MmowW Research Series

EU AI Readiness Index

How prepared are European businesses for the EU AI Act? A public information analysis across 27 member states, 7 industries, and 10 cities.

Vol.1 | Q3 2026 | Published June 18, 2026 | By Gyoseishoshi Takayuki Sawai

78%
of enterprises have not taken meaningful compliance steps
46
days until EU AI Act core obligations take effect (Aug 2, 2026)
8/27
EU member states have designated national AI authorities
74%
of organizations lack a designated AI governance body
Contents
1. Executive Summary 2. Methodology 3. Key Findings 4. Country Readiness Rankings 5. Industry Readiness Analysis 6. City-Level Analysis 7. The Compliance Gap: What's Missing 8. Critical Timeline 9. Recommendations 10. Sources and Methodology Notes

1. Executive Summary

With 46 days remaining until the EU AI Act's core obligations take effect on August 2, 2026, European businesses face a preparedness crisis that cuts across industries, company sizes, and national borders.

This analysis synthesizes publicly available data from 14 independent surveys, government publications, industry reports, and hiring databases to construct the first enterprise-focused AI Act readiness assessment. Unlike existing indices that track government enforcement capacity, the MmowW EU AI Readiness Index measures what matters to business leaders: Is your organization ready to comply?

The answer, for most European businesses, is no.

Vision Compliance's 2026 survey found 78% of enterprises have not taken meaningful steps toward compliance. Cloud Security Alliance reports more than half lack a basic AI system inventory. Only 8% of organizations globally have a comprehensive AI governance framework, according to industry data, even as 88% actively use AI across business functions.

The gap between AI adoption and AI governance is the defining challenge of 2026. This report maps that gap across countries, industries, and cities, and identifies which organizations face the greatest risk and the clearest opportunities.

2. Methodology

The MmowW EU AI Readiness Index evaluates enterprise preparedness on a 100-point scale across five dimensions. Scores are derived from publicly available data including survey results, government publications, hiring databases, corporate disclosures, and industry reports.

Regulatory Environment
20 points
NCA designation status, implementation legislation, regulatory sandbox availability, enforcement guidance quality. Based on EU Commission data and national government publications.
AI Governance Infrastructure
25 points
CAIO/AI governance role adoption, internal AI policies, governance frameworks, board-level oversight. Based on hiring data (LinkedIn), corporate disclosures, and survey results.
AI Literacy and Training
20 points
Article 4 compliance readiness, workforce upskilling programs, AI training maturity. Based on DataCamp, SHRM, and workforce survey data.
Compliance Preparedness
20 points
AI system inventory completion, risk classification capability, technical documentation readiness, conformity assessment preparation. Based on Vision Compliance, CSA, and Deloitte survey data.
Industry Ecosystem
15 points
AI adoption maturity, consulting and compliance service availability, industry-specific guidance, peer benchmarking data. Based on Eurostat, industry reports, and professional association publications.

Countries and industries are classified into four readiness bands: Ready (75-100), Advanced (50-74), Emerging (25-49), and Critical (<25).

Important limitations: This is a public information analysis (desk research). Scores are derived from aggregated survey data and public signals, not from direct primary research with individual enterprises. Industry and city-level scores use weighted composites of available data sources. Where data is sparse, scores reflect conservative estimates. All sources are listed in Section 10.

3. Key Findings

Finding 1

The Governance Paradox: 88% use AI, but only 8% govern it.

European organizations have embraced AI adoption at scale, but governance infrastructure has not kept pace. 76% of organizations now have a Chief AI Officer title, up from 26% in 2025, yet only 8% have a comprehensive governance framework. The title exists; the framework does not.

Finding 2

Financial services leads; HR and education lag dangerously behind.

Financial services scores highest on our index (62/100, Advanced) driven by pre-existing regulatory culture. HR technology and education, despite being classified as high-risk under Annex III, score 28/100 and 22/100 respectively. These sectors face the highest compliance obligations with the least preparation.

Finding 3

The Nordic-Southern divide is real, but not where you think.

Government readiness (NCA designation, sandbox operations) favors Northern and Southern Europe equally: Denmark, Spain, Finland, and Lithuania lead. But enterprise readiness follows a different pattern: Nordic countries (Denmark, Finland, Sweden) lead at 55-62/100, while Southern and Eastern Europe trails at 18-35/100. France, the EU's second-largest economy, has not designated national AI authorities and scores only 38/100 on enterprise readiness.

Finding 4

Article 4 (AI literacy) is the most-ignored obligation that already applies.

Article 4 has been in force since February 2, 2025. Yet only 35% of organizations have a mature AI upskilling program (DataCamp 2026). 42% of employees say their employer expects them to learn AI on their own. 34% feel unprepared for AI-driven changes. The obligation is live. Enforcement could begin any day.

Finding 5

The SME compliance cliff: costs range from near-zero to over 600,000 euros.

For SMEs deploying non-high-risk AI, annual compliance costs are under 2,000 euros. But for FinTech, HealthTech, and HR Tech SMEs providing high-risk AI systems, initial costs reach 200,000 to 600,000 euros with 80,000 to 150,000 euros annually. Most SMEs do not know which category they fall into because they have not completed an AI system inventory.

Finding 6

The Omnibus reprieve: high-risk deadlines deferred to December 2027, but Article 4 and transparency are not.

The Digital Omnibus provisional agreement of May 7, 2026 defers Annex III high-risk obligations from August 2026 to December 2027. However, Article 4 (AI literacy), Article 5 (prohibited practices), and Article 50 (transparency) remain on the August 2, 2026 timeline. Many organizations have misread the Omnibus as a blanket reprieve. It is not.

Finding 7

No EU member state has published official templates for AI Act compliance.

Despite the August 2026 deadline, the European Commission has not released standardized compliance templates. No national authority offers fill-in-ready AI governance policy templates, risk assessment forms, or AI literacy training curricula. This is the market gap that defines the opportunity for compliance infrastructure providers.

4. Country Enterprise Readiness Rankings

The following rankings assess enterprise-level readiness, not government enforcement capacity. A country may have strong government infrastructure but weak enterprise preparedness, or vice versa.

Enterprise AI Act Readiness by Country (Top 15 of EU-27)
Denmark
62
Finland
59
Sweden
56
Netherlands
54
Spain
52
Germany
50
Ireland
49
Belgium
47
Lithuania
45
Austria
43
France
38
Italy
37
Portugal
35
Poland
32
Czech Republic
30

Score Breakdown: Top 5 Countries

Country Regulatory (20) Governance (25) Literacy (20) Compliance (20) Ecosystem (15) Total Band
Denmark 18 15 13 8 8 62 Advanced
Finland 17 14 13 7 8 59 Advanced
Sweden 12 14 14 7 9 56 Advanced
Netherlands 14 13 12 7 8 54 Advanced
Spain 18 10 9 7 8 52 Advanced

Notable divergence: Spain ranks highest on regulatory environment (18/20) thanks to AESIA, the first dedicated AI supervisory agency in Europe, and an operational sandbox since 2025. But enterprise governance and literacy lag behind Nordic countries. Conversely, Sweden's enterprises show strong governance and literacy despite weaker regulatory infrastructure. This suggests enterprise readiness depends more on corporate culture and digital maturity than on government action.

5. Industry Readiness Analysis

Enterprise readiness varies dramatically across industries. Financial services, already accustomed to heavy regulation (MiFID II, PSD2, DORA), demonstrates the strongest compliance infrastructure. Sectors newly subject to high-risk classification under Annex III show the weakest preparedness.

AI Act Readiness by Industry
Financial Services
62
Technology / IT
55
Legal / Accounting
42
Healthcare
38
Manufacturing
33
HR / Recruitment
28
Education
22

Industry Deep Dive

Financial Services (Score: 62/100 - Advanced)

81% of financial services firms use AI at some level. 40% report advanced AI adoption. Fraud detection, credit scoring, and algorithmic trading drive adoption. Pre-existing regulatory infrastructure (MiFID II compliance teams, risk management frameworks, model validation) translates directly to AI Act readiness. 59% report measurable productivity gains from AI.

Key risk: Credit scoring AI is classified as high-risk under Annex III. Despite strong governance culture, 61% still lack technical documentation processes required for high-risk systems.

HR / Recruitment (Score: 28/100 - Emerging)

AI-powered applicant tracking systems that score, rank, or filter candidates are explicitly high-risk under Annex III. Yet only 21% of HR organizations have a governance framework for AI, and 67% cite lack of awareness of AI capabilities as the main barrier. 46% of organizations use or plan to use AI in HR, but compliance infrastructure is minimal.

Key risk: Many HR departments use AI tools (resume screening, automated scoring) without recognizing them as high-risk AI systems. The Digital Omnibus defers Annex III high-risk obligations to December 2027, but Article 4 AI literacy obligations for HR teams using these tools are already in force.

Education (Score: 22/100 - Critical)

AI systems determining access to education, evaluating learning outcomes, and monitoring student behavior are high-risk. European educational institutions have minimal AI governance infrastructure. No sector-specific guidance has been published by any national competent authority.

Key risk: Universities and schools increasingly deploy AI for grading, admission screening, and plagiarism detection with no compliance framework in place.

6. City-Level Analysis

No existing survey provides city-level AI Act readiness data. This analysis constructs city-level estimates by combining national readiness scores with Eurostat regional AI adoption data, LinkedIn AI governance job postings by metro area, and city-level innovation indices.

Estimated Enterprise Readiness by City
Copenhagen
66
Helsinki
63
Stockholm
60
Amsterdam
58
Dublin
54
Berlin
52
Madrid
51
Munich
50
Paris
44
Milan
40

Paris paradox: Despite France's world-class AI research ecosystem (Mistral AI, INRIA, CNIL's dedicated AI Service), enterprise readiness in Paris lags behind Nordic capitals. The root cause is regulatory uncertainty: France has not designated national AI Act authorities, leaving enterprises without clear compliance guidance. Innovation does not equal compliance readiness.

Dublin's outlier status: Ireland's 15 designated sectoral regulators create complexity, but the concentration of US tech multinationals (Google, Meta, Microsoft, Apple) gives Dublin enterprises access to global compliance resources that smaller European cities lack.

7. The Compliance Gap: What's Missing

Across all countries and industries, four critical gaps emerge consistently.

Gap 1: AI System Inventory (50%+ have none)

More than half of organizations have not completed a basic inventory of their AI systems. Without an inventory, an organization cannot determine which of its AI systems fall under prohibited, high-risk, limited-risk, or minimal-risk categories. This is the most fundamental prerequisite for compliance, and the majority have not started.

Gap 2: Technical Documentation (61% have no process)

61% of organizations have no process for generating the technical documentation required for high-risk AI systems, including data governance records, model performance metrics, and human oversight procedures. Even organizations that have started compliance work often stop at governance policy and never reach technical documentation.

Gap 3: AI Literacy Programs (65% lack maturity)

82% of organizations say they provide some form of AI training. But only 35% have a mature, organization-wide program. The gap between "we have a training" and "our staff are AI literate as required by Article 4" is vast. 42% of employees say their employer expects them to learn AI on their own.

Gap 4: Designated AI Governance Owner (74% have none)

74% of organizations lack a designated internal owner or governance body for AI compliance. Without clear ownership, compliance activities are fragmented across legal, IT, and business units with no single point of accountability.

Compliance Gap Heatmap: Industry x Gap Area
AI Inventory
Tech Docs
AI Literacy
Governance
Risk Class.
Transparency
Monitoring
Financial Services
Partial
Weak
Partial
Good
Partial
Partial
Good
Technology
Partial
Partial
Good
Partial
Partial
Partial
Partial
Legal
Weak
None
Partial
Weak
Weak
Weak
Weak
Healthcare
Weak
Weak
Weak
Weak
Weak
None
Weak
Manufacturing
None
None
Weak
None
None
None
None
HR / Recruitment
None
None
None
None
None
None
None
Education
None
None
None
None
None
None
None

8. Critical Timeline

Date Obligation Who's Affected Status
Feb 2, 2025 Article 4: AI literacy obligation All providers and deployers IN FORCE
Feb 2, 2025 Article 5: Prohibited AI practices All organizations IN FORCE
Aug 2, 2025 Article 70: NCA designation deadline Member states 8/27 DONE
Aug 2, 2026 Article 50: Transparency obligations Providers of AI that interacts with persons 46 DAYS
Aug 2, 2026 Article 57: Regulatory sandboxes operational Member states 46 DAYS
Aug 2, 2026 GPAI model obligations (Art. 51-56) GPAI providers (OpenAI, Mistral, etc.) 46 DAYS
Dec 2, 2027 Annex III high-risk obligations (deferred by Omnibus) Providers/deployers of high-risk AI (HR, credit, education) DEFERRED

9. Recommendations

For Mid-Size Enterprises (50-500 employees)

Start with Article 4 today. AI literacy is already a legal obligation. Assess which staff interact with AI systems, determine their training needs based on role and context, and document the training provided. This is the lowest-cost, lowest-risk compliance action and the one most likely to face early enforcement attention.

Complete an AI system inventory this quarter. List every AI tool your organization uses, from chatbots to automated decision-making tools. Classify each by the AI Act's risk tiers. Most organizations will discover they use more AI than they thought.

Designate an AI compliance owner. Whether a CAIO, a compliance officer, or a cross-functional committee, someone must own AI governance. Without ownership, nothing moves.

For High-Risk Sectors (HR, Healthcare, Education, Credit)

Map your Annex III exposure now. The Omnibus defers high-risk deadlines to December 2027, but conformity assessment preparation takes 12-18 months. Starting in Q3 2026 gives exactly the runway needed.

Engage your national sandbox. Regulatory sandbox participation is free for SMEs and available in every member state by August 2026. Sandbox testing catches compliance gaps before deployment, when remediation costs a fraction of post-launch redesign.

For All Organizations

Do not misread the Omnibus as a blanket reprieve. Article 4 (literacy), Article 5 (prohibited practices), and Article 50 (transparency) deadlines are unchanged. These affect every organization that deploys AI.

Watch for national implementation law divergences. Germany (KI-MIG), Netherlands (Uitvoeringswet), Spain (AESIA framework), and Finland (Act 1377/2025) each add national-level requirements. Cross-border businesses must track implementation in every jurisdiction where they operate.

Takayuki Sawai
Gyoseishoshi | Founder, MmowW

Licensed administrative compliance professional specializing in regulatory frameworks across 9 countries. MmowW maintains compliance intelligence covering EU AI Act, HACCP food safety, drone regulations, and beauty industry law across 20+ jurisdictions. All analysis is reviewed by a licensed Gyoseishoshi.

Coming Q4 2026

EU AI Readiness Index Vol.2: Primary Research

Vol.2 will include direct survey data from European enterprises. If your organization would like to participate and receive your company's readiness score with industry benchmarks, register your interest below.

Check Your AI Readiness

10. Sources and Methodology Notes

Enterprise Readiness Surveys:

1. Vision Compliance. "2026 EU AI Act Readiness Report." April 2026. Finding: 78% of enterprises unprepared, 74% lack governance body, 61% lack technical documentation process. National Law Review

2. Cloud Security Alliance. "EU AI Act High-Risk Compliance Deadline." March 2026. Finding: 50%+ lack AI system inventory. CSA Labs

3. Deloitte. "State of AI in the Enterprise." September 2024. Finding: 26% actively preparing, 49% not started. Deloitte

4. ACT/TechnoMetrica. "Hidden Cost of AI Regulations." 2025. Finding: 60% of EU/UK developers report launch delays. ACT

AI Governance and Hiring:

5. MindStudio. "Chief AI Officer Role." 2026. Finding: 76% of organizations now have CAIO, up from 26% in 2025. MindStudio

6. Optro. "AI Governance Stats 2026." Finding: 8% have comprehensive governance framework, 88% actively use AI. Optro

7. LinkedIn. "2026 Skills on the Rise." Finding: AI governance demand +150% YoY, 14,000+ open AI governance roles. HeroHunt

AI Literacy and Training:

8. DataCamp. "State of Data and AI Literacy 2026." Finding: 82% provide some AI training, but only 35% have mature programs. 59% report AI skills gap. DataCamp

9. SHRM. "State of AI in HR 2026." Finding: 46% expect to use AI in HR, 67% cite awareness gap. SHRM

National Implementation:

10. Ovidiu Suciu. "AI Act Readiness Index." May 17, 2026. Government enforcement preparedness scores for all 27 EU member states. AI Act Intelligence

11. artificialintelligenceact.eu. "National Implementation Plans." Ongoing. EU AI Act Portal

12. European Parliament. "AI Regulatory Sandboxes: State of Play." April 2026. EP Think Tank

13. aiacto.eu. "AI Act: Only 8 of 27 Member States Ready." 2026. aiacto

Compliance Costs:

14. Ovidiu Suciu. "EU AI Act Compliance Costs for SMEs 2026." Finding: High-risk providers face 200K-600K EUR initial costs; non-high-risk deployers under 2K EUR/year. AI Act Intelligence

AI Adoption Data:

15. Eurostat. EU enterprise AI adoption rate: 19.95% (2025). Denmark 42%, Finland 37.8%, Sweden 35%. Alice Labs / Eurostat

16. Cambridge Centre for Alternative Finance. "2026 Global AI in Financial Services Report." Finding: 81% of financial services firms use AI. Cambridge Judge

17. Thomson Reuters. "2026 AI in Professional Services Report." Finding: 40% of firms now use generative AI, up from 22%. Thomson Reuters

Regulatory Framework:

18. European Commission. "AI Act: Shaping Europe's Digital Future." Official AI Act text and implementation guidance. European Commission

19. Gibson Dunn. "EU AI Act Omnibus Agreement." May 2026. Analysis of deferred high-risk deadlines. Gibson Dunn

Is your organization ready for the EU AI Act?

MmowW provides compliance intelligence across AI regulation, food safety, and drone law in 20+ countries. Start with a free AI readiness check.

Free AI Act Readiness Check