Thorsten Meyer AI has published "Capability or Control: The European Enterprise AI Playbook for the AI Act Era," framing the next phase of enterprise AI in Europe around a practical trade-off: building useful AI capability while keeping systems auditable under the EU AI Act. The piece lands as EU rules are already in force for prohibited AI practices, AI literacy and general-purpose AI, with transparency duties due in August 2026 and later high-risk deadlines now extending into 2027 and 2028.

The legal baseline is fixed in Regulation (EU) 2024/1689, the Artificial Intelligence Act, published in the EU Official Journal on July 12, 2024, and in force since August 1, 2024. The European Commission says the law sets risk-based rules for AI developers and deployers and classifies systems across unacceptable risk, high risk, transparency risk and minimal or no risk.

The Commission says the first set of prohibitions and AI literacy duties began applying on February 2, 2025. Governance rules and obligations for general-purpose AI models became applicable on August 2, 2025. Transparency rules, including disclosures for certain AI-generated content, are set for August 2026. High-risk systems in areas such as biometrics, employment, education, critical infrastructure, migration and border control are now slated for December 2, 2027 under the May 7, 2026 political agreement on AI Act simplification; product-integrated high-risk systems are slated for August 2, 2028.

Thorsten Meyer AI’s headline does not provide company case studies, adoption figures or named executives. That limits what can be confirmed about the playbook’s specific recommendations. What is confirmed is the framing: European enterprises are being asked to treat AI capability and AI control as one operating question, not separate technology and compliance projects.

Compliance Moves Into Operations

For readers running or buying enterprise AI systems in Europe, the timing matters because the AI Act is no longer a distant legislative file. Product, legal, procurement, security and data teams now need inventories of where AI is used, which systems fall into regulated categories and who carries provider or deployer duties.

The control side of the equation affects how models are selected, logged, monitored and explained. The capability side affects whether firms can still move quickly enough to gain value from AI assistants, automation and decision-support tools. In practice, the headline points to a board-level question: whether governance can be built into delivery pipelines without freezing useful AI work.

The Commission has also tied its AI Act rollout to innovation measures, including AI Factories, the AI Pact and regulatory sandboxes. That matters for smaller companies and mid-caps because compliance burden, access to test environments and documentation templates may shape who can deploy regulated AI at scale.

Deadlines Now Shape Strategy

The AI Act became EU law in 2024 after approval by the European Parliament and the Council. It bans certain uses described by the Commission as threats to safety, livelihoods and rights, including social scoring, harmful manipulation and some biometric practices. The Commission published guidance on prohibited practices and on the definition of an AI system to help organizations decide whether their tools fall under the law.

For general-purpose AI, the Commission published guidance, a voluntary Code of Practice and a template for public summaries of training content in July 2025. Those tools cover transparency, copyright and safety or security duties for model providers. On June 10, 2026, the Commission also published a Code of Practice for marking and labelling AI-generated content, tying the operational details of disclosure to the August 2026 transparency rules.

The current enterprise question is narrower than a general debate over regulation. It is about whether businesses can classify AI systems, document data and model use, add human oversight, track incidents and keep enough speed in deployment to compete with firms outside Europe or in less regulated markets.

“Capability or Control”

— Thorsten Meyer AI

Adoption Evidence Is Missing

Several points are still unsettled. The headline confirms Thorsten Meyer AI’s framing, but it does not identify named companies using the playbook, disclose survey data or provide a measurable forecast for how many European enterprises will change AI programs because of it.

The enforcement picture is also still developing. National market surveillance authorities, the European AI Office and future standards will affect how firms experience the rules. It is not yet clear how quickly support tools, sandboxes and technical standards will reduce friction for companies trying to comply while deploying AI systems at scale.

August Rules Set Next Test

The next milestone for most readers is August 2, 2026, when the AI Act becomes fully applicable, with exceptions for later high-risk deadlines. Enterprises that have not already done so are likely to use the coming weeks to map AI systems, check whether tools involve GPAI providers, assign internal owners and prepare disclosure processes for AI-generated content.

After that, attention shifts to the December 2, 2027 deadline for several high-risk AI uses and the August 2, 2028 deadline for high-risk systems embedded in regulated products. The practical test for the playbook will be whether European companies can show evidence of control without slowing useful AI deployments to the point that promised productivity gains fade.

Source: Thorsten Meyer AI

Key Questions

What is the actual news development?

Thorsten Meyer AI has published a new article titled "Capability or Control: The European Enterprise AI Playbook for the AI Act Era." The news peg is the publication of that enterprise AI framing during an active AI Act implementation period.

Is this a new EU law?

No. The EU AI Act is already law and entered into force on August 1, 2024. The new development is the enterprise-focused playbook framing, set against deadlines that are already affecting AI governance and procurement decisions.

Which AI Act deadlines matter now?

Prohibited AI practices and AI literacy duties began applying on February 2, 2025. GPAI obligations became applicable on August 2, 2025. Transparency rules are due in August 2026, while several high-risk AI rules now point to December 2, 2027 or August 2, 2028 depending on the system type.

Does every enterprise AI tool become high risk?

No. The Commission describes the AI Act as risk-based. Many systems may fall into minimal or limited-risk categories, while high-risk treatment depends on the system’s purpose, sector and potential effect on health, safety or fundamental rights.

What remains unclear for companies?

It is not yet clear how consistently enforcement bodies will apply the rules across member states, how quickly technical standards will mature or how many enterprises will alter AI deployments in response to this playbook.

Source: Thorsten Meyer AI