Skip to content
Insights
Governance3 June 2026 · 5 min · Cambrian

AI governance after the rulebook: what 2 August 2026 means

The EU AI Act's high-risk obligations apply from 2 August 2026, and they reach Swiss companies too. Governance now has to run as a continuous operating capability.

For Swiss organisations, AI governance has stopped being a future concern. The EU AI Act phases in over several years, and the consequential stage arrives on 2 August 2026, when the requirements for high-risk AI systems take effect. As Swiss legal commentators note, the Act applies beyond EU borders and can bind Swiss companies directly when their AI touches the EU market.

Continuous systems demand continuous governance: a capability you operate, audited and adjusted as the systems run.

What the rules require

The timeline matters because obligations land in stages, and the heavy ones are imminent.

Date What takes effect
2 August 2025 General-purpose AI obligations, the governance framework, and penalties
2 August 2026 High-risk AI requirements: technical documentation, data governance, human oversight, cyber security, and certain conformity assessments
2 August 2027 Final provisions; expanded high-risk scope; some grandfathering for legacy models expires

Switzerland's own position is distinctive. According to the CMS guide to Swiss AI regulation, the country has no single, designated AI regulator. Oversight is decentralised across existing bodies: the Federal Data Protection and Information Commissioner for cross-sector enforcement, FINMA for banks and insurers under its 2024 guidance, and sector law for everything from medical devices to unfair competition. A federal consultation draft on AI regulation is expected by the end of 2026.

Governance as a capability

The mistake we expect to see most often is treating the AI Act as a documentation project with a 2026 deadline. The structure of the rules points elsewhere. High-risk obligations such as human oversight, data governance, and monitoring are processes you run continuously, not states you certify once. This is the same conclusion the operating-model literature reaches from the other direction: as AI systems act in real time, the controls around them have to as well.

For Swiss companies, there is a strategic angle beyond compliance. The extraterritorial reach means EU rules effectively set a floor for any Swiss firm with European clients, while domestic regulation is still forming. Firms that build a clean inventory of their AI use, a risk classification, and a working oversight process now will be ready for 2 August 2026. They will also be positioned for whatever Switzerland legislates next, and able to answer the governance questions clients are already asking.

A readiness agenda

  • Inventory and classify every AI system you build or deploy by risk, and map which fall under EU high-risk obligations.
  • Stand up continuous oversight, including human-in-the-loop controls, logging, and monitoring, rather than a point-in-time audit.
  • Track both tracks: the EU AI Act as the near-term floor, and the Swiss federal consultation expected by end of 2026, plus FINMA guidance for regulated sectors.

Governance done late is a cost. Done early and built as a capability, it becomes a way to earn trust in markets where AI assurance is becoming a condition of doing business.

Related reading


Source: AI laws and regulations in Switzerland, CMS Expert Guide; timeline per Lenz & Staehelin.

Share this article

AI governance after the rulebook: what 2 August 2026 means - Cambrian