The EU AI Act (Regulation (EU) 2024/1689) high-risk AI system rules become fully applicable from August 2, 2026. Japanese companies placing AI systems on the EU market are subject to extraterritorial application under Article 2.
Application Schedule
| Date | Scope |
|---|---|
| February 2, 2026 | Prohibited AI bans take effect |
| August 2, 2026 | High-risk AI system rules apply (this article) |
| August 2, 2027 | General-purpose AI (GPAI) model rules apply |
| August 2, 2030 | Full coverage of legacy large-scale IT systems with embedded AI |
High-Risk Use Cases (Annex III)
| Category | Examples |
|---|---|
| Biometric identification | Face recognition, emotion recognition |
| Critical infrastructure | Electric grid, water, transport control AI |
| Education & training | Admissions, grading, career recommendations |
| Employment | Hiring screening, performance evaluation |
| Essential services | Public benefits, healthcare resource allocation |
| Law enforcement | Crime prediction, evidence evaluation |
| Migration & borders | Visa screening, asylum risk |
| Justice & democracy | Judgment prediction, election impact |
Free Tool Related to This Article
Statute of Limitations Checker
Try our free simulator related to this topic.
Try for free →Extraterritorial Reach for Japanese Companies (Art. 2)
Japanese companies are subject to the AI Act if: 1. They place AI systems on the EU market 2. Their AI outputs are used in the EU 3. They enter the EU market through EU-based importers, distributors, or representatives
Key Obligations for High-Risk AI
- Conformity assessment (Art. 43) — pre-market evaluation, internal or by third-party body for certain uses
- CE marking (Art. 48) — declaration of conformity
- Risk management system (Art. 9) — lifecycle risk identification and mitigation
- Data governance (Art. 10) — training/validation/test data quality, bias detection
- Technical documentation (Art. 11) — 10-year retention
- Logging (Art. 12) — automatic logs accessible to authorities
- Transparency (Art. 13) — user instructions, capability and limitation disclosure
- Human oversight (Art. 14) — meaningful human supervision design
- Accuracy, robustness, cybersecurity (Art. 15)
- Fundamental Rights Impact Assessment (FRIA) (Art. 27) — required for certain deployers
Penalties
| Violation | Maximum |
|---|---|
| Prohibited AI (Art. 5) | €35 million or 7% of global annual revenue |
| High-risk AI obligations | €15 million or 3% of global annual revenue |
| False information to authorities | €7.5 million or 1.5% of global annual revenue |
Higher than GDPR's €20M / 4% benchmark. SMEs apply the percentage figure.
5-Step Compliance Roadmap for Japanese Companies
Step 1 (by June 2026): AI System Inventory — list all EU-market AI systems; classify against Annex III categories. Step 2 (by July 2026): Conformity Assessment Prep — select third-party body where required; design risk management system; prepare technical documentation. Step 3 (by August 2026): Operational Setup — appoint EU Authorized Representative; establish data governance; implement logging infrastructure. Step 4 (At application date): User Disclosures — EU-language instructions; capability and limitation statements. Step 5 (Ongoing): Continuous Monitoring — post-market monitoring; serious-incident reporting; periodic re-assessment.
Relationship to Japanese Domestic Law
- METI's AI Operator Guidelines (April 2024 v1.0): complementary but voluntary
- APPI: high-risk AI involving personal data triggers triple-layer compliance (APPI + AI Act + GDPR)
- Copyright Act Art. 30-4: Japan's training data exception coexists with EU AI Act's GPAI training-data summary disclosure obligation
Industry Impact
| Sector | Impact | Key uses |
|---|---|---|
| HR Tech | ★★★★★ | Hiring AI, aptitude testing |
| Financial services | ★★★★ | Credit scoring, fraud detection |
| Medical devices | ★★★★★ | Diagnostic support AI |
| Automotive | ★★★★ | Highly autonomous driving |
| EdTech | ★★★ | Recommendation, auto-grading |
| General SaaS | ★★ | When offering to EU |
| Manufacturing | ★★ | Industrial AI, quality control |
Conclusion
The EU AI Act high-risk system regime takes effect on August 2, 2026, and Japanese companies are within scope through extraterritorial application. With penalties reaching 7% of global annual revenue, immediate action is needed: inventory, assessment, operations, disclosure, monitoring. Companies in HR Tech, medical devices, and financial services should begin EU Authorized Representative appointment and conformity assessment by June 2026.
For AI regulatory compliance, consult an attorney experienced in IT and international law.
![[Lawyer-Reviewed] Japan AI Portrait Rights 2026: Deepfake Penalties & Likeness Law](/news/ai-portrait-rights-2026.svg?dpl=dpl_DtSYF7LNV9f1tM19WFGKWyjxnq81)
![[Lawyer-Reviewed] Japan AI Law Penalties 2026: Deepfake & Copyright Enforcement](/news/ai-penalty-deepfake-regulation-2026.svg?dpl=dpl_DtSYF7LNV9f1tM19WFGKWyjxnq81)
![[Lawyer-Reviewed] Japan APPI 2026: AI Data Consent + GDPR-Style Surcharges](/news/privacy-law-ai-reform-2026.svg?dpl=dpl_DtSYF7LNV9f1tM19WFGKWyjxnq81)