Deadlines

EU AI Act Deadlines: The Full Compliance Timeline

Updated 14 July 2026 8 min read

The EU AI Act (Regulation (EU) 2024/1689) does not switch on all at once. Article 113 phases its obligations in over roughly three years, so which rules bind you depends on today's date and the kind of AI you build or use. This guide lays out each milestone, what applies on it, and what to do beforehand. Remember the Act is extraterritorial — it can reach you if your AI system, or its output, is used in the EU, wherever you are based.

How the phased timeline works

The Act entered into force in 2024, but its substantive obligations apply on staggered dates set by Article 113. There are four milestones that matter for most organisations:

  • 2 February 2025 — prohibited practices and AI literacy
  • 2 August 2025 — general-purpose AI (GPAI) model obligations plus governance and penalties
  • 2 August 2026 — Article 50 transparency obligations and most of the rest of the Act
  • 2 December 2027 — high-risk obligations for Annex III systems

The sections below break each one down. The safest planning assumption is to work backwards from the deadline that applies to your riskiest system. Run the free risk checker first to find out which tier you fall in.

2 February 2025 — prohibited practices & AI literacy

The first obligations to bite. From this date:

What to do before this date: Audit your AI uses against the Article 5 ban list and stop anything that falls foul of it — breaches here carry the heaviest fines. In parallel, stand up an AI literacy programme with training records, since that duty has no risk-tier or size threshold and reaches every organisation using AI.

2 August 2025 — GPAI models, governance & penalties

From this date:

  • The general-purpose AI (GPAI) model obligations apply — technical documentation, downstream information, a copyright-compliance policy and a training-data summary, with extra duties for GPAI with systemic risk.
  • The Act's governance structures and penalties provisions become operational.

What to do before this date: If you develop GPAI models, have your technical documentation, copyright policy and training-content summary ready as living artefacts. If you merely build on someone else's model, confirm your upstream provider will supply the information you need as a downstream provider.

2 August 2026 — transparency & the main body of the Act

This is the Act's central application date. From here:

  • The Article 50 transparency obligations apply — for example, informing people they are interacting with an AI system and labelling certain AI-generated or manipulated content.
  • Most of the remaining provisions of the Act become applicable.

What to do before this date: Inventory every user-facing AI touchpoint — chatbots, generated media, emotion or biometric features — and design the disclosures and labels each requires. This is also the point by which your broader compliance framework, described in the complete guide, should be operational.

2 December 2027 — high-risk (Annex III) obligations

The final major milestone. From this date, the obligations for high-risk AI systems listed in Annex III apply in full — the provider duties in Articles 9-15 and the deployer duties in Article 26, supported by the Annex IV technical documentation.

What to do before this date: If any of your systems fall under Annex III, this is the most demanding workstream and the one to start earliest. Build your risk-management system, data governance, logging, human oversight and technical documentation well ahead of the date — these cannot be assembled at the last minute.

What happens if you miss a deadline

Enforcement scales to the severity of the breach. Under Article 99, the penalties are:

  • Up to €35M or 7% of worldwide annual turnover for breaching the prohibited practices — whichever is higher.
  • Up to €15M or 3% for breaching other obligations.
  • Up to €7.5M or 1% for supplying incorrect, incomplete or misleading information.

Because the ban and the AI literacy duty came first and the prohibited-practice fines are the largest, the February 2025 milestone is the one to have addressed already. Everything after it rewards early, methodical preparation over deadline-driven scrambling.

Frequently asked questions

What are the key EU AI Act deadlines?

2 February 2025 (prohibited practices and AI literacy); 2 August 2025 (GPAI model obligations plus governance and penalties); 2 August 2026 (Article 50 transparency and most of the Act); and 2 December 2027 (high-risk obligations for Annex III systems).

When do high-risk AI obligations apply?

The obligations for high-risk AI systems listed in Annex III apply from 2 December 2027, covering the provider duties in Articles 9-15 and the deployer duties in Article 26.

Does the EU AI Act apply to organisations outside the EU?

Yes. The Act is extraterritorial: it can apply where an AI system or its output is used in the EU, regardless of where the provider or deployer is established.

Which deadline should I prioritise?

Start from the milestone that applies to your riskiest system, but note the 2 February 2025 duties (the Article 5 ban and Article 4 AI literacy) came first and the prohibited-practice fines are the largest, so those should already be addressed.

Find your risk class in 2 minutes

Free, no sign-up. Deterministic — not a chatbot.

Run the free check