EU AI Act Timeline: Every Deadline from 2024 to 2027
The EU AI Act is not a single deadline — it applies in 4 phases over 3 years. Some things were banned in February 2025. GPAI rules came into force May 2025. Most businesses need to be compliant by August 2, 2026. Here is the full schedule.
August 2, 2026 is 109 days away
If your business uses AI in employment, credit, healthcare, education, or any Annex III category and serves EU customers or operates in the EU, you have under 4 months to complete your conformity assessment or establish deployer compliance measures.
EU AI Act Enters Into Force
- Regulation 2024/1689 published in the EU Official Journal
- Official 20-day window after publication completed
- The clock starts on all subsequent deadlines
- No compliance obligations yet — this is the publication date
Prohibited AI Practices Banned
- AI systems listed in Article 5 are now illegal to deploy in the EU
- Real-time remote biometric identification by law enforcement (narrow exceptions)
- AI that exploits psychological vulnerabilities or manipulates people subliminally
- AI that categorises people by biometric data to infer sensitive characteristics (race, political views, sexual orientation)
- Social scoring systems by governments
- Predictive policing AI based purely on profiling
- Emotion recognition in workplaces and educational institutions (with narrow exceptions)
Note: These are hard bans. There is no compliance path — using them is a violation from this date.
Governance & GPAI Obligations Apply
- General Purpose AI (GPAI) model providers must comply — this affects OpenAI, Anthropic, Google, Mistral etc.
- GPAI providers must publish technical documentation, training data summaries, and compliance policies
- GPAI providers of "systemic risk" models (above 10^25 FLOPs) face additional requirements including adversarial testing
- EU AI Office and national AI authorities established
- National competent authorities must be designated by member states
- AI literacy obligations begin for organisations deploying AI
Note: If you build on top of a GPAI model (like GPT-4 or Claude), the GPAI provider carries GPAI obligations. Your obligations as a downstream deployer depend on your specific use case.
High-Risk AI Systems (Annex III) Must Comply
- ALL Annex III high-risk AI systems must be fully compliant — this is the main deadline
- Providers must complete conformity assessments and register in the EU AI database
- High-risk AI deployers must implement human oversight, maintain logs, conduct DPIAs
- Transparency obligations for AI systems interacting with humans (chatbots must identify themselves)
- Providers of high-risk AI must have quality management systems, post-market monitoring
- CE marking required on compliant high-risk AI systems
- National market surveillance authorities begin full enforcement
Note: This is the deadline most businesses should be working toward. Annex III covers AI used in hiring, credit, healthcare, education, biometrics, critical infrastructure, law enforcement, and justice.
Annex I Products (Safety Components) Must Comply
- AI that is a safety component in products covered by EU sectoral legislation (Annex I) must comply
- Annex I includes: machinery, toys, lifts, pressure equipment, medical devices, in-vitro diagnostics, civil aviation, motor vehicles, agricultural machinery, marine equipment, rail systems
- These AI systems go through the same conformity assessment as the product they are embedded in
- Existing products on the market before August 2026 get a longer transition period
Note: This phase matters for manufacturers. If your AI is embedded in a physical product (a medical device, a vehicle, industrial machinery), the August 2027 date applies.
What Happens If You Miss the August 2, 2026 Deadline?
National market surveillance authorities in each EU member state begin active enforcement. The fines depend on the type of violation:
| Violation type | Maximum fine |
|---|---|
| Using a prohibited AI practice (Annex I / Article 5) | €35 million or 7% of global turnover |
| Non-compliant high-risk AI system (Annex III) | €15 million or 3% of global turnover |
| Incorrect information to authorities | €7.5 million or 1% of global turnover |
| SMEs and startups | Lower of the two applicable caps |
The phased timeline vs. GDPR: why it is designed this way
GDPR came into force all at once in May 2018. The EU AI Act's phased approach is deliberately different — the EU Commission wanted to give businesses time to understand which category their AI falls into and prepare accordingly. The tradeoff:
- • Prohibited AI (Article 5): February 2025 — immediate ban on the most harmful AI. No transition for these.
- • GPAI: May 2025 — affects foundation model providers, not most businesses.
- • High-risk (Annex III): August 2026 — the main commercial compliance deadline. 2 years after entry into force.
- • Product safety AI (Annex I): August 2027 — longest runway for hardware manufacturers.
What to Do Now (April 2026)
You have roughly 3-4 months until the August 2, 2026 deadline. Here is the realistic action sequence for most businesses:
Week 1: AI inventory
List every AI system your business uses or builds. Include vendor AI tools (ChatGPT Enterprise, Salesforce Einstein, HireVue, etc.). The inventory is the foundation of everything else.
Week 2: Risk classification
Map each AI system to the appropriate risk category. Most will be minimal risk. Identify any that fall in Annex III. Use ComplianceIQ to do this in 30 minutes.
Week 3-4: Gap analysis
For each Annex III AI: are you the provider (you built it) or deployer (you use it)? What requirements apply? What is missing? Document the gaps.
Month 2: Documentation & processes
Providers: start conformity assessment, technical documentation, QMS. Deployers: implement human oversight processes, train staff, ensure logging.
Month 3: Register and certify
Providers: register in EU AI database. Deployers: verify vendors are registered. Finalize documentation.
August 2, 2026: Enforcement begins
Have your documentation ready. National authorities will be active. Be prepared to demonstrate compliance if asked.
Find out where your AI stands against the August deadline
ComplianceIQ runs your AI inventory through all EU AI Act phases, tells you exactly what applies to you, and generates a prioritised action plan with days remaining.