EU AI Act leaves most coding assistants outside high-risk rules

The EU AI Act’s August 2, 2026 enforcement milestone brings high-risk AI obligations, Article 50 transparency rules, and stronger enforcement powers into focus for engineering organizations. Ordinary AI coding assistants used for writing, reviewing, refactoring, or debugging code are generally outside Annex III high-risk scope because software development and code generation are not listed as regulated use cases.

Risk increases when engineering AI affects people or safety-critical systems. AI used to evaluate, screen, monitor, or allocate tasks to developers can fall under Annex III worker management rules. AI embedded in critical infrastructure, medical devices, machinery, or other regulated products can also trigger high-risk obligations, while fine-tuning, rebranding, or substantially modifying a third-party model may shift provider responsibilities under Article 25.

Teams with high-risk systems must prepare technical documentation before deployment, support automatic logging, and provide human oversight mechanisms. Documentation retention can reach 10 years, while logs must be retained for a minimum of 6 months. High-risk system breaches can carry penalties of €15 million or 3% of global annual turnover, making classification, vendor contract review, provenance records, and audit-ready development workflows priority work before enforcement begins.