When did the EU AI Act enter into force?

The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024, following its publication in the Official Journal of the European Union on 12 July 2024.

When do the high-risk AI system obligations become applicable?

Most high-risk AI system obligations under Annex III become applicable on 2 August 2026, which is 24 months after entry into force. Some Annex III categories may be delayed to August 2027 under the proposed Digital Omnibus Regulation.

When must organisations comply with AI literacy requirements?

AI literacy obligations under Article 4 become applicable on 2 August 2025. This applies to all providers and deployers of AI systems, not only those operating high-risk systems.

Does the Digital Omnibus Regulation change the EU AI Act timeline?

The Digital Omnibus Regulation has proposed delaying certain Annex III high-risk obligations to 2 August 2027. However, foundational obligations including AI literacy (Article 4) and GPAI transparency (Article 53) remain on their original schedule.

Quick answer

The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024 and applies in stages: prohibited practices from 2 February 2025, GPAI rules from 2 August 2025, and most high-risk obligations from 2 August 2026. Remaining provisions take effect by 2 February 2027.

Updated June 2026 · MmowW AI Compliance

EU AI Act Timeline: All Compliance Deadlines Through 2027

Q: What are the penalties for non-compliance with the EU AI Act?

Fines can reach up to EUR 35 million or 7% of global annual turnover for prohibited practice violations, and up to EUR 15 million or 3% of turnover for infringements of other provisions.

Overview of the EU AI Act Implementation Timeline

Regulation (EU) 2024/1689, commonly known as the EU AI Act, follows a phased implementation approach. Rather than applying all provisions at once, the regulation introduces obligations gradually over a period of approximately three years from its entry into force on 1 August 2024. This staged approach gives organisations time to prepare for increasingly complex requirements, starting with outright prohibitions and ending with the full scope of high-risk system obligations.

Understanding this timeline is not optional. Each deadline carries enforceable obligations, and non-compliance can result in administrative fines of up to EUR 35 million or 7% of global annual turnover for prohibited practice violations, and up to EUR 15 million or 3% of turnover for other infringements.

1 August 2024: Entry Into Force

The EU AI Act was published in the Official Journal of the European Union on 12 July 2024 and entered into force on 1 August 2024. At this point, the regulation became law, but most substantive obligations had not yet become applicable. The period between entry into force and the first compliance deadline was intended for organisations to begin internal assessments, map their AI systems, and start planning compliance programmes.

Key actions at this stage include conducting an inventory of all AI systems in use or under development, identifying which systems may fall under prohibited, high-risk, or limited-risk categories, and establishing an internal governance structure for AI compliance.

2 February 2025: Prohibited AI Practices

Six months after entry into force, the provisions on prohibited AI practices under Article 5 became applicable. These prohibitions cover AI systems that pose unacceptable risks, including social scoring by public authorities, real-time remote biometric identification in publicly accessible spaces for law enforcement (with narrow exceptions), manipulation techniques that exploit vulnerabilities, and emotion recognition systems in workplaces and educational institutions.

Organisations must have confirmed by this date that none of their AI systems fall within the prohibited categories. Any system found to be non-compliant with Article 5 must have been decommissioned or substantially modified before this deadline.

2 August 2025: GPAI, AI Literacy, and the AI Office

Twelve months after entry into force, several significant provisions become applicable simultaneously. The rules on general-purpose AI (GPAI) models under Chapter V take effect, requiring providers of GPAI models to comply with transparency obligations under Article 53. Providers of GPAI models with systemic risk face additional obligations under Article 55, including adversarial testing and serious incident reporting to the AI Office.

Article 4 on AI literacy also becomes applicable at this stage. All providers and deployers of AI systems must take measures to ensure that their staff and other persons dealing with the operation and use of AI systems have a sufficient level of AI literacy. This applies regardless of whether the AI system is classified as high-risk.

The AI Office, established within the European Commission, becomes fully operational and assumes its role in overseeing GPAI model compliance, coordinating with national authorities, and issuing guidance documents.

2 August 2026: High-Risk AI System Obligations

Twenty-four months after entry into force marks the most significant compliance deadline. The full set of obligations for high-risk AI systems under Chapter III becomes applicable. This covers AI systems listed in Annex III across areas such as biometric identification, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice.

Providers of high-risk AI systems must have completed conformity assessments, prepared technical documentation in accordance with Annex IV, implemented quality management systems under Article 17, applied CE marking, drawn up EU declarations of conformity, and registered their systems in the EU database. Deployers must fulfil their own obligations under Articles 26 and 27, including fundamental rights impact assessments for certain uses.

The Digital Omnibus Regulation has proposed delaying certain Annex III obligations to 2 August 2027 for some categories. However, foundational obligations such as Article 4 (AI literacy) and Article 53 (GPAI transparency) remain on their original schedule regardless of any Annex III delays.

2 February 2027: Remaining Provisions

Thirty months after entry into force, the final set of provisions becomes applicable. This includes the rules on high-risk AI systems that are safety components of products covered by Union harmonisation legislation listed in Annex I, Section A. These are AI systems embedded in products such as machinery, toys, medical devices, and vehicles that already fall under existing EU product safety frameworks.

By this date, the full regulatory framework is in place. National market surveillance authorities should be fully operational, and enforcement actions for non-compliance across all categories of AI systems can be expected.

Priority Actions for Organisations

Organisations should approach compliance in stages that mirror the regulatory timeline. Immediate priorities include completing an AI system inventory and risk classification. Before August 2025, AI literacy programmes should be in place and GPAI model providers should have completed their transparency documentation. The period from late 2025 through mid-2026 should be dedicated to conformity assessment preparation, technical documentation drafting, and quality management system implementation for high-risk systems.

Waiting until deadlines approach is a high-risk strategy. Conformity assessment processes, particularly those requiring notified body involvement, can take months. Organisations that begin preparation early position themselves to meet each deadline with confidence rather than urgency.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.