Auditing AI Systems: What the EU AI Act Deadline Means for Internal Audit hero illustration
AI in Audit

Auditing AI Systems: What the EU AI Act Deadline Means for Internal Audit

The EU AI Act's high-risk obligations moved to 2027, but the readiness work still takes quarters. A practitioner's guide to auditing AI systems — and to auditing your own AI-assisted audit work.

·13 min read
By Audvera Team

The EU AI Act put a date on the calendar that internal audit functions could not ignore, and then, in 2026, moved it. That combination — a hard obligation with a shifting timeline — is exactly the situation where internal audit earns its keep: not by predicting the final regulatory text, but by getting the organization ready for the version that is coming regardless.

This is a practitioner's read on what the AI Act deadline means for internal audit, what actually changed in 2026, and how to build an AI-audit approach you can run now — including the awkward part nobody wants to talk about, which is how you audit your own AI-assisted audit work.

What the Deadline Actually Is (and What Moved)

The EU AI Act entered into force in 2024 on a staggered timeline. The prohibited-practices and AI-literacy provisions applied first, in early 2025. Obligations for general-purpose AI models followed in August 2025. The date most internal audit functions circled was August 2, 2026 — when the bulk of the high-risk system obligations (Annex III use cases such as employment, credit, and access to essential services) were scheduled to apply.

Then the timeline moved. In 2026 the European Commission advanced a simplification package that, as reported through its passage, defers most of the high-risk obligations — with the widely cited new application date landing in December 2027. Confirm the final effective dates against the adopted text before you rely on them in a plan; simplification packages change in negotiation.

Here is the trap. "The deadline moved" reads to a lot of executives as "we have more time, deprioritize it." That is the wrong lesson for two reasons. First, the prohibited-use and transparency obligations already apply — the deferral is about the high-risk tier, not the whole Act. Second, the work that makes an organization compliant by late 2027 — inventorying AI systems, risk-tiering them, standing up controls and documentation — takes quarters, not weeks. A function that treats the deferral as a reprieve rather than runway will be doing the same scramble in 2027 that it avoided in 2026.

Why This Lands on Internal Audit's Desk

Two data points frame the pressure. Gartner has reported that 97% of chief audit executives rank regulatory compliance among their top priorities for 2026 — and AI regulation is the fastest-moving piece of that compliance picture. KPMG's audit-committee research has found that a large majority — around 88% of audit committees — cite AI, cybersecurity, and supply-chain risk as areas demanding more attention. The board is asking. The regulator is signaling. The question lands on internal audit because it is the function positioned to give independent assurance over how the organization actually governs its AI — not how a vendor deck says it does.

Meanwhile the audit profession's own regulators are moving in the same direction. The PCAOB has been emphasizing professional skepticism and audit-documentation quality in a world where AI is increasingly in the workflow — the through-line being that AI in the process raises, not lowers, the bar for evidence and for showing your work. That is a useful frame for internal audit too: AI does not relax documentation standards; it makes them the whole game.

A Practical AI-Audit Approach You Can Start Now

You do not need the final regulatory text to start. The core of an AI-audit / AI-governance approach is stable regardless of which deadline sticks. Four moves.

1. Inventory the AI

You cannot audit what you have not inventoried — the same first principle as any audit universe. Build a register of where AI is actually used across the organization: procured tools with AI features, internally built models, embedded AI in SaaS platforms, and shadow AI (the marketing team's writing tool, the analyst's copilot). Shadow AI is where the real exposure hides, because it is unmanaged by definition.

2. Risk-Tier Each Use

Not every AI use is high-risk. Map each system to a risk tier using the Act's own logic as a starting rubric: prohibited, high-risk (Annex III use cases — employment, credit, essential services, biometrics), limited-risk (transparency obligations), and minimal-risk. The tiering drives everything downstream: a chatbot that suggests knowledge-base articles is not the same risk as a model that screens job applicants. Document the tiering rationale — that document is itself an audit artifact.

3. Assess Controls Over the AI

For the systems that matter, evaluate controls across the dimensions regulators and standards keep converging on:

  • Data — provenance, quality, bias testing, and a lawful basis for the training and input data.
  • Model — validation, performance monitoring, drift detection, and change management over model versions.
  • Human oversight — is there a meaningful human in the loop, with the authority and information to override? "Human on the loop" that rubber-stamps is not oversight.
  • Documentation — technical documentation, intended purpose, known limitations, and an audit trail of decisions. This is the deliverable the high-risk tier is built around, and the one most organizations are weakest on.

4. Audit the AI-Assisted Work — Including Your Own

This is the part that gets skipped. If your organization uses AI to make or support decisions, those decision trails are auditable. And if internal audit itself uses AI — to draft risk assessments, review evidence, summarize interviews — then your own workpapers are in scope for the same scrutiny. The standard to hold yourself to is the one you would hold an auditee to: an evidence trail showing what the AI produced, a human sign-off from someone accountable, and source citations so a reviewer can trace a conclusion back to the underlying evidence rather than to an unexplained model output. We wrote about staying inside the standards while doing this in how to use AI in audit without failing your next QAR, and about the deeper defensibility posture in the defensibility ledger for agentic AI in audit.

A Worked Example: Tiering One System

Take a single use — an AI model that ranks inbound job applicants — and run it through the four moves.

StepApplied to the applicant-ranking model
InventoryEmbedded in the ATS; owned by Talent Acquisition; vendor-supplied model retrained quarterly on the company's hiring data
Risk tierHigh-risk — employment and worker management is an Annex III use case
ControlsData: bias testing on protected classes, lawful basis for training data. Model: version change log, performance monitoring. Human oversight: a recruiter reviews the ranking and can override, with the override logged. Documentation: intended purpose, known limitations, and a per-candidate decision trail
Audit the workTest that overrides actually happen (not rubber-stamped), that the vendor's documentation matches reality, and that rejected-candidate decisions are traceable

The value of the walk-through is that it turns "we should govern AI" into a specific, testable list. Every cell in that table is a control you can evaluate and a document you can request.

Three Failure Modes to Avoid

  • Treating the deferral as a reprieve. The high-risk date moved; the prohibited-use and transparency obligations did not, and the readiness work takes quarters. "We have time" is how 2027 becomes another scramble.
  • Auditing the policy, not the practice. A governance policy on paper is not assurance. The exposure lives in shadow AI and in human-oversight controls that look real but rubber-stamp. Test the practice, not the intent.
  • Exempting your own AI use. If internal audit uses AI and holds auditees to an evidence-trail standard it does not meet itself, the independence and skepticism argument collapses. Audit your own workpapers to the same bar.

What "Good" Looks Like by Late 2027

Work backward from the obligation. An organization in reasonable shape has: a maintained AI inventory; a risk-tiering applied and refreshed; assigned ownership for each high-risk system; documentation packages for high-risk uses; a human-oversight design that is real, not nominal; and an audit trail that lets someone reconstruct how an AI-influenced decision was made. Internal audit's role is to provide independent assurance that those things exist and operate — and to have flagged the gaps early enough to fix them.

The functions that will be calm in late 2027 are the ones treating the deferred deadline as the runway it is. The ones that will be scrambling are the ones that heard "it moved" and closed the file.

How Audvera Supports This

Audvera is not an EU AI Act compliance product, and it does not maintain an AI-system register for you — that governance work belongs with your risk, legal, and compliance functions. What Audvera does address is the posture the profession's regulators are increasingly signaling for AI-assisted work: evidence review that is source-cited and human-gated, with an immutable trail of who ran an AI assistant and who reviewed and signed off on its output. When internal audit uses AI in its own engagements, that is exactly the documentation standard the profession is converging on — the ability to show the work, not just the answer.

If you want to see what defensible, human-reviewed AI-assisted audit work looks like in practice, start with a free risk assessment and follow the trail from an AI-drafted risk through to a reviewer sign-off.

Frequently Asked Questions

Is my organization in scope for the EU AI Act?

Possibly. The Act reaches providers and deployers of AI systems that touch the EU market or EU-based people, regardless of where the organization is headquartered — so a company outside the EU can be in scope for specific uses if it has EU employees or customers affected by an AI system. Do not try to answer the legal scoping question inside internal audit; partner with legal and compliance for a documented scoping determination, then provide assurance against it.

Did the EU AI Act deadline change?

The high-risk tier did. The bulk of the Annex III high-risk obligations were originally scheduled to apply on August 2, 2026, and a 2026 simplification package deferred most of them — with the widely cited new application date landing in December 2027. The prohibited-practices and transparency obligations were not deferred and already apply. Confirm final effective dates against the adopted legal text before relying on them in a plan.

Does the deferred deadline mean internal audit can wait?

No. Two reasons: the prohibited-use and transparency obligations already apply, so the deferral covers only the high-risk tier; and the readiness work — inventorying AI, risk-tiering it, standing up controls and documentation — takes quarters, not weeks. Functions that treat the deferral as runway rather than a reprieve will be calm in late 2027; the ones that closed the file will be scrambling.

How do I audit AI-assisted audit work, including my own?

Hold your own AI-assisted work to the standard you would hold an auditee to: an evidence trail showing what the AI produced, a documented human sign-off from someone accountable, and source citations so a reviewer can trace a conclusion back to underlying evidence rather than to an unexplained model output. If internal audit uses AI to draft risk assessments or review evidence, those workpapers are in scope for the same scrutiny you apply elsewhere.

What controls should internal audit test over an AI system?

For systems that matter, evaluate controls across four dimensions: data (provenance, quality, bias testing, lawful basis), model (validation, performance monitoring, drift detection, version change management), human oversight (a meaningful human with the authority and information to override, not a rubber stamp), and documentation (intended purpose, known limitations, and a decision audit trail). The documentation dimension is the one most organizations are weakest on and the one the high-risk tier is built around.

What's the difference between high-risk and limited-risk AI under the Act?

High-risk systems are those in the Act's Annex III use cases — employment and worker management, credit, access to essential services, biometrics, and similar — which carry the heaviest obligations around risk management, data governance, human oversight, and technical documentation. Limited-risk systems (for example, chatbots) mainly carry transparency obligations, such as disclosing that a user is interacting with AI. Risk-tiering each use against this logic drives how much control and documentation each system needs.

Where should internal audit start with an AI audit?

Start with the inventory — you cannot audit what you have not catalogued. Build a register of where AI is actually used, including procured tools, internally built models, embedded AI in SaaS, and shadow AI. Then risk-tier each use, assess controls over the systems that matter, and audit the AI-assisted decisions those systems produce. The inventory and tiering rationale are themselves audit artifacts.

Encrypted data in transit and at restPCAOB · IIA · SOX · GAAS · COSO workflow alignmentAI outputs include disclosure and reviewer controls

Ready to modernize your audit process?

See how Audvera supports planning through reporting in one platform.