The EU AI Act compliance squeeze is coming for South African exporters

2026 is when EU buyers start demanding proof of governance, not promises of innovation.

Article link: https://open.substack.com/pub/johanosteyn/p/the-eu-ai-act-compliance-squeeze?r=73gqa&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

Audio summary: https://youtu.be/XkPfPZE-1x4

Follow me on LinkedIn: https://www.linkedin.com/in/johanosteyn/

For many South African companies, the EU AI Act still feels like something happening “over there”. That is a dangerous assumption. If you sell products or services into Europe, support EU clients from South Africa, or build technology that is used by people in the EU, you will feel the ripple effects through contracts, procurement, audits, and risk committees.

The squeeze is not only about legal exposure. It is about losing deals because you cannot answer basic questions: Where is AI used? What data does it touch? How is it monitored? Who is accountable? In 2026, EU buyers will increasingly treat those questions as a gating factor, not a nice-to-have. This article is a practical exporter’s guide to what South African firms should do this quarter to stay commercially credible.

CONTEXT AND BACKGROUND

The EU AI Act entered into force in August 2024, but it applies in stages. Some obligations already apply, while others ramp up through 2026 and beyond. The EU’s own published timeline makes it clear that key requirements are staggered: early obligations around prohibited practices and AI literacy applied from 2 February 2025; obligations for general-purpose AI models applied from 2 August 2025; and further rules and transitions continue through 2 August 2026 and, for certain categories, into 2027.

Crucially for South Africans, the Act is not confined to EU-headquartered companies. It applies to providers placing AI systems (or general-purpose AI models) on the EU market, regardless of where those providers are established. In other words, you can be fully based in Johannesburg or Cape Town and still be in scope if your AI is sold into, or used within, the EU.

The European Commission is also signalling that it wants businesses to move from confusion to action, including through practical support tools such as the AI Act Service Desk and the EU AI Act Compliance Checker. 

INSIGHT AND ANALYSIS

The real shift for 2026 is not only regulatory. It is commercial. EU customers will increasingly push their obligations down the supply chain. That means your client’s legal team may send you questionnaires you have never seen before, your sales cycle may slow as risk teams review your answers, and renewals may suddenly include clauses about documentation, monitoring, incident response, and audit rights.

For South African exporters, the trap is thinking “we don’t build AI, we just use it”. If your product relies on a foundation model, a chatbot, automated scoring, content generation, or decision support, you still need to understand the role you play and what assurances you can provide. The buyer is not interested in whether the model is yours. They want to know whether you have controlled its use responsibly.

This is where risk tiering becomes practical rather than theoretical. If your AI touches hiring, education, biometric identification, safety, or other sensitive contexts, it may trigger higher expectations. Even for lower-risk use cases, transparency and basic controls are becoming table stakes. The question is not “are we compliant in some abstract sense?” It is “can we demonstrate, quickly and credibly, that we are managing AI risk?”

IMPLICATIONS

If you sell into the EU, here is what to do this quarter.

First, build an AI inventory. List every place you use AI, including pilots, third-party tools, and features that sound harmless (“smart suggestions”, “auto-summaries”, “recommended next actions”). If it can influence a customer outcome, a staff decision, or a data flow, it belongs on the list.

Second, classify each use case by exposure and risk. Ask: is this used by EU clients, EU employees, or EU end users? Does it meaningfully affect people’s rights, access, or opportunities? This gives you a simple prioritisation map without getting lost in legal jargon.

Third, produce a short “AI trust pack” you can hand to procurement. Keep it practical: what the system does, what data it uses, how you protect that data, how humans oversee outcomes, how you monitor performance, and what happens when something goes wrong.

Finally, update contracts and vendor management. If you rely on third-party AI, make sure you can obtain the documentation and assurances you’ll be asked for. If your customers expect audit rights or incident timelines, you need alignment across your own suppliers.

CLOSING TAKEAWAY

The EU AI Act is quickly becoming more than a legal development. It is a new global standard for how serious organisations buy and govern AI. For South African exporters, the risk is not only fines or enforcement. The bigger risk is commercial exclusion: being quietly removed from shortlists because you cannot evidence responsible AI use. The upside is equally real. If you build a disciplined AI inventory, clear ownership, and a simple documentation pack now, you can turn compliance pressure into a competitive advantage. In 2026, trust will close deals faster than hype.

Author Bio: Johan Steyn is a prominent AI thought leader, speaker, and author with a deep understanding of artificial intelligence’s impact on business and society. He is passionate about ethical AI development and its role in shaping a better future. Find out more about Johan’s work at https://www.aiforbusiness.net