EU AI Act Timeline: Every Key Deadline from 2024 to 2031 (Updated June 2026)
The EU AI Act applies in phases, not all at once. This guide maps every enforcement deadline by date and risk tier — including the pending AI Omnibus changes — so you know exactly what applies to your organisation and when.
Last updated: June 2026 · Reading time: 8 minutes
The AI Act Does Not Apply All at Once
One of the most common mistakes companies make is treating the EU AI Act as a single compliance deadline. It is not. The regulation uses a phased implementation structure spread over seven years, with different provisions entering into force at different dates.
This matters practically: your compliance priority depends not only on your risk level but on where you stand in the timeline right now.
⚠️ AI Omnibus — pending change (June 2026): On 7 May 2026, the European Parliament and Council reached a provisional political agreement under the Digital Omnibus package to amend the AI Act's application dates. If formally adopted and published in the Official Journal before 2 August 2026, this would push the high-risk framework deadline to 2 December 2027 (Annex III standalone systems) and 2 August 2028 (Annex I product-embedded systems). Until formal adoption, 2 August 2026 remains the legally binding date. The table below reflects current law; Omnibus changes are noted separately.
The Master Timeline at a Glance
| Date | What Applies | Status |
|---|---|---|
| 1 August 2024 | AI Act enters into force | ✅ In force |
| 2 February 2025 | Prohibited AI practices banned · AI literacy obligations | ✅ Enforced |
| 2 May 2025 | GPAI Code of Practice finalised | ✅ Published 10 July 2025 |
| 2 August 2025 | GPAI model obligations · AI Office operational · Penalty provisions | ✅ In force |
| 2 February 2026 | Commission high-risk classification guidelines | ✅ Published |
| 2 August 2026 | Full high-risk framework (Annex III + Annex I) · AI Office enforcement · Transparency obligations | ⚠️ Current law — 2 months away |
| 2 December 2027 | Full high-risk framework — Annex III standalone systems (if AI Omnibus adopted) | 🔄 Pending Omnibus adoption |
| 2 August 2027 | Legacy GPAI compliance deadline | Upcoming |
| 2 August 2028 | Full high-risk framework — Annex I product-embedded systems (if AI Omnibus adopted) · First Commission evaluation | 🔄 Pending Omnibus adoption |
| 2 August 2030 | High-risk AI systems used by public authorities must comply | Upcoming |
| 31 December 2030 | Large-scale EU IT systems (Schengen, Eurodac, etc.) final deadline | Upcoming |
| 2 August 2031 | Full enforcement assessment | Upcoming |
Each Deadline in Detail
DILAIG automates this step — free AI Act audit in 20 min, FRIA generation, Annex IV Technical Documentation and EU Declaration of Conformity included. See all features →
1 August 2024 — Entry into Force
The AI Act (Regulation (EU) 2024/1689) was published in the Official Journal of the EU on 12 July 2024 and entered into force twenty days later. This date starts the clock on all subsequent deadlines. No obligations applied yet for most organisations — this was purely the legal birth of the regulation.
2 February 2025 — Prohibited Practices and AI Literacy
What entered into force:
Prohibited AI practices (Article 5) became enforceable. Any AI system that falls into one of the banned categories must have been taken off the EU market or discontinued by this date. The banned systems include:
- Subliminal manipulation systems
- Systems exploiting vulnerabilities of specific groups
- Social scoring by public authorities
- (Most) real-time remote biometric identification in public spaces
- Emotion inference in workplaces and schools
- Facial image scraping for recognition databases
- Predictive policing based on personal characteristics
AI literacy obligations (Article 4) also entered into force. Providers and deployers must ensure their staff who work with AI systems have sufficient AI literacy — understanding of AI capabilities, limitations, and the regulatory framework.
Why this matters now: If you are deploying any of the above in the EU, you are already in violation. The fine is up to €35 million or 7% of global annual turnover.
2 May 2025 — GPAI Code of Practice Finalised
The General-Purpose AI Code of Practice — the voluntary compliance framework for LLM and foundation model providers — had to be finalised by this date. It was published on 10 July 2025 and endorsed by the European Commission.
Adherence to the Code creates a presumption of compliance with Articles 53 and 55 for GPAI providers. Non-signatories face greater regulatory scrutiny.
2 August 2025 — GPAI Rules and Governance
What entered into force:
- GPAI model obligations (Articles 51–56): all providers of general-purpose AI models on the EU market must comply with documentation, transparency, copyright, and (for systemic-risk models) red-teaming and incident reporting requirements
- AI Office becomes operational with its governance and supervisory functions
- Penalty provisions become applicable — fines can now be imposed for GPAI violations
- Member States must have designated their national competent authorities
- Notified bodies framework activated for conformity assessments
Who is affected: Any company providing an LLM, foundation model, or multimodal model to EU customers or through EU-based downstream providers.
2 February 2026 — Commission High-Risk Guidelines
The European Commission must publish guidelines clarifying the implementation of Article 6 (high-risk classification rules) and post-market monitoring requirements. These guidelines help organisations determine whether their system qualifies as high-risk, particularly for edge cases not explicitly addressed in Annex III.
2 August 2026 — Full High-Risk Framework (Current Law)
This is the most significant deadline for most businesses under current law.
What enters into force:
- All obligations for high-risk AI systems (Articles 9–49): risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy, conformity assessment, EU Declaration of Conformity, and registration
- AI Office full enforcement powers: the AI Office can now conduct investigations, impose fines, and require market withdrawals for high-risk system violations
- Transparency obligations (Article 50) for limited-risk systems: chatbots, deepfakes, AI-generated content labelling
- Article 26 deployer obligations and Article 27 FRIA fully applicable under current law
Who is affected: Any provider or deployer of a high-risk AI system as defined in Annex III and Annex I.
Note: Systems placed on the market before 2 August 2026 that have not been substantially modified are not automatically required to comply — but any substantial modification triggers full compliance.
If the AI Omnibus is formally adopted before this date: The high-risk framework would be postponed to 2 December 2027 (Annex III standalone systems) and 2 August 2028 (Annex I product-embedded systems). The FRIA obligation (Article 27) would be subject to the same postponement. Until publication in the Official Journal, treat 2 August 2026 as the operative deadline.
2 August 2027 — Legacy GPAI Compliance
Legacy GPAI models: General-purpose AI models placed on the market before 2 August 2025 must be compliant by this date. This gives earlier GPAI providers a two-year runway to bring existing deployments into compliance.
Under current law (pre-Omnibus): This date also applies to Annex I product-embedded high-risk AI systems under Article 6(1) (medical devices, machinery, aviation, motor vehicles, toys). If the AI Omnibus is adopted, the Annex I high-risk deadline shifts to 2 August 2028.
2030–2031 — Long-Tail Deadlines
2 August 2030: High-risk AI systems used by public sector bodies must be compliant.
31 December 2030: Large-scale EU IT systems (Eurodac, Schengen Information System, Entry/Exit System, etc.) must comply. These systems are covered by specific EU legislation and were given an extended runway.
2 August 2031: The Commission publishes a full evaluation report on the AI Act's functioning, including whether the AI Office is working effectively and whether any amendments are needed.
Timeline by Risk Tier
Dates below reflect current law. The pending AI Omnibus (provisional agreement of 7 May 2026, not yet in force) would shift certain deadlines if formally adopted before 2 August 2026.
| Risk Tier | Current law deadline | Omnibus deadline (if adopted) | What You Must Do |
|---|---|---|---|
| Prohibited | 2 February 2025 ✅ | No change | Discontinue immediately — already enforced |
| Limited risk | 2 August 2026 | No change | AI disclosure obligations (chatbots, deepfakes) |
| High risk — Annex III (providers + deployers) | 2 August 2026 | 2 December 2027 | Full compliance framework (Art. 9–49), FRIA (Art. 27) |
| High risk — Annex I products | 2 August 2027 | 2 August 2028 | Conformity assessment under product law + AI Act |
| GPAI — new models | 2 August 2025 ✅ | No change | Art. 53–55 obligations — already enforced |
| GPAI — legacy models | 2 August 2027 | No change | Art. 53–55 obligations |
| Public sector high-risk | 2 August 2030 | No change | Full compliance framework |
What You Should Be Doing Right Now (June 2026)
If you have not started your compliance process, here is where the urgency sits:
Immediate: Verify you are not running any prohibited AI practice (Article 5). If you are, stop immediately — enforcement has been active since February 2025.
Critical — 2 months away (deadline: 2 August 2026, current law): If you operate a high-risk AI system under Annex III or Annex I, your full compliance framework (risk management, technical documentation, conformity assessment, EU Declaration of Conformity, EU database registration, FRIA) must be in place by 2 August 2026 under current law. The AI Office gains full enforcement powers from that date.
Potential extension under AI Omnibus: A provisional political agreement reached on 7 May 2026 would — if formally adopted and published before 2 August 2026 — push the Annex III high-risk deadline to 2 December 2027 and the Annex I deadline to 2 August 2028. The FRIA obligation (Article 27) would follow the same schedule. This is not yet law. Do not plan around these dates without legal advice confirming adoption status.
Overdue — GPAI: If you provide a GPAI model (LLM, foundation model), obligations under Articles 53–55 have applied since August 2025. If you have not aligned, prioritise this immediately — the Omnibus does not affect GPAI deadlines.
Planning — physical products: If your AI is embedded in a physical product (medical device, machinery, vehicle), the current Article 6(1) deadline is 2 August 2027. Under the Omnibus, this would shift to 2 August 2028 — but conformity assessments through notified bodies take months to schedule regardless.
How DILAIG Keeps You on Track
Compliance is not a one-time event. Regulations update, guidelines are published, and your AI systems evolve. DILAIG's audit is designed to be re-run whenever your system changes — and re-audits after modifications are included in the platform.
The audit determines your risk tier, maps your applicable obligations to specific articles, and generates a prioritised action plan anchored to the timeline above. For high-risk systems, it then produces the mandatory documents required before the 2 August 2026 deadline.
→ Start your free AI Act audit — 20 minutes, no credit card required.
See all features and generated documents · View pricing
FAQ: EU AI Act Timeline
Is the 2 August 2026 deadline hard?
Under current law, yes — it is the legally binding application date for the full high-risk framework, including provider obligations (Art. 9–49), deployer obligations (Art. 26), and the FRIA (Art. 27). A provisional political agreement reached on 7 May 2026 under the Digital Omnibus package would push this to 2 December 2027 (Annex III) and 2 August 2028 (Annex I), but this agreement has no legal effect until formally adopted and published in the EU Official Journal. Until then, 2 August 2026 is the operative date.
Do the deadlines apply to AI systems already on the market?
Partially. Systems placed on the market before the relevant deadline and not substantially modified benefit from a transition period. But "substantial modification" is defined broadly — a significant change to intended purpose, risk level, or technical architecture triggers full compliance.
What counts as a "substantial modification"?
The AI Act defines it as a change that affects the system's compliance status or alters its risk level. The Commission's guidelines (due February 2026) will provide further clarity. In practice, retraining on new data, adding new use cases, or changing the target population are likely to qualify.
Do the GPAI deadlines apply to open-source models?
Partially. Open-weight models under free licences are exempt from documentation and downstream information obligations (Article 53(1)(a) and (b)) — but not if the model is also classified as having systemic risk. The August 2025 deadline applied to all GPAI providers, including open-source.
Key Takeaways
- The AI Act is a phased regulation: not all obligations apply at once
- Prohibited practices have been enforceable since 2 February 2025
- GPAI obligations apply since 2 August 2025 — unaffected by the Omnibus
- Full high-risk framework applies from 2 August 2026 under current law — the most critical deadline for most businesses
- A provisional AI Omnibus agreement (7 May 2026, not yet in force) would push Annex III to 2 December 2027 and Annex I to 2 August 2028 — pending formal adoption
- The FRIA (Article 27) obligation is not suppressed by the Omnibus — only its deadline may shift
- If you are in Annex III territory and have not started compliance, do not wait on the Omnibus: it is not law yet
Further Reading
Take action
Is your AI system compliant?
Free audit in 20 minutes. Detailed report, no commitment.
Start the audit →Keep reading
Practical guides, regulatory analysis, DILAIG news.