Insights ←

The documentation every company should have ready by 2 August

Tuesday, 14 / July / 2026
Present

The entry into force of new obligations under the European Artificial Intelligence Regulation (AI Act) on 2 August 2026 marks a new step in the development of the regulatory framework for AI in Europe. However, many organisations continue to focus their attention on a single question: what exactly does the regulation require?

Perhaps a more useful question is this: could my company demonstrate, through documentation and procedures, that it is managing the use of artificial intelligence appropriately?

Regulatory compliance does not begin on the day an authority requests information, but long before that, with the ability to demonstrate that there is internal governance in place regarding the use of these technologies. Here are some of the documents that any organisation should start reviewing.

1. An inventory of the AI systems used within the organisation

The first mistake many companies make is to assume that they hardly use any artificial intelligence at all. The reality is often very different.

Generative AI tools, productivity assistants, recruitment solutions, customer service applications and data analytics platforms are already part of day-to-day operations at numerous companies. Without an up-to-date inventory, it is difficult to know what risks exist, what obligations may apply and what controls need to be put in place.

The first step towards compliance is, precisely, to know where and how artificial intelligence is being used.

2. An internal policy on the responsible use of AI

It is not enough simply to recommend the prudent use of tools such as ChatGPT, Microsoft Copilot or Gemini. Organisations need to establish clear criteria on issues such as authorised uses, the handling of confidential information, data protection, human oversight and the procurement of new technological solutions.

An internal policy helps to standardise behaviour, reduce risks and provide legal certainty for both the company and its employees.

3. A procedure for assessing new tools before implementing them

It is becoming increasingly common for different departments within an organisation to adopt AI-based applications on their own initiative.

Without a prior assessment procedure, the company may lose sight of which tools are being used, what information they process, or what impact they may have from a legal and operational perspective.

Having a review protocol in place before implementing new solutions facilitates a safer adoption process that is aligned with the requirements of the AI Act.

4. Evidence of staff training and awareness-raising

The governance of artificial intelligence does not depend solely on the legal or technology departments. It is the employees who use these tools in their day-to-day work and, therefore, they need to understand both their potential and their limitations.

Having training programmes, attendance records or internal materials demonstrates that the organisation is promoting the responsible use of AI and reinforces its culture of compliance.

5. A governance model with clearly defined responsibilities

One of the greatest risks in this area is that no one knows who is responsible for making certain decisions.

Who approves the introduction of a new tool? Who assesses the risks? Who coordinates the legal, technology and compliance departments?

Defining responsibilities and establishing channels of coordination prevents duplication of effort, improves decision-making and facilitates the management of regulatory risk.

Preparing for compliance goes beyond simply knowing the regulations

The AI Act does not merely require organisations to be familiar with the content of the Regulation. It requires organisations to be able to demonstrate that they manage the use of artificial intelligence in a structured, responsible and documented manner.

In a context where the adoption of these technologies continues to accelerate, having procedures, policies and evidence in place is no longer merely a recommended best practice: it is becoming an essential element of corporate governance.

Because, when the time comes, the difference between an organisation that is prepared and one that is not will probably not depend on how much it knows about the Regulation, but on how much it can demonstrate that it has been applying it for some time.

Local advice with international reach

We combine proximity and customization with the support of an international network present in more than 60 countries. We offer comprehensive solutions, expansion strategies, and a team of experts to support your business's growth, no matter where you operate.

  • Presence in +60 countries
  • Customized solutions
  • Comprehensive advice
  • Innovation and technology