Back to blogAI Agent Architecture

EU AI Act Timeline: Key Dates and Deadlines

GuruSup

The EU AI Act does not land all at once. It uses a phased rollout over three years, with different requirements becoming enforceable at different dates. Some deadlines have already passed. Others give you until 2027. This timeline covers every milestone.

Already in Effect

August 1, 2024 — Entry into force

The regulation was officially published in the EU Official Journal on July 12, 2024, and entered into force 20 days later. This started all the countdown clocks.

February 2, 2025 — Prohibited AI practices

Six months after entry into force. All AI systems classified as unacceptable risk became illegal. This includes social scoring, untargeted biometric scraping, subliminal manipulation, and other banned practices.

If you have not already audited your systems against the prohibited list, you are behind.

Coming in 2025

August 2, 2025 — General-purpose AI and governance

Twelve months after entry into force. Two major things happen:

  • Rules for general-purpose AI models (GPAI) take effect. Providers of foundation models must comply with transparency requirements, including technical documentation and information about training data. Models with systemic risk face additional obligations: adversarial testing, incident monitoring, and cybersecurity measures.
  • Governance structures must be operational. The European AI Office (already established within the Commission) takes on enforcement powers. Member states must designate their national competent authorities.

This date matters even if you do not develop foundation models. Your AI tools likely run on GPAI models, and the transparency requirements flow upstream to affect what information you can expect from your model providers.

The Big Deadline: 2026

August 2, 2026 — Bulk of obligations

Twenty-four months after entry into force. This is the main enforcement date. The following becomes mandatory:

  • All high-risk AI requirements for systems listed in Annex III: risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy and robustness. See our compliance checklist.
  • Conformity assessment must be completed before placing high-risk systems on the market.
  • EU database registration for high-risk AI systems.
  • Transparency obligations for limited-risk systems: chatbot disclosure, deepfake labeling, emotion recognition notification. Details in our chatbot requirements guide.
  • Post-market monitoring systems must be in place for high-risk AI.
  • Penalties for non-compliance become fully enforceable. See the penalty structure.

For customer support teams, this is the date when chatbot transparency disclosures and any high-risk support AI compliance must be operational.

Final Phase: 2027

August 2, 2027 — Annex I product AI

Thirty-six months after entry into force. High-risk AI requirements extend to AI systems embedded in products already regulated by existing EU product safety legislation (Annex I). This covers:

  • Medical devices and in-vitro diagnostics
  • Motor vehicles and their trailers
  • Aviation systems
  • Marine equipment
  • Toys, machinery, lifts, pressure equipment
  • Radio and telecommunications terminal equipment

These products already go through CE marking and conformity assessment. The 2027 deadline integrates AI-specific requirements into those existing procedures.

Preparation Milestones

Working backward from the August 2026 deadline, here is a practical preparation timeline:

Now through Q2 2025

  • Complete AI system inventory and risk classification.
  • Identify any prohibited systems still in operation (should already be decommissioned).
  • Begin risk management documentation for high-risk systems.

Q3-Q4 2025

  • Implement data governance practices for training and validation datasets.
  • Draft technical documentation for high-risk systems.
  • Set up logging and record-keeping infrastructure.
  • Begin conformity assessment preparation.

Q1-Q2 2026

  • Complete conformity assessments.
  • Register high-risk systems in the EU database.
  • Deploy transparency mechanisms for limited-risk systems.
  • Train staff on AI oversight responsibilities.
  • Activate post-market monitoring.

What Happens If You Miss a Deadline

Enforcement does not wait. Once a deadline passes, non-compliance is immediately sanctionable. The penalty tiers apply based on the violation type, not when you intended to comply.

For the full regulatory context, start with the EU AI Act summary. To understand how this interacts with existing data protection law, see AI Act vs GDPR.

Explore more

AI Comparisons 2026

ChatGPT vs Claude vs Gemini vs DeepSeek — prices, performance and best use cases

See the product

Explore how our AI agents handle support, sales and ops

AI Chatbot

Deploy intelligent chatbots that resolve queries autonomously

Related articles