From 2 August 2026, you are personally liable for undocumented AI use

Why management is now personally on the hook

Regulation (EU) 2024/1689 requires companies to inventory their AI systems, classify them by risk and document the due diligence demanded of them. The AI literacy obligation (Art. 4) has applied since February 2025, and the high-risk obligations take effect from 2 August 2026. Here's the tricky part: the organisational responsibility for these duties sits with company leadership — not with some abstract "IT department".

It is precisely this personal accountability of management that is widely seen as the strongest source of pressure to act under the EU AI Act. Unlike many other rulebooks, it is not enough to buy a tool — leadership must be able to prove it has met its duty of care. Without that proof, it is hard to demonstrate in the event of damage or an audit that the required diligence was exercised.

The statutory fine framework underlines the scale: under the EU AI Act, Regulation 2024/1689, breaches can be penalised with up to EUR 35 million or 7% of global annual turnover (for SMEs the lower of the two figures applies). At the same time, according to Bitkom 2025, around 64% of SMEs are not even aware that the EU AI Act applies to them. Those who document early and verifiably gain not only legal certainty but also a head start.

How Wito HQ makes liability protection verifiable

Wito HQ is your company's digital command centre — a single login for digitalisation, AI and compliance. The AI register is the entry-point module that directly addresses director liability. You inventory your AI systems (Art. 26), work through a guided decision tree for risk classification and automatically receive the matching obligations checklist under Art. 9, 11, 13, 14 and 26 — in plain English, free of legalese.

The director liability-protection record as a PDF

The decisive feature is the record, not the checklist: at the push of a button, Wito HQ generates a director liability-protection PDF that documents the duty of care fulfilled at that point in time. It comes with an AI compliance score and a liability-protection traffic-light that shows at any moment where gaps remain. Every record carries a clear note: "Documents the fulfilment of the duty of care at this point in time. Does not replace legal advice." — we promise no legal guarantee, but solid, audit-proof documentation.

Because HQ builds on the Wito Digital Audit (WDA) and the 7-axis maturity model, liability protection is never a one-off exercise: detected AI tools pre-populate the register, deadlines are monitored, and your compliance status is kept continuously up to date. That way, an entry point driven by director liability grows into a complete steering instrument.

What management gets in concrete terms

• AI register (Art. 26): a complete inventory of every AI system in use or planned — the foundation of any liability protection.
• Guided risk classification: a decision tree along prohibited / high-risk (Annex III) / limited (Art. 50) / minimal — without studying the legal text.
• Automatic obligations checklist: derived from the classification, with owners and due dates.
• Director liability-protection PDF: the documented proof of due diligence as of the cut-off date, generated at the push of a button in under 15 seconds.
• Deadline monitoring: non-deletable regulatory dates with escalation 30/14/7/1 days in advance — no deadline slips through.
• Audit-proof storage: EU hosting with Hetzner, encrypted storage, an immutable audit log and a 10-year archive.

Traditional compliance via consulting and audits involves considerable effort and high costs for many SMEs. Wito HQ delivers verifiable due-diligence documentation as affordable SaaS — in plain language and without you needing your own IT or legal department for it.