# EU AI Act Readiness: Competitor Brief
*Prepared: 2026-04-12 | For: Tomorrow's demo | Sources: 25+ | Confidence: Medium-High*

---

## Executive Summary

The EU AI Act is now partially in force (prohibited practices since Feb 2025, GPAI obligations since Aug 2025) with **full application on Aug 2, 2026**. Of the five rivals assessed, **Microsoft** leads on institutional governance, **Google** is cooperative but vocal about trade-secret concerns, **OpenAI** is engaged but had a notable compliance gap at GPT-5 launch, **Mistral** leverages its EU-native advantage, and **Meta** is the clear outlier — refusing to sign the Code of Practice and pulling multimodal models from the EU entirely.

---

## EU AI Act: Key Deadlines

| Date | What Kicks In |
|---|---|
| **Feb 2, 2025** | Prohibited AI practices banned (social scoring, subliminal manipulation, untargeted facial-recognition scraping, etc.) + AI literacy obligations |
| **Aug 2, 2025** | GPAI model obligations (technical docs, training-data summaries, copyright compliance); national authorities must be designated |
| **Aug 2, 2026** | **Full application** — high-risk AI conformity assessments, CE marking, transparency obligations, enforcement begins |
| Aug 2, 2027 | Stricter rules for AI in already-regulated products (medical devices, toys, etc.) |

**Penalties:** Up to **EUR 35M or 7% global turnover** (prohibited practices); EUR 15M or 3% (GPAI/other violations).

---

## Competitor Comparison Matrix

| Dimension | OpenAI | Microsoft | Google DeepMind | Meta AI | Mistral AI |
|---|---|---|---|---|---|
| **GPAI Code of Practice** | Signed | Intends to sign | Signed | **Not signed** | Signed |
| **EU AI Pact** | Participant | Participant | Signed | **Did not sign** | Participant |
| **Compliance docs** | Preparedness Framework (v2, Apr 2025); customer guidance published | Cross-functional governance teams; contract updates banning prohibited practices; impact assessments | Standardized training-process forms; Google Cloud compliance page | Minimal public documentation | Legal Center with per-model system cards; explicit risk-classification statements |
| **EU operations** | Serves EU market directly | Extensive EU data centers, offices, partnerships | Full EU availability | **Multimodal Llama 4 excluded from EU** | **HQ in Paris** — EU-native |
| **Regulatory posture** | Cooperative | Proactive & institutional | Cooperative with reservations (trade-secret concerns) | **Strategic withdrawal / defiant** | Cooperative; lobbied to soften rules during negotiation |
| **Known gaps / flags** | GPT-5 launched Aug 2025 **without required training-data summary** | No public gaps identified | Warned rules could "chill European model development" | Does not qualify for open-source GPAI exemption despite branding; EU Commission notified Meta of possible interim measures (WhatsApp AI assistants) | Dutch probe found Mistral chatbot gave distorted voting advice (Oct 2025) |
| **Readiness score** | **Medium-High** | **High** | **Medium-High** | **Low** | **Medium-High** |

---

## Competitor Deep Dives

### 1. OpenAI — Engaged but execution gaps
- Signed GPAI Code of Practice (Aug 2025), actively helped draft it
- Published [EU AI Act primer](https://openai.com/global-affairs/a-primer-on-the-eu-ai-act/) and [customer help center guidance](https://help.openai.com/en/articles/12141645-eu-ai-act)
- Updated Preparedness Framework (Apr 2025) covering safety evaluations and risk thresholds
- **Flag:** GPT-5 (launched Aug 7, 2025) reportedly lacked the required training-data summary and copyright policy at launch — a compliance gap covered by the Code's 1-year enforcement shield ([EU AI Act Newsletter #86](https://artificialintelligenceact.substack.com/p/the-eu-ai-act-newsletter-86-concerns))
- Dutch privacy probe (Oct 2025) flagged OpenAI chatbot for distorted voting advice

### 2. Microsoft — Most institutionally prepared
- Published comprehensive [EU AI Act overview (Jan 2025)](https://blogs.microsoft.com/on-the-issues/2025/01/15/innovating-in-line-with-the-european-unions-ai-act/) and [Trust Center compliance page](https://www.microsoft.com/en-us/trust-center/compliance/eu-ai-act)
- Dedicated cross-functional working groups (governance, engineering, legal, policy)
- Reviewed all Microsoft-owned AI systems for documentation gaps
- Updated Generative AI Code of Conduct and customer contracts to explicitly prohibit EU-banned practices
- Extensive EU infrastructure gives close proximity to supervisory authorities
- **No public compliance gaps identified** — strongest institutional posture of the group

### 3. Google DeepMind — Cooperative with caveats
- Signed GPAI Code of Practice (Aug 1, 2025, one day before obligations took effect)
- Committed to: standardized training-process documentation, model detail sharing with regulators, lawful data sourcing, copyright opt-out respect
- Published [Google Cloud EU AI Act compliance page](https://cloud.google.com/security/compliance/eu-ai-act)
- **Caveat:** Publicly warned that requirements exposing trade secrets or creating approval delays could "chill European model development" ([EU Perspectives](https://euperspectives.eu/2025/07/google-sign-ai-code-practice-concerns/))
- Full model availability in the EU

### 4. Meta AI — Strategic withdrawal
- **Did not sign** the EU AI Pact or the GPAI Code of Practice
- **Excluded the EU** from multimodal Llama 4 models, calling the regulatory environment "too unpredictable" ([The Decoder](https://the-decoder.com/meta-releases-first-multimodal-llama-4-models-leaves-eu-out-in-the-cold/))
- Llama's license **does not qualify** for the Act's open-source GPAI exemption per OSI's assessment — Meta monetizes commercially, which is disqualifying ([OSI](https://opensource.org/blog/metas-llama-license-is-still-not-open-source); [Simon Willison analysis](https://simonwillison.net/2025/Apr/19/llama-eu-ai-act/))
- EU Commission separately notified Meta of possible interim measures regarding exclusion of third-party AI assistants from WhatsApp
- **Highest regulatory risk profile** of any competitor assessed

### 5. Mistral AI — EU-native advantage, lobbying history
- Paris-headquartered; frames itself as Europe's AI sovereignty champion
- Signed GPAI Code of Practice; benefits from 1-year enforcement shield (Aug 2025–Aug 2026)
- Published [Legal Center](https://legal.mistral.ai/) with per-model system cards including explicit AI Act risk classifications
- Published "[European AI: A Playbook to Own It](https://europe.mistral.ai/)" — policy roadmap proposing 22 measures including a centralized compliance portal
- **History:** Lobbied aggressively during negotiation (2023–2024) to soften GPAI rules, leveraging French government connections. Open-weight exemptions in the final Act partly reflect this effort ([Corporate Europe Observatory](https://corporateeurope.org/en/2024/03/trojan-horses-how-european-startups-teamed-big-tech-gut-ai-act))
- **Flag:** Dutch probe (Oct 2025) found Mistral chatbot gave distorted voting advice — potential early GPAI violation exposure
- Open-weight strategy minimizes compliance burden for smaller models; largest models may trigger systemic-risk threshold (10^25 FLOPs)

---

## What's Unclear / Unverified

| Item | Why It Matters |
|---|---|
| **No public enforcement actions yet** | GPAI obligations are in force since Aug 2025, but no fines or formal proceedings have been reported. Unclear if this means compliance is adequate or enforcement is lagging. |
| **OpenAI's GPT-5 documentation gap** — has it been closed? | Only one source (EU AI Act Newsletter #86) reported this; no follow-up confirmation of resolution found. |
| **Microsoft "intends to sign" vs. actually signed Code of Practice** | Multiple sources say intent; no confirmation of formal signature found. |
| **Mistral's systemic-risk classification** | Unclear whether any Mistral models cross the 10^25 FLOPs threshold that triggers stricter obligations. |
| **Meta's long-term EU strategy** | Is the EU exclusion temporary (until regulatory clarity) or a durable market exit? No public statements clarify. |
| **Actual readiness of national authorities** | Member States were required to designate authorities by Aug 2025; unclear how many are operational and resourced. |
| **Google's trade-secret concerns** | Google signed but publicly flagged concerns — unclear if this signals future non-compliance on specific documentation requirements. |

---

## Key Takeaways for the Demo

1. **Microsoft** is the benchmark — most comprehensive institutional governance, proactive contract updates, no known gaps.
2. **Meta** is the anti-pattern — the only major player actively withdrawing from the EU market and refusing to engage with the compliance framework.
3. **The Code of Practice's 1-year shield** (Aug 2025–Aug 2026) is giving signatories breathing room; real enforcement starts Aug 2026.
4. **Open-source/open-weight is not a free pass** — the exemption is narrow (must meet OSI definition, non-commercial, and below systemic-risk threshold).
5. **Being EU-native (Mistral) is a positioning advantage**, but doesn't guarantee compliance — the Dutch voting-advice probe shows even European companies face scrutiny.

---

## Sources

1. [DLA Piper — EU AI Act Prohibited Practices](https://www.dlapiper.com/en/insights/publications/ai-outlook/2025/eu-ai-acts-ban-on-prohibited-practices-takes-effect)
2. [EU AI Act Article 5](https://artificialintelligenceact.eu/article/5/)
3. [Baker McKenzie — GPAI Obligations](https://www.bakermckenzie.com/en/insight/publications/2025/08/general-purpose-ai-obligations)
4. [EU Commission — GPAI Guidelines](https://digital-strategy.ec.europa.eu/en/library/guidelines-scope-obligations-providers-general-purpose-ai-models-under-ai-act)
5. [EU AI Act High-Level Summary](https://artificialintelligenceact.eu/high-level-summary/)
6. [EU AI Act Implementation Timeline](https://artificialintelligenceact.eu/implementation-timeline/)
7. [OpenAI — EU AI Act Primer](https://openai.com/global-affairs/a-primer-on-the-eu-ai-act/)
8. [OpenAI — EU Code of Practice](https://openai.com/global-affairs/eu-code-of-practice/)
9. [EU AI Act Newsletter #86 — GPT-5 Concerns](https://artificialintelligenceact.substack.com/p/the-eu-ai-act-newsletter-86-concerns)
10. [Microsoft Trust Center — EU AI Act](https://www.microsoft.com/en-us/trust-center/compliance/eu-ai-act)
11. [Microsoft Blog — Innovating in Line with the EU AI Act](https://blogs.microsoft.com/on-the-issues/2025/01/15/innovating-in-line-with-the-european-unions-ai-act/)
12. [Google Blog — EU AI Code of Practice](https://blog.google/around-the-globe/google-europe/eu-ai-code-practice/)
13. [Google Cloud — EU AI Act Compliance](https://cloud.google.com/security/compliance/eu-ai-act)
14. [EU Perspectives — Google Signs with Concerns](https://euperspectives.eu/2025/07/google-sign-ai-code-practice-concerns/)
15. [The Decoder — Meta Excludes EU from Llama 4](https://the-decoder.com/meta-releases-first-multimodal-llama-4-models-leaves-eu-out-in-the-cold/)
16. [OSI — Meta's Llama License](https://opensource.org/blog/metas-llama-license-is-still-not-open-source)
17. [Simon Willison — Llama and EU AI Act](https://simonwillison.net/2025/Apr/19/llama-eu-ai-act/)
18. [Mistral Legal Center](https://legal.mistral.ai/)
19. [Mistral Europe Playbook](https://europe.mistral.ai/)
20. [Corporate Europe Observatory — AI Act Lobbying](https://corporateeurope.org/en/2024/03/trojan-horses-how-european-startups-teamed-big-tech-gut-ai-act)
21. [EU Perspectives — Mistral and OpenAI Back Code of Practice](https://euperspectives.eu/2025/07/mistral-and-openai-back-eu-ai-code-of-practice/)
22. [Verfassungsblog — GPAI Code of Practice](https://verfassungsblog.de/the-gpai-code-of-practice/)
23. [MLex — Dutch Probe on Voting Advice](https://www.mlex.com/mlex/articles/2403376/openai-xai-mistral-get-a-shot-across-the-bows-to-beware-eu-ai-act-enforcement)
24. [Latham & Watkins — GPAI Obligations in Force](https://www.lw.com/en/insights/eu-ai-act-gpai-model-obligations-in-force-and-final-gpai-code-of-practice-in-place)
25. [Skadden — EU GPAI Obligations](https://www.skadden.com/insights/publications/2025/08/eus-general-purpose-ai-obligations)

---

*Methodology: Searched 15+ queries across web and news sources (April 2026). Analyzed 25+ sources. Sub-questions: regulatory framework & deadlines, per-competitor compliance posture, enforcement actions, open-source exemption applicability, gaps in public information.*