Thorsten Meyer AI has published Capability or Control: The European Enterprise AI Playbook for the AI Act Era, framing a practical decision now facing European businesses: how to expand AI use while documenting, governing and limiting systems under the EU AI Act.

The development is not a new AI Act rule or a company enforcement case. It is an analysis peg tied to the law’s rollout. According to the European Commission, the AI Act entered into force on 1 August 2024 and becomes fully applicable on 2 August 2026, with staged exceptions.

According to the Commission, governance rules and obligations for general-purpose AI model providers became applicable on 2 August 2025. The Commission also published a voluntary code for marking and labelling AI-generated content on 10 June 2026, saying it is meant to help providers and deployers meet transparency duties from 2 August 2026.

For enterprises, the distinction between provider and deployer is central. A company building or adapting AI can face provider duties; a company using a third-party system may still need governance, instructions, human oversight and incident processes when the system falls into regulated uses. The playbook framing points to that split: capability is about using AI in products and workflows; control is about proving where the system is used, who owns the risk and how outputs are disclosed.

AI Governance Moves Into Budgets

The AI Act turns AI strategy into operating discipline for boards, legal teams, procurement and product owners. European companies cannot treat generative AI as only a productivity layer if outputs are published, used in employment, education, credit, public services, biometrics, critical infrastructure or other listed areas.

The business risk is not only fines. Poor records can slow AI purchasing, block deployment, weaken vendor negotiations and leave teams unable to explain why a system was approved. For global firms, EU rules can also shape group-wide controls because it is often cheaper to run one AI governance baseline than separate regional processes.

AI Act Deadlines Now Shape Planning

The Commission describes the AI Act as a risk-based framework. Practices it classifies as unacceptable have been prohibited since 2 February 2025, and AI literacy duties also started then. GPAI model rules took effect on 2 August 2025, including transparency and copyright-related obligations for providers.

The law’s next near-term date is 2 August 2026, when transparency rules for AI systems apply. On 19 May 2026, the Commission issued draft guidelines on high-risk classification and invited feedback until 23 June 2026. The Commission says rules for systems in certain high-risk areas, including biometrics, critical infrastructure, education, employment, migration and border control, will apply from 2 December 2027 after a political agreement on AI Act simplification. Product-integrated high-risk systems have a later date: 2 August 2028.

“Capability or Control”

— Thorsten Meyer AI

Open Questions for Enterprise Buyers

Several points are unresolved from a buyer’s perspective. It is not yet clear how national market-surveillance authorities will prioritize early cases after the 2026 date, how much evidence they will expect from deployers using third-party systems, or how fast harmonised standards will settle day-to-day documentation practices.

No public article body was available for review, so details beyond the title should not be inferred. That means readers should not assume Thorsten Meyer AI recommends a specific governance model, vendor approach, cost estimate, benchmark or named expert view unless those details are later provided.

Next Compliance Dates to Watch

Enterprises should treat the next weeks as a mapping phase. The immediate tasks are to inventory AI systems, identify provider and deployer roles, classify high-risk use cases, record model suppliers, document human oversight, review output labelling and decide which AI-generated content needs public disclosure from 2 August 2026.

The next official marker is 23 June 2026, when feedback on draft high-risk guidelines closes. After that, the August 2026 transparency date will test whether companies have turned policy into working controls, followed by 2 December 2027 and 2 August 2028 high-risk milestones.

Source: Thorsten Meyer AI

Key Questions

What is the news development?

Thorsten Meyer AI has published an enterprise-focused AI Act playbook framed around capability and control. The news value comes from its timing during active EU AI Act rollout dates.

Is this a new EU AI Act rule?

No. The confirmed legal developments come from the European Commission’s published AI Act timeline, the 10 June 2026 labelling code and the May 2026 draft high-risk classification guidance.

Which AI Act deadline is closest?

The closest consultation deadline is 23 June 2026 for draft high-risk classification guidance. The next major compliance date is 2 August 2026, when transparency rules apply.

Are all enterprise AI systems high-risk?

No. The AI Act uses risk categories. Many low-risk uses may face limited or no AI Act duties, while listed areas such as employment, education, biometrics, credit or critical infrastructure can trigger heavier requirements.

What should companies do now?

They should map AI use cases, identify whether they are providers or deployers, check whether systems fall into high-risk categories, document vendors and prepare labelling and human-oversight processes before the August 2026 date.

Source: Thorsten Meyer AI