AI & MCP

The EU AI Act will make it illegal not to have an AI Control Plane

Cameron McClellan

June 6, 2026 - 11 min read

The EU AI Act will make it illegal not to have an AI Control Plane

For three years, enterprise AI governance was a matter of judgment. Teams that logged their agents, scoped their access, and kept an audit trail did so because it was good engineering, not because anyone made them. The EU AI Act changes that. For high-risk AI systems, governance, logging, and policy enforcement will become legal obligations, backed by fines that reach into the tens of millions of euros.

Most enterprises are deploying AI faster than they can govern it. Agents and MCP servers are spreading across orgs with no central registry, no consistent permission model, and no complete record of what any given agent accessed. The Act requires exactly the visibility and control that this sprawl erases.

Closing that gap is an infrastructure problem, and the infrastructure is the AI Control Plane: a single layer on the path between every agent and every system it can reach. Identity providers gave SaaS one control point that decides who can do what and records what they did. The AI Act now demands the same for AI, and this time it carries the force of law.

What does the EU AI Act require of high-risk AI systems?

The Act sorts AI systems by risk. A small set of practices is banned outright. A larger category, high-risk AI, is permitted but heavily regulated. High-risk systems are those listed in Annex III of the regulation: AI used in employment and recruitment, credit scoring, insurance and essential services, critical infrastructure, education, law enforcement, justice, border management, and biometrics. An enterprise that uses AI to screen job applicants, price a loan, or triage access to a public service is operating a high-risk system.

For those systems, the Act imposes obligations that map closely to what a mature governance program already does:

Record-keeping and traceability. High-risk systems must automatically log events over their lifetime so that their functioning can be traced and reconstructed after the fact.
Human oversight. Systems must be designed so that a person can understand their output, intervene, and stop them.
Risk management. Operators must run a continuous process to identify, evaluate, and mitigate the risks a system poses.
Data governance. The data feeding a high-risk system must be governed, with controls over what it contains and how it is handled.

Failing to meet these obligations is expensive. The Act sets penalties of up to €15 million or 3% of global annual turnover, whichever is higher, for non-compliance with high-risk requirements. The banned practices carry a higher ceiling of €35 million or 7%, and supplying incorrect information to authorities runs to €7.5 million or 1%. These are turnover-based fines on the scale of the GDPR, designed to make non-compliance more costly than compliance.

Each of those obligations describes a control that has to live on the path between an agent and the systems it touches. A policy document cannot enforce any of them, which makes compliance an infrastructure problem.

When do the EU AI Act’s high-risk requirements take effect?

The Act’s deadlines run from 2025 to 2028. The bans and model-maker rules already apply; the high-risk obligations that most enterprises will feel land in December 2027 and August 2028.

The high-risk deadlines were originally 2 August 2026 and 2 August 2027. A provisional agreement under the Digital Omnibus moved them to 2 December 2027 and 2 August 2028. The change still awaits formal adoption, but the EU has now spent its one obvious lever for relief, so these are very likely the final dates.

The high-risk rules arrive in two stages, and December 2027 is the one to plan against first. It covers AI used to make regulated decisions: approving loans, underwriting and pricing insurance, handling claims, screening candidates, and determining who gets access to a service. For a mid-size bank, lender, insurer, or healthcare provider, that is the date those systems have to be logged, overseen, and governed, or they cannot run in the EU. August 2028 extends the same obligations to AI built into regulated products, such as medical devices, vehicles, and industrial machinery, on each product’s existing certification timeline.

A company outside those sectors might read this as someone else’s problem, and that would be a mistake. The Act regulates high-risk AI first because that is where the liability is clearest, not because the risk ends there. The gaps it targets exist in every enterprise running AI: unlogged agents, no human oversight, and shadow AI nobody approved. Its scope has already widened once, from banned uses to general-purpose models to regulated products, and other jurisdictions are drafting comparable rules. Building the governance layer now lets a regulated company meet its deadline and puts everyone else ahead of the rules still being written. In both cases the layer is the same: the AI Control Plane.

Why is the EU passing these regulations?

The EU wrote these rules because enterprises are deploying AI far faster than they can secure it, and the gaps are wide enough to measure. We covered that gap in depth in 2026 is the year of enterprise AI governance.

Gartner expects 40% of enterprise applications to include task-specific AI agents by the end of 2026, up from under 5% in 2025. IBM’s 2025 Cost of a Data Breach Report found that 13% of organizations had already suffered breaches of AI models or applications, and 97% of those lacked proper AI access controls. Stanford’s 2026 AI Index found that security and governance, not model capability or cost, is now the primary barrier to scaling agentic AI.

Regulators concluded that AI governance was too important to leave to each company’s discretion. The Act’s core obligations are what a secure deployment would already have: audit trails, human oversight, and risk management. They became law because so few deployments have them. Every enterprise now has to close the same gap the EU is responding to, and closing it requires a control point on the path that every agent shares.

How do the EU AI Act’s requirements necessitate an AI Control Plane?

An AI Control Plane is the governing layer between every AI agent in an organization and every system it can reach. It unifies connection, identity, policy enforcement, and observability so that every prompt, response, and tool call flows through a single controlled path. It does four things, Connect, Control, Secure, and Observe, and each is where one of the Act’s obligations is met.

Traceability becomes an audit log the Control Plane keeps

The Act requires high-risk systems to log events automatically so their behavior can be reconstructed. A Control Plane produces that log as a byproduct of routing. Because every tool call passes through it, it records what each agent did, with what arguments, against which system, and under whose identity. When an auditor asks what data an agent touched last quarter, the answer is a query rather than an investigation.

Human oversight becomes policy the Control Plane enforces

Oversight and risk management require the ability to constrain a system and intervene when it misbehaves. A Control Plane enforces who can use what, and under what conditions, as versioned, testable rules applied at the point of use. Access is scoped to teams and roles, and revocation takes effect the moment an identity changes, so a misbehaving agent can be stopped without taking down everything around it.

Data governance becomes infrastructure the Control Plane owns

Data governance and residency obligations are hard to meet when prompts and responses leave the organization’s control. Running the gateway inside the enterprise’s own VPC keeps that traffic on infrastructure the enterprise controls, and inspecting it in the request path means PII and data exfiltration can be redacted or blocked before they leave. The control point that satisfies the Act’s data-governance duty is the same one that addresses the data-residency concerns specific to EU compliance.

Shadow AI becomes an inventory the Control Plane maintains

The Act penalizes uncontrolled deployment, and uncontrolled deployment is the default state of most orgs today. Bringing every agent and every tool onto a single plane, with identity attached, turns shadow AI from an unknown into an inventory. When an employee connects an unapproved MCP server, the Control Plane detects and blocks it at the protocol layer before it surfaces in a postmortem.

Which enterprises have already built AI governance infrastructure?

The enterprises furthest ahead on AI deployment built this infrastructure first, and treat it as a competitive advantage.

Uber is the clearest public example. Before scaling AI to the point where agents generated the majority of code written inside its IDEs, it built an LLM gateway, an MCP gateway and registry across its 10,000+ internal services, and an agent identity system extending its Zero Trust infrastructure to multi-agent workflows. JPMorgan Chase built its $1.8 billion AI platform governance-first, with a C-suite oversight council and compliance embedded from the start, and runs 450+ AI use cases across more than 200,000 employees. Goldman Sachs runs its models through a formal Model Risk Management framework with human oversight built in.

The platform vendors reached the same conclusion. ServiceNow made AI governance the centerpiece of Knowledge 2026 with its AI Control Tower, Google built Cloud Next 2026 around the agentic enterprise Control Plane, and Microsoft extended Entra identity governance to AI agents with per-agent IDs and scoped access policies. Forrester predicts that 60% of Fortune 100 companies will appoint a dedicated head of AI governance in 2026, and major firms like Sony and UBS already have.

They built the Control Plane before they needed it for compliance, which is why the AI Act is a formality for them, not a fire drill. Enterprises that read the 2027 deadline as breathing room will be building under pressure.

How the Speakeasy AI Control Plane meets the EU AI Act

Speakeasy is building the AI Control Plane. We started with the connection and identity layer, the first place companies get stuck when they move past ad-hoc AI adoption, and have been extending across the four functions since. The MCP gateway routes and governs agent-to-tool connections, policy is enforced server-side instead of on individual laptops, and every tool call is logged with the identity behind it.

The Control Plane fits the Act because governance and enablement stop pulling against each other. The same layer that lets AI reach every team is the layer that records and constrains what it does, which is the combination the Act requires: traceability, oversight, and control on a single path. The enterprises that built this internally spent years and dedicated platform teams doing it. Available as a product, the timeline to the same governance posture is measured in weeks.

For a platform or security team mapping out how AI should flow through the organization before the compliance clock runs out, the Speakeasy AI Control Plane is where that conversation starts.