Only 3% of enterprises have comprehensive frameworks in place to comply with incoming AI regulations, according to new research that exposes a critical preparedness gap as the EU AI Act enters its enforcement phase.
The survey, conducted by legal technology firm Casepoint and reported by Legal Futures, found that whilst 82% of organisations acknowledge AI regulation as a significant concern, the vast majority lack the governance structures, documentation processes, and risk assessment capabilities required under emerging regulatory frameworks.
The findings arrive as the EU AI Act’s transitional provisions take effect, with full enforcement of high-risk AI system requirements beginning in August 2026. Similar regulatory initiatives are advancing in the United States, United Kingdom, and across Asia-Pacific markets, creating a complex compliance landscape for multinational enterprises.
According to the research, 45% of organisations have begun initial preparations for AI compliance, but lack complete frameworks covering data governance, algorithmic transparency, and human oversight mechanisms. A further 52% report minimal or no preparation despite deploying AI systems in customer-facing applications, human resources, and operational decision-making.
The compliance gap appears most pronounced in mid-sized enterprises with 500 to 5,000 employees, which often deploy third-party AI tools without dedicated legal or compliance resources to assess regulatory obligations. Financial services and healthcare organisations demonstrated higher preparedness levels, likely reflecting existing regulatory scrutiny in those sectors.
Business Impact
The preparedness deficit creates immediate opportunities for legal technology providers, compliance consultancies, and enterprise software vendors offering AI governance platforms. Firms including OneTrust, DataRobot, and IBM have launched AI compliance modules in recent months, targeting the estimated £2.8 billion global market for AI governance tools projected by analysts at Gartner.
Conversely, organisations deploying AI systems without adequate compliance frameworks face substantial regulatory risk. The EU AI Act authorises fines up to €35 million or 7% of global annual turnover for serious violations, whilst reputational damage from non-compliance could prove equally costly. Companies operating across multiple jurisdictions face compounded complexity as regulatory requirements diverge.
Technology vendors providing AI capabilities to enterprise customers may encounter increased scrutiny over contractual liability provisions, documentation requirements, and technical transparency. This pressure could accelerate consolidation amongst AI tooling providers as enterprises favour vendors offering integrated compliance capabilities.
Regulatory Complexity
The compliance challenge extends beyond technical requirements to organisational culture and governance. Effective AI regulation adherence requires cross-functional coordination between legal, technology, procurement, and business units—a capability many organisations have not yet developed.
The EU AI Act’s risk-based approach categorises AI systems from minimal to unacceptable risk, with corresponding compliance obligations. High-risk systems—including those used in employment decisions, credit scoring, and law enforcement—face stringent requirements for data quality, documentation, human oversight, and accuracy metrics. Many organisations have not completed the risk classification exercise necessary to determine which obligations apply to their AI deployments.
Documentation requirements present particular challenges, as organisations must maintain technical specifications, training data characteristics, and decision-making logic for AI systems throughout their lifecycle. Few enterprises currently possess the information management infrastructure to meet these demands.
What to Watch
Enforcement actions under the EU AI Act will provide crucial guidance on regulatory interpretation and penalties, likely accelerating compliance investment across industries. The UK’s anticipated AI regulation framework, expected in 2025, will determine whether British enterprises face aligned or divergent requirements from their European counterparts.
Industry observers should monitor whether regulatory pressure drives enterprises toward established technology vendors with comprehensive compliance capabilities, potentially disadvantaging smaller AI startups lacking governance infrastructure. The compliance gap revealed by this research suggests significant market disruption ahead as regulatory requirements transition from theoretical to operational reality.
