The European Union has spent years writing the world’s most ambitious artificial intelligence law. Now it’s finding out whether it can actually enforce the damn thing.

This month, the European Commission appointed a 60-member Scientific Panel and a 174-person Advisory Forum to help oversee the AI Act’s implementation. These aren’t decorative bodies. They’re supposed to be the technical conscience of Europe’s AI regulation — the people who will tell Brussels whether a frontier model is risky, whether an evaluation methodology holds up, and whether companies are telling the truth about their systems.

The timing matters. Most of the AI Act’s core obligations kick in on August 2, 2026. That’s roughly seven weeks from now. For the major frontier labs — OpenAI, Google, Anthropic, Meta — this means their general-purpose AI models will face comprehensive transparency requirements, copyright compliance obligations, technical documentation duties, and mandatory reporting to the EU AI Office. Models deemed to pose systemic risk face additional adversarial testing and incident reporting requirements.

The fines are not theoretical. Up to €35 million or 7% of global annual turnover for the most serious violations. For companies of OpenAI’s scale, that’s billions of euros. Whether the EU AI Office actually has the technical chops — and the institutional nerve — to impose that kind of penalty on a frontier lab is the open question. The Scientific Panel is supposed to give them the expertise to make that case.

Why the Composition Matters

The Advisory Forum’s composition is worth examining closely. It includes the EU Agency for Fundamental Rights, the EU cybersecurity agency ENISA, and European standardisation bodies alongside industry representatives. That’s deliberate. AI oversight can’t be reduced to whether a model passes a benchmark. Questions of discrimination, privacy, worker protection, and democratic accountability emerge at the point where a technical system meets actual people. Giving civil society and rights agencies a seat at the table — not just industry — is the Act’s attempt to bake that in.

Whether it works is another question. These bodies advise, they don’t decide. The real power sits with the AI Office and national authorities, who face political pressure from all sides. Labs will lobby hard. Member states with strong tech industries will push back on aggressive enforcement. The question is whether the Commission’s technical advisors can produce evidence compelling enough to withstand that pressure.

The August Deadline Is a Starting Gun, Not a Finish Line

It’s worth remembering that August 2 is the beginning of enforcement, not the end of it. The prohibited practices phase started in February 2025. The obligations for newly released general-purpose models began in August 2025. The August 2026 date is when pre-existing models — including GPT-4 class systems — get pulled fully into scope. And even then, many of the Act’s provisions require ongoing compliance, not a one-time check.

For businesses operating in Europe, the message is clear: this is not a theoretical exercise anymore. Regulators now have their advisory infrastructure in place. The enforcement architecture is assembled. Whatever regulatory caution some expected from a Commission known for long consultation periods — that window has closed. The question now is whether the political will matches the legal framework.

EU AI Act enters enforcement phase August 2, 2026. Systemic risk obligations apply to high-compute models above established thresholds.