Skip to content
Cardan-AI
Back to news
Régulation IA14 July 2026

The AI Act: fines up to €35M and new guidelines — why regulated sectors must structure their AI governance now

The AI Act's 2026 timeline is sharpening: tighter obligations for general-purpose AI models, application guidelines from the Commission, and a penalty regime reaching €35M or 7% of global turnover. For aerospace/defense, O&G and energy — already heavily regulated — the point is not to endure yet another text, but to turn compliance into an industrial edge. Cardan-AI analysis.

The European AI Act is entering its most concrete phase. In 2026, obligations for providers of general-purpose AI models are tightening, the Commission is publishing its application guidelines, and the penalty regime is becoming fully dissuasive: up to €35 million or 7% of global turnover for the most serious breaches, such as deploying prohibited systems. The message to boards is clear: AI is no longer a free experimentation zone, but a domain subject to traceability, documentation and risk-control obligations.

For sectors that are already heavily regulated — aerospace and defense, O&G, energy — this shift echoes existing reflexes. These industries have long mastered certification, document control and safety auditing. The risk is therefore not cultural but organizational: AI systems have often been deployed at the margins of legacy quality processes, in innovation pockets or via SaaS vendors, with no risk classification or centralized mapping. The AI Act forces these scattered uses back into a formal governance framework.

The mistake would be to treat compliance as a defensive constraint. Companies that structure their inventory of AI use cases early, classify them by risk level and clarify their accountability chain reap a double dividend: they reduce their exposure to fines, but above all they accelerate future deployments, because each new project builds on an already validated framework rather than a legal negotiation to restart. In environments where an AI system can touch flight safety or the integrity of an industrial asset, this discipline becomes a commercial and insurance argument.

The Cardan-AI view: the window to act is now, before the guidelines harden into binding audit practice. A pragmatic scoping exercise — AI system inventory, AI Act classification, assignment of responsibilities, a compliance roadmap prioritized by risk — can be run in a few weeks and avoids months of forced catch-up. For leaders in regulated sectors, the real question is not whether to start, but who, internally, already owns AI governance end to end.

Analysis by

Cardan-AI Intelligence

Our research and analysis unit, dedicated to applied AI for business, industry and regulatory compliance.

Let's talk about your next competitive edge

A 30-minute conversation to identify your most profitable AI use cases.