TooliTooli
EU AI Act Deadline · August 2026

Govern your AI before regulators do.

Your employees are using AI. You don't know what data they're sharing — or which regulator is going to ask first. It's time to find out.

Book a call See the diagnostic
8 wks
to high-risk deadline
12+
shadow AI tools per org
0%
average audit coverage
£35M
max EU AI Act fine
What we're seeing

Shadow AI is already inside your perimeter.

Across financial services, gambling, healthcare, legal, and government, the same picture keeps repeating in our diagnostics.

  • 12+ different AI tools in active use — ChatGPT, Claude, Copilot, Gemini, and more.

  • Zero official policy formally approved by IT, Risk, or Security.

  • Employees regularly inputting customer data, financial records, and PII into public LLMs.

  • No audit trail for compliance, governance, or incident response.

  • Boards have effectively zero visibility into how AI is being used.

  • Procurement is approving SaaS tools with embedded AI no one has reviewed.

For regulated organisations, this is a material compliance gap — and regulators across the FCA, ICO, Gambling Commission, and EU supervisory authorities are actively investigating.

Regulatory clock

The EU AI Act deadline breakdown

FEB 2025
Prohibited AI practices banned across the EU.
AUG 2025
General-purpose AI transparency rules now active.
AUG 2026
High-risk AI deadline — most regulated organisations must be compliant.
You are here
AUG 2027
Embedded AI products deadline — covers AI inside existing regulated products.
Our engagement

Tooli Diagnose

A structured 2–4 week AI governance diagnostic that maps your current AI landscape, identifies compliance gaps, and delivers a board-ready roadmap for August 2026.

Next step

Book a call

30 minutes to understand your AI exposure and how Tooli can help you build a credible path to August 2026 compliance.

Book a call

Shadow AI Inventory

Surface every AI tool in active use across business units, devices, and SaaS — sanctioned or not.

Data Risk Mapping

Identify exactly where sensitive customer, financial, and regulated data is flowing into external LLMs.

Compliance Gap Analysis

Quantify exposure under the EU AI Act, GDPR, FCA, ICO, and sector regulators relevant to you.

Board-Ready Report

Executive summary plus a prioritised governance roadmap your board and regulator can both read.

Policy Foundations

Acceptable-use, model approval, and incident-response templates calibrated to your risk appetite.

Quick-Win Remediation

The five controls we recommend implementing inside 30 days to materially reduce regulatory risk.

Ready to govern your AI?

30 minutes. No slide deck. We'll walk you through how exposed your organisation likely is — and what a credible path to August 2026 looks like.

Book a call