EU AI Act Timeline — Key Dates and Deadlines 2024-2027

The EU AI Act (Regulation 2024/1689) applies in phases. Prohibited practices are already enforced since February 2, 2025. GPAI rules apply from August 2, 2025. The biggest deadline — high-risk AI system requirements — applies from August 2, 2026. Here is every date you need to know.

The Problem

The AI Act does not apply all at once. Different requirements kick in at different times over a 3-year period. Miss a deadline and you are non-compliant. But most summaries just mention "2026" without the specifics — which requirements, which date, which systems.

Complete Timeline

| Date | Milestone | What Applies | Key Articles | |------|-----------|-------------|-------------| | August 1, 2024 | Entry into force | AI Act published and enters force | Article 113 | | February 2, 2025 | Prohibited practices + AI literacy | Banned AI practices enforced; AI literacy required | Articles 4, 5 | | August 2, 2025 | GPAI rules | General-purpose AI model obligations; GPAI code of practice | Articles 51-56 | | August 2, 2025 | Governance structures | AI Office, AI Board, advisory forum fully operational | Articles 64-68 | | August 2, 2026 | High-risk AI systems | Full obligations for Annex III high-risk systems | Articles 6-49 | | August 2, 2026 | Conformity assessment | Conformity assessment required before market placement | Article 43 | | August 2, 2026 | EU AI database | High-risk systems must be registered | Article 49 | | August 2, 2027 | Annex I products | High-risk AI in existing regulated products (medical devices, machinery, etc.) | Article 6(1) |

What Is Already In Force (Right Now)

As of February 2026, these requirements already apply:

Prohibited practices (since February 2, 2025):

• Social scoring by public authorities
• Exploitation of vulnerabilities (age, disability, social situation)
• Untargeted facial recognition database scraping
• Emotion recognition in workplace and education (with exceptions)
• Biometric categorization inferring sensitive attributes
• Real-time remote biometric identification in public spaces (with law enforcement exceptions)

AI literacy (since February 2, 2025):

• Article 4: Providers and deployers must ensure staff have sufficient AI literacy

GPAI rules (since August 2, 2025):

• Articles 51-56: General-purpose AI model transparency, technical documentation
• Systemic risk obligations for GPAI above 10^25 FLOP compute threshold
• Code of practice for GPAI providers

What Is Coming: August 2, 2026

The deadline most organizations are preparing for:

• Annex III high-risk systems must meet full requirements: risk management (Article 9), data governance (Article 10), technical documentation (Article 11), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), accuracy/robustness (Article 15)
• Conformity assessment required before placing high-risk systems on the market
• Registration in EU AI database for high-risk systems
• Post-market monitoring system must be in place
• Quality management system for providers of high-risk AI

Check Your Readiness With Gibs

import gibs

client = gibs.Client(api_key="sk-gibs-...")

# Find out what applies to your system
result = client.classify(
    system_description="AI system that evaluates job applicants based on video interviews",
    regulations=["ai_act"]
)

print(result.classification)    # "high_risk"
print(result.risk_basis)        # "Annex III, Area 4: Employment"
# Full obligations apply from August 2, 2026

# Check specific timeline questions
result = client.check(
    question="When do GPAI transparency requirements apply?",
    regulations=["ai_act"]
)
# Returns: August 2, 2025, citing Articles 51-53, Article 113

Countdown

The August 2, 2026 deadline for high-risk AI is approaching. If your AI system is classified as high-risk under Annex III, you need to have conformity assessment, risk management, documentation, and human oversight in place by that date.

Who This Is For

• AI companies planning compliance timelines
• CTO offices budgeting and scoping compliance work
• Compliance teams building AI Act implementation roadmaps
• Legal teams advising clients on upcoming obligations

Try It Now

Free tier: 50 requests per month, no credit card required.

Get your API key | Read the docs | Python SDK | npm package

FAQ

Is the AI Act already in force?

Yes. The AI Act entered into force on August 1, 2024. Prohibited practices apply since February 2, 2025. GPAI rules since August 2, 2025. The remaining provisions (high-risk systems) apply from August 2, 2026.

What is the most important deadline for most companies?

August 2, 2026 — when high-risk AI system obligations take full effect. If your AI system falls under Annex III (employment, credit scoring, biometrics, etc.), you must have conformity assessment, risk management, and all Article 6-49 requirements in place by this date.

Are there penalties before August 2026?

Yes. Prohibited practices (Article 5) are already enforceable since February 2025, with penalties up to 35 million EUR or 7% of global turnover. AI literacy (Article 4) and GPAI obligations (Articles 51-56) are also already applicable.

Do existing AI systems need to comply?

Yes. Article 111(2) provides that high-risk AI systems already on the market before August 2, 2026 must comply if they are significantly modified after that date. Systems placed on the market after August 2, 2026 must be fully compliant from day one.

What happens at the August 2027 deadline?

August 2, 2027 is when high-risk obligations apply to AI systems that are safety components of products covered by existing EU harmonisation legislation (Annex I) — medical devices, machinery, toys, lifts, radio equipment, etc. These get an extra year because they already have existing conformity assessment frameworks.

Can I start preparing now?

Yes, and you should. Classify your AI systems, identify which are high-risk, and begin implementing risk management systems, documentation, and human oversight. Use the Gibs API to classify systems programmatically and identify applicable obligations.

Does Gibs cover other regulations besides the AI Act?

Yes. Gibs currently covers the EU AI Act, DORA (Digital Operational Resilience Act), and GDPR. Cross-regulation queries are supported — ask how AI Act requirements interact with GDPR data protection obligations and get cited answers from both regulations. Additional regulations are planned.