By Charlie Bromley-Griffiths, Senior Legal Counsel, Conga
The deadline for the European Union’s (EU’s) AI Act is fast approaching.
From August 2026, a majority of the regulation’s rules will become legally enforceable across all EU member states, setting tougher expectations around how organisations can safely use AI in their business.
Failure to comply with the Act can lead to some hefty consequences, with penalties potentially reaching up to €35 million. The good news, though, is that businesses are prepared — or, at least, they think they are.
In a survey conducted by Conga of 1,500 business leaders across Europe, four-in-five said that their organisations are ready for the EU AI Act.
But at the same time, a fifth said they were unaware that the Contract Lifecycle Management (CLM) or Configure, Price, Quote (CPQ) systems that they were using already had AI embedded in them.
The findings reveal an alarming blind spot. Why? Because quoting and contracting solutions can assess risk and influence pricing. This means that if AI is embedded within them, they are often classified as ‘high-risk’ systems under the Act, carrying with it even stricter obligations. And if organisations can’t even clarify where AI sits across their systems, they can’t know that they’re fully compliant.
So, with the August deadline looming, organisations need a clearer view of how AI is being used in their CPQ and CLM systems, as well as how they can stay compliant.
Where AI is being used in finance
AI has had a major impact on CPQ and CLM workflows. In quote generation, for example, AI can cut down on a lot of the legwork by providing Stock Keeping Unit (SKU) recommendations or product information. Pricing has also been made more efficient and consistent with AI, since it can pull from trends and historical data on a scale that would ordinarily be impossible for humans.
Similarly, contracting has seen some major improvements from automation. AI can now create first drafts based on approved guidelines, automatically monitor renewal windows or upcoming obligations, and even flag potential inconsistencies during negotiations.
CPQ and CLM systems underpin how businesses manage revenue, obligations, and regulatory exposure, and AI has made these solutions even more effective. So much so, that AI has quickly transitioned from a competitive advantage to an absolute necessary. But as high-risk requirements come closer, the AI involved can’t be a ‘black box’. Instead, it has to be transparent and explainable to ensure your business stays compliant.
How to build a compliance framework
The first step is having a complete picture of how automation is affecting your workflows to determine what will need to be recorded and governed under the Act. From there, organisations can start building a compliance framework that is centred around three core principles: governance, data integrity, and resourcing.
Governance structures are key since responsibility for AI in contract management can often span multiple functions and teams. Without oversight and auditability, AI introduces new risks. As such, businesses need to assign ownership, set potential escalation paths, and keep a single, auditable history to govern their systems effectively. Fundamentally, quoting and contracting processes now need to be treated as regulated systems, meaning any AI-generated response needs to be fully transparent and explainable.
Similarly, every figure or data point generated by your AI will flow directly into the contracts that follow, so organisations need to run audit trails across quoting and contracting. Businesses need to defend their workflows once the EU AI Act takes effect, and as such, any recommendations produced by AI need to be justifiable and free from bias.
Finally, budgeting for compliance needs to be a part of the initial investment plan, not just tacked on at the end. Readiness for the Act depends on having the resources for audits, training, and future updates.
An opportunity beyond compliance
The question isn’t how to use AI in financial services anymore. It’s how to use it responsibly.
Ultimately, I would encourage businesses not to look at regulation as a burden but as an opportunity. Proper governance allows organisations to become more connected and intelligent businesses, minimising risk and building the foundations that can lead to long-term growth.
And while building a compliance framework sounds daunting at first, there are fortunately platforms available now designed around regulatory requirements, ensuring outputs align with the relevant guidelines.
Fundamentally, compliance is a non-negotiable, and the August deadline is coming whether you like it or not. So why not capitalise on it and make your preparedness a competitive advantage?
This content is for informational purposes only and does not constitute legal advice. Please consult a licensed legal professional for advice specific to your situation.