EU AI Act 2026: Sandbox Requirements from August — Norwegian Companies Must Act Now

The Compliance Shift Is Here

The EU AI Act requires each member state to establish at least one AI regulatory sandbox by August 2, 2026. Combined with NIS2 (board responsibility) and DORA (evidence reporting within hours), 2026 is shaping up as the major compliance shift for European companies. Organizations that cannot demonstrate governance of high-risk AI systems face substantial fines.

Relevance

Compliance is no longer a "next year" problem — the deadline is August 2026, and Norwegian companies are subject to the EU AI Act via the EEA.

My assessment

This is a concrete deadline that many Norwegian companies have underestimated. For those of us who are ISO-certified and work with international clients, AI governance is now part of the commercial risk profile — not just an internal IT policy. CISO and CIO must be in the same room solving this, not delegating it downward.