When did the EU AI Act come into force?

The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024. However, its obligations apply in phases rather than all at once, with the first enforceable obligations starting on 2 August 2025.

What is the August 2026 EU AI Act deadline?

On 2 August 2026 the obligations for high-risk AI systems listed in Annex III — such as AI used in employment, education, essential services, law enforcement, and critical infrastructure — become enforceable. Providers and deployers of these systems must have a risk management system, Annex IV technical documentation, conformity assessment, CE marking, and EU database registration in place.

What became enforceable in August 2025?

Two sets of obligations applied from 2 August 2025: the Article 5 bans on prohibited AI practices, and the obligations for providers of general-purpose AI (GPAI) models. AI literacy duties under Article 4 also applied from 2 February 2025.

What is the final EU AI Act deadline?

The last major milestone is 2 August 2027, when obligations apply to high-risk AI that is a safety component of products already regulated under EU harmonised legislation listed in Annex I — for example medical devices, machinery, lifts, and toys. These products get the longer runway because they already undergo third-party conformity assessment.

Are there transition periods for AI already on the market?

Yes. High-risk AI systems placed on the market before 2 August 2026 generally only need to comply if they undergo significant changes in design after that date. General-purpose AI models placed on the market before 2 August 2025 have until 2 August 2027 to come into full compliance. Specific grandfathering rules apply to large-scale IT systems used by public authorities.

How long does EU AI Act compliance take to prepare?

For a high-risk system, a realistic standing-start timeline to CE marking is 9 to 18 months, covering classification, risk management, Annex IV documentation, data governance, conformity assessment, and (where required) notified-body engagement. This is why organisations targeting the August 2026 deadline should already be in execution.

EU AI Act Deadlines & Compliance Timeline 2025–2027

Why the EU AI Act Phases In

The EU AI Act did not switch on overnight. The legislators chose a staggered application schedule so that the most dangerous uses are banned first, while the heavy compliance machinery for high-risk systems — documentation, conformity assessment, notified bodies, and a working EU database — has time to stand up. The result is a calendar with four main checkpoints between 2025 and 2027. Knowing which checkpoint each of your AI systems falls under is the single most useful planning step you can take.

2 February 2025 — AI Literacy

The first obligation to bite was Article 4: providers and deployers must ensure their staff and anyone operating AI on their behalf have a sufficient level of AI literacy, proportionate to their role and the systems they use. There is no certification requirement, but you should be able to show a training programme exists and is tailored to risk. This is the cheapest deadline to meet and the easiest to forget.

2 August 2025 — Prohibited Practices & GPAI

This is the date enforcement became real. Two things happened at once. First, the Article 5 bans took effect: no organisation may now place on the market, put into service, or use any of the eight prohibited AI practices in the EU. Second, obligations for providers of general-purpose AI (GPAI) models applied — technical documentation, training-data summaries, copyright policies, and, for models with systemic risk, adversarial testing and incident reporting.

If you have not yet screened your AI portfolio against Article 5, do it now. This tier carries the highest fines (up to €35 million or 7% of turnover) and is already enforceable, so there is no runway left.

2 August 2026 — High-Risk Annex III Systems

This is the deadline that defines most compliance programmes. From this date, the full obligation set applies to high-risk AI systems listed in Annex III: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services (including credit scoring and insurance pricing), law enforcement, migration and border control, and the administration of justice.

To be ready, a provider needs a quality and risk management system, Annex IV technical documentation, demonstrated data governance, logging and human-oversight design, a completed conformity assessment, the CE marking, and registration in the EU AI database. Deployers need their own controls: human oversight, usage logs, fundamental-rights impact assessments where required, and operation within the system's intended purpose.

2 August 2027 — Annex I Regulated Products

The final major milestone covers high-risk AI that is a safety component of products already governed by EU harmonised legislation in Annex I — medical devices, in-vitro diagnostics, machinery, lifts, radio equipment, toys, and more. These get an extra year because they already pass through third-party conformity assessment under their sectoral rules; the AI Act obligations are layered onto those existing processes. GPAI models on the market before August 2025 must also reach full compliance by this date.

Back-Planning From Your Deadline

Because a high-risk programme takes 9–18 months, you should work backwards from your applicable date. Targeting August 2026 means classification should already be done, the risk-management system and Annex IV file should be drafting now, and conformity assessment should be scheduled. Targeting August 2027 gives a little more room, but Annex I products typically have the most complex documentation, so the extra year is quickly consumed.

Start by confirming your tier with the free GeraCompliance risk classifier, then use our compliance checklist to sequence the work. If the deadline is tight, the AI Act sprint compresses documentation into 5–15 business days.