OpenSeaPiranha — AI Consulting & Venture Capital Istanbul
OPENSEAPIRANHA
ProductsThe FleetAI ConsultingMissionArchitects
Dive Deep

OPENSEAPIRANHA

Too Fast For The Giants!

Intelligence

  • About
  • The Fleet
  • AI Consulting
  • Micro-Angel
  • Case Studies
  • Market Signals
  • Istanbul AI Hub
  • Turkey-Gulf Corridor
  • Investment Guide
  • Tools
  • State of AI Report

Protocol

  • FAQ
  • Resources
  • Compliance
  • Legal
  • Contact
SYSTEM ONLINE
LOCATION: 41.0186°N, 29.1219°E
UPTIME: 99.999%
HASHRATE: 450 TH/s

© 2026 OPENSEAPIRANHA. ALL RIGHTS RESERVED.

SECURE CONNECTION
ENCRYPTED
Back to Signals
Global Intelligence
2026-05-128 min MIN READİskender Yeğen

The EU AI Act Calendar Is Already on Your Wall

Share

Two milestones are already in force — the unacceptable-risk ban since 2 February 2025 and GPAI obligations since 2 August 2025 — and the next wave, high-risk Annex III, lands 2 December 2027. Brussels effect means Turkish RFPs already speak this language. The thesis-driven roadmap for serious operators.

The Dates That Define the Roadmap — Two Already Live

The EU AI Act does not arrive as a single deadline. It arrives in waves, and two of them already passed. Prohibitions on unacceptable-risk systems became enforceable on 2 February 2025 — that ban is live now. General-purpose AI obligations took effect on 2 August 2025 — also live. Next come the general transparency rules (Article 50) on 2 August 2026, and then high-risk Annex III systems on 2 December 2027 (pushed back from the original 2026 date under the Digital Omnibus). Reading the regulation as a single future date is the most common mistake I see in board conversations — worse, treating it as a 2026 problem when the binding rules have been in force since early 2025. Treating it as a live calendar — and mapping your portfolio against each checkpoint — is what serious operators are already doing. The calendar is not on your wall for later; two of its checkpoints have already passed.

Risk Categories, Plain English

Four tiers. Unacceptable risk — social scoring, manipulative subliminal techniques, real-time biometric identification in public spaces with narrow law-enforcement exceptions. These have been banned outright since 2 February 2025. High risk — AI in critical infrastructure, education access, employment decisions, credit scoring, law enforcement, migration, justice. These face the heaviest documentation, testing, and post-market monitoring obligations. Limited risk — chatbots, deepfakes, emotion recognition — face transparency obligations, mostly disclosure that you're talking to a machine. Minimal risk — everything else, no formal obligation. Most enterprise AI deployments end up in high or limited. Knowing which one your system falls into is a thirty-minute legal exercise that almost nobody has done.

The Brussels Effect Hits Turkish RFPs

Turkey is not in the EU. The AI Act does not formally apply to Turkish organizations operating purely domestically. That sentence is technically correct and operationally useless. Any Turkish company with European customers, European data subjects, or aspirations to either is already negotiating contracts that reference AI Act compliance. By Q4 2025 we observed AI Act language appearing in defense procurement, fintech RFPs, and several mid-market SaaS tenders — none of which were legally required to include it. The procurement teams included it because their auditors asked for it. By the end of 2026, expect AI Act-equivalent language to be RFP standard regardless of cross-border exposure. That is the Brussels effect — regulatory gravity exported through purchase orders.

Sector-Specific Impact Inside Turkey

Defense — dual-use AI is partially exempted from the Act, but companies serving NATO partners or selling into European defense supply chains face de-facto application. BÖRÜ Pack-class systems live in this territory. Health — diagnostic AI is high-risk under the Act, period. Turkish healthtech companies aiming at European hospitals must plan for full conformity assessment. Finance — credit scoring, insurance pricing, and AML systems are explicitly named. Turkish fintechs with EU passport ambitions should already be scoping this. Public sector and education are next, with the longest tail because procurement cycles are slower. The pattern across sectors is consistent — the higher the consequence of an AI decision, the deeper the Act reaches in.

What Goes On the Roadmap

Five workstreams. AI inventory and classification — every system mapped to a risk tier with documented reasoning. Technical documentation — model cards, training data summaries, performance metrics, known limitations. The Act calls this Annex IV; we call it the file you wish you had during your last audit. Risk management system — continuous, not one-shot. Human oversight — designed into the workflow, not bolted on as a disclaimer. Post-market monitoring — the operational telemetry that tells you when a deployed model starts misbehaving. The same telemetry, incidentally, that AgentOps requires. Build the workstreams once, satisfy multiple frameworks. Trying to build separate compliance stacks for AI Act, ISO 42001, and KVKK is a budget-burning mistake.

What I Would Tell a Board Today

Three sentences. One — the AI Act is a procurement document long before it is a regulatory document, so the first cost of inaction is lost tenders, not fines. Two — the technical work to comply is roughly the same technical work to operate AI responsibly, so the marginal cost over what you should already be doing is low. Three — start the inventory this quarter, finish high-risk classification next quarter, and have technical documentation ready ahead of the 2 August 2026 general-applicability and transparency milestone — remembering that the prohibitions and GPAI rules have already been in force since 2025. The calendar is fixed. The work is finite. The boards that treat this as a future problem will be answering uncomfortable questions when their first European tender response gets returned with a one-line note about AI Act readiness.

Stay in the Loop

Get AI insights, startup intel, and investment signals delivered to your inbox.

No spam. Unsubscribe anytime.

Related Signals

Global Intelligence

Why Turkey's AI Diaspora Is the Secret Weapon ($712M Raised)

An investigation into the overlooked force shaping Turkey's AI future — the global Turkish tech diaspora that has raised $712M across Silicon Valley, London, and Berlin. From notable founders building billion-dollar companies to the reverse brain drain trend bringing talent home, and how OSP bridges diaspora capital with Istanbul's startup ecosystem.

Read more
Global Intelligence

Istanbul vs Dubai vs Singapore: Which AI Hub Should You Choose?

A strategic comparison of three rising AI hubs — Istanbul's cost advantage and NATO-MENA bridge positioning, Dubai's MGX $100B fund and tax-free zones, and Singapore's Smart Nation infrastructure and ASEAN gateway — with sector-specific recommendations and head-to-head analysis across six critical dimensions.

Read more
Global Intelligence

State of AI in Turkey 2026: The Definitive Report

The most comprehensive analysis of Turkey's artificial intelligence ecosystem — covering 457 startups, $1.4B in 2025 investment across 360 deals, defense AI's $20B industry target, fintech-AI integration, healthcare innovation, the $400M-to-$585M cybersecurity trajectory, Turkey-Gulf economic corridors, regulatory frameworks, and 2026-2030 predictions. A must-read for investors, policymakers, and entrepreneurs navigating Turkey's AI landscape.

Read more
Back to Signals