The headline EU AI Act news in 2026 was the May 7 political agreement to defer high-risk AI deployer obligations from August 2, 2026 to December 2, 2027. For most US law firms with EU offices and for EU-headquartered firms, that deferral is the wrong thing to focus on. The high-risk obligations primarily affect AI used in employment and HR functions, not the legal practice work most firms are actually deploying AI for. The provision that actually applies to a law firm's AI use across its practice has been in force since February 2, 2025, and most firms have not addressed it.
This piece works through what the regulation actually requires of a law firm today, what is coming in 2027 for the narrower set of high-risk uses, and why the architectural decisions firms make about AI infrastructure now will determine how complicated compliance becomes over the next five years.
Article 4 is in force, applies to every AI tool, and most firms are not compliant
Article 4 of the EU AI Act creates an obligation called AI literacy. The text requires that providers and deployers of AI systems take measures to ensure, to their best extent, a sufficient level of AI literacy among their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account technical knowledge, experience, education, training, and the context in which the systems are used.
Three things matter about this provision. First, it has been in force since February 2, 2025. Not a future deadline. Current obligation. Second, it applies to all AI systems regardless of risk classification, not only to high-risk systems. Every AI tool the firm uses falls within scope. Third, it applies to every firm operating in the EU and every firm whose AI outputs are used in the EU. A US firm with a London office running AI on UK or EU matters is in scope.
The European Commission's May 2025 guidance was direct about what compliance looks like. Simply providing staff with vendor instructions for use is, in many cases, insufficient. The expectation is that the firm understands the system well enough to identify when it should be used, when it should not, what its specific limitations are, and how it handles client information. A signed acknowledgment that someone watched a vendor training video is the floor of the obligation, not the ceiling.
69% of legal professionals report using AI in their work. Only 11% of firms have implemented AI institutionally. 54% provide no training. Article 4 has been operative since February 2, 2025. The compliance gap is current.
There is no direct fine attached to Article 4 specifically. The enforcement mechanism is structural — national market surveillance authorities can issue administrative measures, and regulators investigating any other AI-related issue treat absence of documented AI literacy as an aggravating factor that increases penalties on the underlying violation. Article 4 functions as a multiplier on every other AI-related exposure the firm carries. The firms most exposed are not the ones that have deployed AI without training. They are the ones that have deployed AI and cannot produce documentation that they did the training the regulation requires.
The high-risk deployer framework, and why most legal practice work sits outside it
Article 26 of the EU AI Act establishes deployer obligations for AI systems classified as high-risk under Annex III. These obligations are substantial. The deployer must use the system according to vendor instructions and document compliance. The deployer must assign named human oversight to personnel with appropriate competence, training, and authority. The deployer must monitor operation, report serious incidents, retain logs for at least six months, inform workers and worker representatives before workplace deployment, and in specific contexts conduct a fundamental rights impact assessment.
The May 7, 2026 political agreement between the Council and Parliament moves the application date for these obligations from August 2, 2026 to December 2, 2027 for standalone high-risk systems, and to August 2, 2028 for high-risk AI systems integrated into regulated products. The agreement requires formal adoption before the new dates take legal effect, but it represents the operating timeline regulators and major advisors are working against. For practical planning purposes, December 2027 is the date that matters.
What matters more is which AI uses are actually classified as high-risk under Annex III. The category most often cited in legal commentary is Annex III point 8 — "administration of justice." Read carefully, the scope is narrower than it sounds. The provision covers AI systems intended to be used by a judicial authority or on its behalf to assist a judicial authority in researching and interpreting facts and the law and in applying the law to a concrete set of facts. "Judicial authority" means courts, judges, and tribunals. It does not automatically cover private law firms using AI to draft briefs, conduct research, or review documents for their own matters.
The high-risk paths that do apply meaningfully to law firms run through other Annex III categories — most clearly through point 4, which covers AI in employment contexts: recruitment, screening, performance evaluation, monitoring, and termination decisions. A firm using AI in its HR function falls cleanly within high-risk classification. A firm deploying AI for legal practice work generally does not.
This matters because overstating high-risk classification is the fastest way to lose credibility in a compliance conversation. The accurate framing is that the EU AI Act creates specific high-risk obligations that affect specific AI uses at a law firm — primarily employment and HR functions — and that the firm's broader exposure across legal practice AI sits under Article 4 and adjacent regulations rather than under the high-risk deployer framework.
Article 25 and the customization trap
One provision in the regulation deserves particular attention from firms that have been told they can customize their AI vendor's product to make it more bespoke to firm workflows. Article 25 provides that a deployer who substantially modifies a high-risk AI system, or who modifies the intended purpose of a non-high-risk system in a way that brings it into a high-risk classification, becomes a provider under the regulation.
Provider obligations are materially heavier than deployer obligations. They include conformity assessment under Articles 42 and 43, technical documentation under Article 11, registration in the EU database under Article 71, ten-year document retention, post-market monitoring, and CE marking. A firm that did not anticipate becoming a provider and that has not built the documentation infrastructure to satisfy provider obligations is exposed in a way the firm did not contemplate when it agreed to vendor customization.
For firms working with build partners that engage as an embedded AI function — managing strategy, development, deployment, documentation, and ongoing optimization together with the firm — the provider obligations are manageable, because the documentation work is built into the engagement from day one. For firms whose customization happens piecemeal through a SaaS vendor's customization features, the provider classification can arrive without a corresponding documentation posture.
The architectural question the regulation surfaces
Read across Article 4 in the present and Articles 25 and 26 looking forward, the EU AI Act creates a documentation-heavy compliance regime. The compliance posture that survives the audit is the one in which the firm can produce, on its own initiative, the evidence the regulation requires: AI literacy training records, human oversight assignments where applicable, monitoring logs, classification rationale for each system in use, and where provider obligations apply, the technical documentation supporting them.
For AI running on third-party infrastructure, the firm's compliance posture is partially contingent on the vendor — on the vendor's documentation quality, the vendor's audit trail completeness, the vendor's responsiveness to regulator inquiries, and the vendor's continuing commercial viability. The vendor produces some of the evidence. The firm has to assemble the rest and trust that the vendor's portion holds up under scrutiny.
For AI deployed inside the firm's own environment, the firm controls the entire documentation chain. The logs are the firm's. The technical documentation is the firm's. The audit trail is self-contained and verifiable without dependence on a third-party vendor's documentation hygiene. When a regulator asks the firm to demonstrate compliance, the firm produces its own answer.
This is not an argument that on-premise deployment is the only valid compliance path. A firm running enterprise SaaS with rigorous vendor documentation review, strong internal procedures, and a documented AI literacy program can meet the regulation's requirements. The question is which architectural choice produces a compliance posture that is simpler to operate, easier to defend, and less dependent on a third party's continuing cooperation as the regulatory environment continues to mature.
The asset class question, separate from the compliance question
Compliance is one lens. There is a second lens that managing partners increasingly apply to AI infrastructure decisions: what does the firm own at the end of the deployment.
The analogy that captures it cleanly is rent versus own. A firm that leases space pays predictable monthly costs, has flexibility, and depends on the landlord for upgrades, maintenance, and continued availability. A firm that owns its premises pays a larger upfront investment, controls its environment, and builds equity that compounds. The right choice depends on the firm's time horizon and its relationship to the asset.
SaaS AI has the renter's profile. Predictable monthly subscription. Flexibility to leave. Dependence on the vendor for the platform, the upgrades, the security infrastructure, and the foundation model decisions. The vendor's roadmap drives what the firm gets. The vendor's commercial pressures determine when the foundation model under the firm's customization gets upgraded — typically when competitive pressure forces it, not when the firm benefits.
On-premise sovereign AI has the owner's profile. Larger upfront engagement. Firm controls the architecture. Firm and build partner choose foundation models collaboratively, swap them in when better options emerge, and upgrade on the firm's timeline rather than the vendor's. The institutional knowledge developed through the build stays with the firm. After a decade, the firm holds an asset. After a decade of SaaS, the firm holds receipts.
The compliance argument and the asset class argument reinforce each other but should be evaluated independently. The compliance argument says on-premise makes the documentation chain self-contained. The asset class argument says on-premise produces a permanent firm asset rather than a permanent firm expense. Each argument is defensible on its own. Together they describe a different category of decision than the binary "which AI tool should we buy" question most firms are still framing.
The question worth sitting with
For a managing partner at a firm with EU exposure, two questions are worth answering deliberately.
First: can the firm produce, without consulting the vendor, documentation showing how its current AI use satisfies Article 4 AI literacy obligations for each tool and each cohort of users? If the answer is no, the firm is operating below the floor of a regulation that has been in force for over a year.
Second: when high-risk deployer obligations enforce in December 2027 — for the narrower set of AI uses where they apply — does the firm want its compliance posture to be self-contained inside its own infrastructure, or contingent on its vendor's documentation? The decision the firm makes about AI infrastructure in 2026 will determine which posture the firm operates from when enforcement begins.
Neither question requires the firm to make a particular choice. Both questions reward firms that engage with the architectural decision deliberately rather than letting it be decided by procurement defaults. The firms whose AI infrastructure will still be doing useful work in 2036 are the firms answering both questions now, with a clear view of what the regulation actually requires and what the firm intends to own at the end of the deployment.
About the author. Jon Ventoso is the founder of LISA — Legal Intelligence Sovereign Architecture. LISA designs and builds purpose-built AI infrastructure for law firms, deployed inside the firm’s environment and owned permanently. The views above are the author’s own and do not constitute legal advice.