The EU AI Act implementation timeline: understanding the next deadline for compliance

The European Union’s Artificial Intelligence Act (the AI Act) under Regulation (EU) 2024/1689, entered the European digital landscape on 1 August 2024 as the first comprehensive legislative framework of its kind for artificial intelligence.  Published in the Official Journal of the European Union on 12 July 2024, the AI Act is subject to a phased implementation timetable under Article 113, with different provisions becoming applicable at different stages rather than the Regulation becoming fully applicable from day one as a single block. For organisations in scope, the key question is not only what the AI Act requires, but when each part of it begins to apply.

The implementation timetable is supported by guidelines, harmonised standards and voluntary codes of practice intended to assist organisations and regulators with the Act’s phased application.

To understand what lies ahead in their journey to compliance, organisations should look at the timeline for application of the AI Act, paying particular attention to the varying deadlines for different chapters, obligations and transitional arrangements to become applicable.

That phased structure is meant to give organisations time to prepare for implementation. The prohibitions and AI literacy obligations have already become applicable, the rules on general-purpose AI models and certain governance provisions have also started to apply, and most of the remaining obligations are scheduled to apply from 2 August 2026, with Article 6(1) and the corresponding obligations applying later, from 2 August 2027.

The AI Act does not become applicable in a single step. Instead, its obligations apply in phases, which determines what organisations should already have addressed, what now requires attention, and what can still be prepared for.

2024: The Launch - Publication and entry into force

  • 12 July 2024: The AI Act is officially published in the Official Journal of the European Union.
  • 1 August 2024: The AI Act enters into force. The countdown for all future deadlines officially begins. None of the Act’s requirements apply at this point.
  • 2 November 2024: Deadline for EU Member States to name the authorities responsible for protecting fundamental rights under this law. By that date, Member States are required to identify and make publicly available the authorities or bodies responsible for protecting fundamental rights under Union law.

2025: First applicable obligations

  • 2 February 2025: Prohibitions take effect. AI systems considered an "unacceptable risk" (like social scoring or manipulative AI) are now illegal. Providers and deployers of AI must also start AI literacy training for staff.
  • 10 July 2025: The Commission published the General-Purpose AI Code of Practice. The Code is a voluntary compliance tool intended to help providers of general-purpose AI models demonstrate compliance with the relevant obligations under the AI Act.
  • 2 August 2025: Rules for General-Purpose AI (GPAI) models begin to apply, including the regime for certain general-purpose AI models presenting systemic risk.
    • Governance structures (like the EU AI Office) must be set up. By this date, the governance rules also become applicable.
    • Member States must have their penalty/fine systems in place.
    • New GPAI models entering the market must comply immediately.
    • Providers of GPAI models placed on the market before 2 August 2025 must take the necessary steps to comply by 2 August 2027.
  • 17 December 2025: The First Draft Code of Practice on marking and labelling of AI-generated content is published.

2026: Main application dates

  • By 2 February 2026: The Commission was expected to publish guidelines specifying the practical implementation of Article 6, including the classification of "High-Risk" AI systems and the related requirements.
  • 3 March 2026: The Second Draft Code of Practice on marking and labelling of AI-generated content is published.
  • 2 August 2026: Most of the remaining rules in the Act become active. Most of the remaining provisions of the AI Act become applicable, except Article 6(1).
    • Transparency rules (like labelling AI-generated content) start. The transparency obligations under Article 50 become applicable.
    • Every EU Member State must have at least one "AI Sandbox" (a testing environment for innovation) running.

2027: GPAI transition and regulated products

  • 2 August 2027: Stricter rules apply to AI used as safety components in products already regulated by the EU (like toys or medical devices). Article 6(1) becomes applicable. This is the key date for AI systems classified as high-risk because they are products, or safety components of products, covered by Annex I EU harmonisation legislation.
    • The Grace Period Ends: GPAI models that were already on the market before August 2025 must now be fully compliant.

2028: First review stage

  • 2 August 2028: The Commission begins its first formal reviews of the AI Office, the impact of the law and the effectiveness of voluntary codes of conduct.
  • December 1, 2028: A report is due on the "delegated powers" (the authority given to the Commission to update the law). By 2 August 2028, the Commission must also evaluate and report on, among other things, the need for amendments to Annex III, Article 50 and the AI Act’s supervision and governance system.

2029: Review of the AI Act

  • 1 August 2029: The Commission's initial power to update certain parts of the law expires (unless this period is extended). The Commission’s delegation of power runs for five years from 1 August 2024 and is tacitly extended unless opposed by the European Parliament or the Council.
  • 2 August 2029: The Commission must submit its report on the evaluation and review of the AI Act to the European Parliament and to the Council

2030: Legacy public-sector and large-scale IT Systems

  • 2 August 2030: The AI Act applies to certain high-risk AI systems placed on the market or put into service before 2 August 2026 and intended to be used by public authorities, in accordance with the transitional rules explained in the Commission’s FAQ material.
  • 31 December 2030: AI systems that are part of large-scale EU-wide IT systems (like border control databases) must be brought into compliance.

2031: Enforcement review

  • 2 August 2031: A final comprehensive assessment is performed by the Commission to see how effectively the law is being enforced across the EU.

As we look toward the milestones in 2026, organisations should be keenly aware of dates on which substantive obligations begin to apply, as well as the publication of supporting codes of practice and guidance intended to help implement those obligations. Beyond 2026, the European Commission enters the review, evaluation and reporting stage. Here, organisations will have an opportunity to contribute and share their experiences with compliance. That later phase may shape future amendments, interpretation and enforcement, but it should not distract organisations from the nearer compliance dates.  For most organisations, however, the immediate focus should be on what is already applicable, the 2 August 2026 main application date, and the further 2 August 2027 milestone for certain high-risk product-related AI systems.

Related content

Article

The European Health Data Space is in force: implications for healthcare, MedTech and life sciences

25/03/2026

Article

EU - Brazil adequacy decisions: practical implications for international data transfers

25/03/2026

Article

The EU AI Act’s draft Code of Practice on marking and labelling of AI-generated content: what providers and deployers need to know

25/03/2026

Article

The passing of the new defamation bill through the Oireachtas

17/02/2026

View more

Services

Locations