to start 6 weeks ago. Every week you wait is a week off the runway — and the regulator has no sympathy for late movers.
30 min · No pitch · Reply within 24h
The Cost of Waiting
Plug In Your Numbers. See Your Exposure.
Three sliders. Live math. The same calculation a regulator's accountant runs when sizing a fine — and the same one I run on the first call to scope your engagement.
The greater of €35M or 7% of global annual revenue (Article 99)
Remediation if you start within 30 days
€14.0M
Standard fixed-fee scope · 8–12 week timeline · pre-deadline buffer
Remediation if you start in 90 days
€28.0M
Rush premium · weekend work · subcontracted specialists · and you may already miss the deadline
30 min · No pitch · Reply within 24h
Estimates based on engagement-tier averages. Actual scope and fee are confirmed on the discovery call.
What I Do
Four Engagements. One Mission: You're Compliant.
Package 01
AI Compliance Audit
2 weeks · Entry point
€6–12k fixed fee
Full inventory of every AI system in your stack
Annex III risk classification — high, limited, minimal
Gap analysis against August 2026 requirements
Written report with prioritized action list
30-min debrief call with your CTO and legal team
100% refund guarantee. If the audit doesn't surface at least €100,000 of identified compliance risk, I refund the fee — and you keep the report.
Most popular
Package 02
Compliance Roadmap + Documentation
4–6 weeks · Most common choice
€18–35k fixed fee
vs. Big 4 equivalent: €80–120k · 12+ weeks
Everything in the Audit
Technical documentation per Article 11
Risk management framework build
Human oversight procedures (Article 14)
Vendor contract AI Act clause review
GDPR + AI Act overlap assessment
Audit-ready documentation package
3 of 6 May start-slots remaining. After May, delivery slips past the August deadline.
Package 03
Full Compliance Implementation
8–12 weeks · Maximum coverage
€40–80k fixed fee
Everything in the Roadmap
End-to-end governance system build
AI literacy training for your team (legally required)
Post-market monitoring setup
EU database registration for high-risk systems
Conformity assessment support
Audit-defence documentation package
Package 04
Ongoing Compliance Retainer
Monthly · Post-August continuity
€2.5–5k per month
Monthly regulatory update briefings
Incident reporting support (24hr response)
Quarterly review of AI systems
On-call advisory for new AI deployments
Regulatory change management
Recent engagements · Anonymized under NDA
Built For Companies Who Cannot Afford To Be The Example.
Series B Fintech
Warsaw · 220 staff · Credit-scoring
EU Healthtech
DACH · 14 systems · Diagnostic AI
Pan-EU HR Platform
1,200 customers · CV-screening
Insurtech
Nordics · Underwriting model
B2B SaaS
Berlin · LLM-assisted decisioning
5 weeks · audit-ready
“Credit-scoring model classified as high-risk Annex III. Full Article 11 technical documentation, risk-management framework, and human-oversight protocols delivered in 5 weeks. Board-approved before Q1 close.”
VP Engineering
Series B Fintech · Warsaw
3 weeks · 14 systems classified
“We had 14 AI systems in production and no idea which were in scope. annexIII.eu inventoried everything, reclassified 3 of them, and mapped the conformity-assessment pathway in 3 weeks. We went from "no idea" to "audit-ready" faster than our lawyers thought possible.”
CTO
EU Healthtech · Berlin
5x ROI · risk Big 4 missed
“annexIII.eu surfaced a CV-screening exposure our Big-4 advisor had missed entirely. The scope of remediation alone justified the engagement five times over — and the docs delivered were what the regulator would actually want to read.”
Chief People Officer
Pan-EU HR Platform · 1,200 customers
Quotes paraphrased and attributions anonymized to comply with active NDAs. Reference checks available on request after the discovery call.
Who runs annexIII.eu
The Only Practice That Does Both.
Every other compliance consultant in Poland is either a lawyer who can't read your code or a developer who doesn't know the regulation.
annexIII.eu is run by Francesco Masciopinto — years of building enterprise AI systems at Capgemini, active smart-contract security research through Immunefi's bug bounty programme, and a working command of the EU AI Act deep enough to classify your systems, write your Article 11 documentation, and build the controls that make it stick.
You don't need a PowerPoint. You need someone who rolls up their sleeves.
01
Capgemini senior developer
Enterprise AI and software architecture experience. I know what a production AI system looks like from the inside — and what regulators will look for.
02
Active Immunefi security researcher
Ongoing smart contract security research on Optimism's OP Stack. I find vulnerabilities in complex technical systems for a living.
03
CEE-local, English + Polish
Based in Gdańsk. I understand the Polish regulatory environment, the local business culture, and I can work with your Urząd Ochrony Danych if needed.
04
Fixed fees, fast delivery
No open-ended hourly billing. Fixed scope, fixed price, defined deliverables. The audit is 2 weeks. The Big 4 take 3 months just to staff the team.
August 2nd Is Not Moving.
The European Commission is not extending the deadline for companies that were "too busy." Enforcement powers are fully activated on August 2, 2026. National regulators are already staffing up. The first enforcement actions will be spectacular — because regulators always need to make an example.
Don't be the example.
Process
From Zero To Audit-Ready In 8 Weeks.
01
Free 30-minute exposure call
We go through your current AI stack. I tell you exactly how exposed you are and which package makes sense. No pitch. No obligation. Just the truth about where you stand.
02
AI inventory + Annex III classification
I map every AI system you use, build, or deploy. I classify each one against the EU AI Act risk framework. You'll know exactly what you're dealing with — probably for the first time.
03
Documentation + governance build
I write the technical documentation, risk management procedures, and oversight protocols that regulators actually look for. Not boilerplate. Not copy-paste from a template. Specific to your systems.
04
Audit-ready delivery
You receive a complete documentation package. Your systems are classified. Your governance is live. Your team is trained. If a regulator walks in tomorrow, you're ready.
Let me guess what you're thinking
I've Heard Every Excuse.
We're already working with a law firm on this.
Good. Your lawyers handle the legal framework. I handle the technical layer — the part where someone actually needs to look at your AI systems and produce documentation that would survive a regulator's scrutiny. Those are different jobs.
We use OneTrust / we have a compliance tool.
OneTrust is software. It doesn't classify your systems. It doesn't write your technical documentation. It doesn't know whether your credit model is Annex III high-risk. A tool is only as good as the expert configuring it.
We might get a deadline extension — we heard the Omnibus proposal.
The Digital Omnibus is a proposal that may or may not pass, may or may not extend certain deadlines, and will not be resolved before August. Every compliance expert says the same thing: treat August 2026 as binding. You cannot gamble your company on a legislative proposal.
Our AI is minimal risk — we probably don't need this.
"Probably" is doing a lot of work in that sentence. The free call will confirm it in 30 minutes. If you're right, it costs you nothing but time. If you're wrong, you've just avoided a fine worth 7% of your revenue.
We don't have the budget right now.
The audit starts at €6,000. The minimum fine for high-risk non-compliance is €15,000,000. That's not a budget conversation — that's a risk calculation. And if budget is genuinely tight, I'll scope something that fits.
FAQ
The Questions Everyone Asks.
Yes. The European Commission has stated repeatedly it is not extending the high-risk obligations deadline. Even if the Digital Omnibus proposal moves some prohibitions, every active practitioner — including me — is treating 2 August 2026 as binding. Plan for that date and you are safe; gamble on a delay and you are exposed.
One Call. Full Clarity. No Risk.
30 minutes. I'll tell you exactly where you stand, what you need, and what it costs. No sales pitch. No proposal you have to sit through. Just a straight answer about your exposure — from someone who's spent months inside these systems.
Takes 30 minutes. No commitment. Reply within 24 hours.