Organizations have been rationally avoiding the hardest upstream work in AI deployment: articulating what their systems actually do, what they optimize for, and why those choices are defensible. That avoidance is political as much as practical. Writing the spec forces disagreements into the open.
The EU AI Act's documentation requirements read like the design specification most teams never wrote. Intended purpose, trade-off rationale, metric justification. A regulator, in effect, mandating the homework the ecosystem kept deferring.
The GDPR parallel is instructive. Before 2018, most organizations couldn't inventory their own data. The deadline created the discipline. The AI Act forces something harder: not just knowing what you have, but explaining why it's defensible. Whether that discipline outlasts the compliance scramble will determine if this is a one-time audit or a genuine shift in how systems get built.