Twenty minutes into our conversation, I put what I thought was a watertight proposition to Antonina Burlachenko. A company signs a contract with its AI vendor. In black and white, the vendor agrees to carry the compliance risk. The company files that contract away, and it relaxes. For two of the three ways you can be reclassified as a “provider” under the EU AI Act, I suggested, that contract is worth nothing.

She corrected me before I had finished. Not two of the three. All three. Whatever the contract says, the responsibility lands on whoever the law decides is the provider — and the law does not read your indemnity clause.¹

That moment is the whole episode in miniature, and it is the reason I wanted to write this down rather than leave it in the audio. Antonina is Head of Regulatory Consulting at STAR, where she and her team take regulated products to market and build the quality, security and AI-management systems that sit underneath them. She does the advising, the internal audits, and the due-diligence work that investors commission before they wire the money. In other words, she is one of the small number of people who actually sit inside the gap between what a company believes about its compliance and what is true. And the thing she sees most often is a room full of capable people who are certain that a European law about artificial intelligence has nothing to do with them.

On the second of August 2026, that certainty stops being free.

You did not build it. The law made you the maker anyway

Start with the belief itself, because almost everyone holds it: we are not an AI company, so this does not apply to us. The bank running a model over loan applications says it. The retailer scoring its customers says it. The firm that bought a hiring tool off the shelf and switched it on says it most confidently of all.

Antonina’s reply is patient and unwelcome. The Act introduces roles, and most people fixate on only one of them — the provider, the organisation that builds an AI system or places it on the market. But there is a second role, the deployer, the organisation that simply uses one, and it carries its own non-transferable duties. There is a separate obligation on AI literacy across your staff. And then there is Article 25, which is where the comfortable story falls apart.²

Here is the trap, in her account. You buy a tool. You fine-tune it on your own data. You put your own brand on the front, and you point it at a job it was not sold for. Do any of three things — place a high-risk system on the market under your own name, substantially modify one, or repurpose an ordinary system into a high-risk use — and the law stops calling you the customer and starts calling you the provider. Automatically. With no form to file and no one to tell you it has happened. I reached, in the moment, for the analogy that fits: it is the difference between driving a hire car and re-engineering one. Drive it, and the risk sits with the company that built it. Re-engineer it, and you own whatever happens next — even if you only ever meant to drive it yourself.

The argument I want to make here is that this is the single most under-priced liability in enterprise technology right now, precisely because it is invisible on the balance sheet until the day it isn’t. You do not acquire it through a purchase order. You acquire it through a configuration change that your engineering team made on a Tuesday and never thought to flag to legal.

What “high-risk” actually means — and why your office address is irrelevant

Two clarifications make the scope concrete. First, “high-risk” is not a mood; it is a definition with two flavours. Either your product is already regulated by existing EU legislation and uses AI as a core or safety component — medical devices, machinery — or it falls into one of the Annex III use cases: biometric identification, employment and hiring, education, critical infrastructure, access to essential public and private services, law enforcement.³ Read that list slowly. It is not a catalogue of science-fiction systems. It is a catalogue of ordinary corporate functions that thousands of companies have quietly handed to a model.

Second — and this is the line that should make every American and British general counsel sit up — the Act does not care where you are headquartered. It protects people in the European market, so it reaches any company that allows its product to be used there. A firm in Chicago with no European office, which has never given Brussels a moment’s thought, is in scope the instant its AI touches a customer or an applicant in Germany. Antonina is unsentimental about it: you don’t have a choice. This is not novel, she points out; medical-device regulation has worked on exactly this “remote sales” principle for years. The novelty is only that AI has carried the principle into industries that never thought of themselves as regulated at all.

The deadline moved. The liability did not

Now the part that everyone has misread, and the reason a piece of genuinely good news has become a hazard.

In the middle of May 2026, the EU institutions agreed a package — the Digital Omnibus — that pushes the heaviest deadlines back. The obligations for stand-alone high-risk systems under Annex III now fall due in December 2027; for AI embedded in already-regulated products, August 2028.⁴ The headline wrote itself: EU delays the AI Act. A great many companies read that as permission to stop.

They misread it twice over. The first error is legal. As Antonina and I recorded this, the Omnibus was a political agreement, not yet published in the Official Journal — a handshake, not a statute — and a meaningful set of obligations is untouched by it. The AI-literacy duty is live. The prohibitions are live. And the transparency obligations — telling people when they are dealing with AI, labelling AI-generated content — proceed on the original timetable, on the second of August 2026, whatever happens to everything else.⁵

The second error is strategic, and Antonina put it more generously than I would have. If seventy-eight per cent of enterprises had done nothing by the old deadline, and could not even produce a list of the AI systems they were already running, then an extra year does not help them.⁶ It simply guarantees eleven more months of inaction and a panic in the twelfth. The exam was postponed; the syllabus tripled. A delay is only a gift to the company that was already moving.

There is a quieter, more interesting reason for the delay, and it is the one that should reassure no one. Antonina’s reading — and she would know, having watched the medical-device regulations grind through exactly this — is that the machinery of enforcement is not ready. The notified bodies, the sandboxes, the governance and monitoring framework: none of it is fully built. There is a very Yes Minister irony in a Union that has written the world’s most ambitious AI law and is not yet equipped to enforce the thing it wrote. But “the regulator isn’t ready” is the worst possible reason to relax, because regulators do, eventually, get ready — and they tend to do it precisely when the first uncomfortable case lands on the desk.

Reading this far?

Subscribe to The Control Layer for one piece a week in this register — AI, cybersecurity, sovereignty, and the geopolitics of the technology stack. Free.

Subscribe

The evidence you cannot reconstruct

If there is one section of the conversation I would press into the hands of every engineering lead, it is this one, because it is the part that cannot be solved by buying something in July.

Antonina’s background is in quality systems, and she explained why software — let alone AI — broke the old way of proving compliance. You used to be able to certify a physical product two ways: follow a controlled process, or test the finished article. Software defeated the second option, because a system with a thousand buttons and a thousand outputs cannot be tested into confidence after the fact. So regulators, decades ago, demanded the first: a defined process, followed as you go. Documents written in retrospect are, in her flat phrase, useless.

AI makes this sharper still, because bias does not live in one place you can inspect at the end. It enters at the framing of the business problem, at the choice of features, at the split between training and test data, at the labelling. I asked her how you document control of a bias that could have entered at any of those steps, after the system is already live. Her answer was the most honest thing said in the hour: “I have no idea.” The only way to hold that evidence is to capture it as you go — a flight recorder running from take-off, not a story reconstructed from the wreckage.

This is the point at which the conversation stops being about law and becomes about engineering culture, and it is where Antonina is most quietly subversive. Most of what the regulators ask for, she argues, is not exotic compliance theatre. It is good engineering practice — data governance, traceability, knowing where your data came from and how it was split — the kind of thing any decent quality-assurance handbook already contains. She has watched a young founder breeze through a medical-device audit and be surprised it was so easy, for the simple reason that he was a good engineer who had done the sensible things all along. Compliance by design is not a new philosophy bolted onto the work. In a company with the right instincts, it is just the work.

There is an Asimov problem lurking underneath all of this, and it is worth naming. The Three Laws of Robotics read, on the page, like a complete and elegant rulebook — and the entire body of stories is about the unanticipated failures that emerge when a rule-following system meets a world the rule-writers could not foresee. That is the structural challenge the AI Act is trying to meet: writing fixed rules for systems whose behaviour emerges rather than being designed. It is why Antonina keeps returning to process over paperwork. You cannot legislate the outcome. You can only insist on the discipline that makes a bad outcome visible and accountable.

ISO 42001, and the honest answer about certificates

Because the practical question everyone asks is which standard do I reach for, I put the blunt version to her: is ISO/IEC 42001, the AI management-system standard, real protection or a badge for the website? Her answer refused both poles. No certificate is real protection, she said, because nothing can guarantee a system never fails — that is the nature of software. But that is not an argument against implementing it. A management system gives you structure, traceability, repeatable results and a defensible account of what happened. ISO 42001 will most likely not be formally harmonised under the Act — it is not a safety standard in the strict sense — yet she rates it highly, because its control set is a genuinely useful map for a team starting from nothing. The Act’s own article on quality management is high-level to the point of being unhelpful for a novice; 42001 is where the practical guidance lives. They complement each other. Start with the standard that tells you what to actually do.

What the calm companies have

Near the end I asked the question I most wanted answered: what separates the company that is calm about August, and 2027, and 2028, from the one that is panicking, when both have the same size, budget and pressure?

Her answer was not about resources. It was about a quality mindset, and the values that drive a firm — something she says she can sense inside the first hour of a conversation. She has seen tiny companies with almost no money build toward full compliance one sensible step at a time, because the people running them genuinely cared about the safety of the thing they were shipping. She has seen well-funded companies treat the whole exercise as a tick-box to be acquired. The dividing line is not the budget. It is whether the first step has been taken. Her ideal client is simply the company that started.

Predictive judgement

Every episode of this show ends with a prediction we write down and return to, and Antonina gave a precise one.

The first real enforcement action under the EU AI Act, she predicts, will land around 2028 — and the most likely defendant is a company that stepped into the high-risk provider role without ever realising it had, and got caught when the consequences arrived. Pressed on whether it would be a European or a foreign firm, she leaned foreign: more likely, she thought, precisely because a company outside Europe is less aware of the European realities closing in around it.

The signals to watch, then, are these: the formal publication of the Omnibus in the Official Journal; the first Member States standing up functioning notified bodies and sandboxes; and the first regulator to test the Article 25 reclassification in anger against an organisation that genuinely did not know it had become a provider. The judgement is falsifiable in the cleanest way: if the first material enforcement action arrives before the end of 2027, or if it lands squarely on a self-aware, deliberate provider rather than an accidental one, she was wrong. We will come back to it.

The publication that calls its predictions in writing.

Every Control Layer piece ends with a falsifiable prediction and a list of signals to watch. Subscribe to track them. One email a week. Free.

Subscribe

The bottom line

The thing I keep returning to, after the conversation, is how undramatic the danger is. There is no rogue model in this story, no science-fiction catastrophe. There is a configuration change, an unread clause, a list of AI systems nobody has written down, and a deadline that moved just far enough to talk a busy executive out of acting. The EU AI Act does not care whether you call yourself an AI company. It only cares whether you are using one, modifying one, or putting your name on one — and on the strength of an hour with someone who audits the answers for a living, most companies have not yet checked which of those they are doing.

So check. Find out which of your systems touch an Annex III use case. Decide, honestly, whether you are a deployer or whether some quiet act of fine-tuning has already made you a provider. Start the evidence trail now, because you cannot reconstruct it in July. None of that requires the Omnibus to be law, and none of it gets easier for waiting.

The deadline moved. Your liability did not.

Antonina Burlachenko is Head of Regulatory Consulting at STAR. Amer Altaf is Founder and CEO of Arkava and Managing Editor of The Control Layer. The full conversation is on the channel; timestamps are in the show notes.

The Control Layer publishes weekly. Subscribe free.

Decision-grade analysis on AI, cybersecurity, technology sovereignty, and the geopolitics of the technology stack — written for the board paper, not the timeline. By Amer Altaf, Founder & CEO of Arkava and Managing Editor of The Control Layer.

Subscribe