FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatoryprivacydata protectionEU AI Act

August 2, 2026: The EU AI Act Deadline Most B2B Companies Are Still Underestimating

By Basel IsmailMay 14, 2026

August 2, 2026: The EU AI Act Deadline Most B2B Companies Are Still Underestimating

August 2, 2026 is when the EU AI Act's high-risk system obligations become fully applicable under Article 113(1) of Regulation (EU) 2024/1689. If you sell or deploy AI systems that touch any of the categories listed in Annex III, this is your compliance cliff. And based on the conversations I'm having with legal and compliance teams at mid-market B2B companies, the gap between where most organizations are today and where they need to be in roughly a year is significant.

The phased rollout of the AI Act has, I think, created a false sense of comfort. The prohibited practices under Article 5 kicked in on February 2, 2025. The general-purpose AI model rules under Articles 51 through 52 apply from August 2, 2025. Those earlier deadlines got attention. But the high-risk system rules are where the operational weight of this regulation actually lands for most B2B companies, and they require far more than a policy document and a press release.

What "High-Risk" Actually Covers in B2B Contexts

Annex III of the AI Act defines eight categories of high-risk AI systems. Several of these map directly onto common B2B use cases that companies have been deploying without much regulatory friction until now.

Employment and worker management (Annex III, point 4): AI used for recruitment screening, performance evaluation, task allocation, or monitoring. If your HR tech stack uses AI to rank candidates or flag underperformers, you're in scope.
Access to essential private services (Annex III, point 5(b)): AI systems used to evaluate creditworthiness or establish credit scores. This pulls in a wide range of fintech and financial services tooling.
Education and vocational training (Annex III, point 3): AI that determines access to education, evaluates learning outcomes, or monitors test-taking behavior. EdTech companies selling into the EU should be paying close attention.
Law enforcement and migration (Annex III, points 6 and 7): Relevant for defense contractors and companies selling into government procurement channels.

The classification isn't limited to companies headquartered in the EU. Under Article 2(1), the AI Act applies to providers placing AI systems on the EU market and to deployers of AI systems located within the EU. If you're a U.S. company with EU customers using your AI-powered platform, you're a provider under this regulation.

The Specific Obligations Coming Due

Articles 8 through 15 lay out the requirements for high-risk AI systems. Here's what needs to be operational by August 2, 2026:

Risk management system (Article 9): A documented, continuously maintained risk management process specific to each high-risk AI system. Not a generic enterprise risk framework. A system-level process that identifies, analyzes, evaluates, and mitigates risks throughout the AI system's lifecycle.
Data governance (Article 10): Training, validation, and testing datasets must meet quality criteria. You need documented processes for data collection, labeling, cleaning, and bias examination. For companies using third-party foundation models, this creates uncomfortable questions about upstream data provenance.
Technical documentation (Article 11): Detailed technical documentation drawn up before the system is placed on the market, following the template in Annex IV. This goes well beyond a model card. It includes system architecture, design specifications, training methodologies, validation results, and performance metrics across relevant subgroups.
Record-keeping and logging (Article 12): Automatic logging capabilities that enable traceability of the system's operation. Logs must be retained for a period appropriate to the system's intended purpose, and no less than six months unless otherwise specified by Union or national law.
Transparency and information to deployers (Article 13): Clear instructions of use for downstream deployers, including system capabilities, limitations, known risks, and human oversight measures.
Human oversight (Article 14): The system must be designed to allow effective human oversight during its period of use, including the ability to understand the system's capacities and limitations, correctly interpret outputs, and decide not to use the system or override its output.
Accuracy, robustness, and cybersecurity (Article 15): Declared levels of accuracy and robustness metrics, with resilience against errors, faults, and attempts at manipulation by unauthorized third parties.

There's also the conformity assessment requirement under Article 43. For most Annex III systems, providers can self-assess conformity based on internal controls described in Annex VI. But for certain biometric and critical infrastructure systems, you'll need a notified body involved. And the EU's notified body infrastructure for AI is still being stood up, which creates its own timing risk.

Where the Gap Is

I've been looking at readiness surveys and talking to compliance leads, and the pattern is consistent. Most B2B companies have done one or two of the following: conducted an initial AI inventory, started drafting an AI governance policy, or assigned someone to "own" AI compliance. Very few have done the hard operational work that Articles 9 through 15 require.

The biggest gaps I see:

No system-level risk assessments. Companies have enterprise risk registers. They don't have risk management processes tied to individual AI systems with documented residual risk evaluations and mitigation measures. Article 9(2) requires identification and analysis of "known and reasonably foreseeable risks" for each high-risk system. That's granular work.

No data governance documentation for training data. Especially for companies using fine-tuned versions of third-party models, there's often no documentation of upstream training data characteristics, no bias testing on relevant subgroups, and no validation dataset methodology. Article 10(2) through 10(5) is specific about what's required here.

No logging infrastructure. Many production AI systems don't have the automatic logging capabilities Article 12 requires. Retrofitting logging into existing systems is engineering work with real timelines and costs.

No deployer-facing documentation. Companies selling AI-powered B2B tools rarely provide the level of transparency documentation Article 13 contemplates. Instructions of use that include performance metrics across subgroups, known limitations, and human oversight protocols are not standard practice yet.

The penalties for non-compliance under Article 99 scale up to 15 million euros or 3% of total worldwide annual turnover for violations of the high-risk system obligations. For smaller companies, the regulation provides a proportionality floor, but the numbers are still material.

What to Prioritize Now

If you're starting from a typical mid-2025 baseline, here's a realistic sequencing for the next twelve months:

Complete a classification exercise against Annex III for every AI system you provide or deploy. Be honest about edge cases; the European AI Office's guidance documents from late 2025 are helpful here.
Stand up system-level risk management processes for each high-risk system, with documented risk assessments and mitigation plans.
Audit your data governance practices against Article 10 requirements. Identify gaps in training data documentation and bias testing.
Scope the engineering work needed for Article 12 logging compliance and get it into your development roadmap now.
Draft deployer-facing transparency documentation that meets Article 13 requirements.
Assign conformity assessment responsibilities and determine whether any of your systems require third-party assessment under Article 43.

Twelve months sounds like a lot. For the scope of work involved, it isn't.

How FirmAdapt Addresses This

FirmAdapt was built with regulatory traceability as a core architectural principle, not an afterthought. The platform's logging, documentation, and audit trail capabilities are designed to satisfy the record-keeping and transparency requirements under Articles 12 and 13 of the AI Act. For companies deploying AI in high-risk contexts, this means the compliance infrastructure is already embedded in the system rather than requiring a retrofit.

FirmAdapt also supports the data governance and risk management documentation workflows that Articles 9 and 10 require. The platform maintains structured records of model behavior, data provenance, and decision outputs that map to the technical documentation template in Annex IV. For regulated B2B companies facing the August 2026 deadline, this reduces the gap between current operations and compliance readiness in a concrete, measurable way.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free