EU AI Act

Regulation (EU) 2024/1689 entered into force on the twentieth day following its publication in the Official Journal on 12 July 2024. The Regulation applies in phases over subsequent years pursuant to Article 113.

Applies to: All providers, deployers, importers and distributors of AI systems and GPAI models in the EU market

Article 5 prohibitions on unacceptable-risk AI systems become enforceable: subliminal manipulation, exploitation of vulnerabilities, social scoring by public authorities, real-time remote biometric identification in public spaces (with limited exceptions), emotion recognition in workplace and education, AI-based profiling to predict offences, and untargeted facial image scraping.

Applies to: All providers and deployers of AI systems in the EU

Note: Already in force since 2 February 2025. Verified against Art. 113(1) — six months after entry into force.

Article 4 requires providers and deployers to take measures to ensure a sufficient level of AI literacy for their staff and persons operating AI systems on their behalf. This obligation became binding on 2 February 2025 alongside the prohibited practices prohibition.

Applies to: All providers and deployers of AI systems in the EU

Note: Already in force since 2 February 2025. Verified against Art. 113(1) — six months after entry into force.

Chapter V provisions for providers of general-purpose AI models become applicable: technical documentation (Annex XI/XII), transparency information, copyright summary, and — for systemic-risk models — adversarial testing, incident notification, and cybersecurity measures. Codes of practice for GPAI model providers must also be finalised under Article 56.

Applies to: Providers of general-purpose AI models made available in the EU; providers of GPAI models with systemic risk

Note: Verified against Art. 113(3) — twelve months after entry into force (1 August 2024 + 12 months = 2 August 2025). NOTE: the task brief references Art. 113(c) but the phased dates are set out in Article 113 paragraphs, not lettered sub-provisions in the OJ text. This date is confirmed from the regulation text.

Full obligations for high-risk AI systems listed in Annex III become applicable: risk management system (Art. 9), data governance (Art. 10), technical documentation (Art. 11), record-keeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy and robustness (Art. 15), quality management (Art. 17), conformity assessment (Art. 43), EU database registration (Art. 71), and post-market monitoring (Art. 72). Annex III categories include biometrics, critical infrastructure, employment/HR tools, education/vocational training, essential private and public services, law enforcement, migration and asylum, and administration of justice.

Applies to: Providers and deployers of high-risk AI systems listed in Annex III (biometrics, critical infrastructure, employment, education, essential services, law enforcement, migration, justice)

Note: Verification needed — The original date (2 August 2026) is set by Art. 113(6) — 24 months after entry into force. The European Commission's Omnibus simplification package (COM(2025)87, February 2025) proposed amendments. A political agreement on certain Omnibus elements was reported but, as of 2026-05-12, formal adoption of amendments to Regulation (EU) 2024/1689 that would alter this date has not been confirmed in the Official Journal. This milestone remains at 2026-08-02 until a revised regulation is published. Human review required before asserting postponement.

AI systems that are safety components of products covered by the Union harmonisation legislation listed in Annex I (e.g. machinery, medical devices, automotive) must comply. These systems must also pass conformity assessment under the applicable sectoral legislation.

Applies to: Providers of AI systems that are safety components of products under Annex I sectoral legislation (machinery, medical devices, lifts, radio equipment, etc.)

Note: Same caveats as Annex III milestone. Verification needed for any Commission-proposed postponement prior to asserting a revised date.

General-purpose AI models that were placed on the market before 2 August 2025 must comply with the Chapter V GPAI obligations by this date. This is the transitional grace period for legacy GPAI models.

Applies to: Providers of general-purpose AI models that were on the EU market before 2 August 2025 and have not yet complied with Chapter V obligations

Note: Verified against Art. 113(3) — 36 months after entry into force (1 August 2024 + 36 months = 2 August 2027).