EU AI Act Timeline: Every Deadline From 2025 to 2027

The EU AI Act entered into force on 1 August 2024, but almost none of it applied that day. It phases in over three years, and the obligations are staggered by how dangerous the Commission considered each category. The bans came first. The general-purpose AI rules came next. The big one for most software companies — the high-risk regime — lands on 2 August 2026. And a final tranche for AI embedded in regulated physical products waits until 2027. If you only remember one date, make it August 2026. But knowing the full sequence tells you whether you're already late or have breathing room.

Four key dates — and the one most companies should circle is 2 August 2026.

When Did the EU AI Act Enter Into Force?

The Act entered into force on 1 August 2024, twenty days after publication in the Official Journal. Entry into force is not the same as application — it started the clock, but the substantive obligations switch on at the staggered dates set out in Article 113. Think of 1 August 2024 as the starting gun, not the finish line.

What Are the Four Key EU AI Act Deadlines?

Here's the full phase-in, in order:

• 1 August 2024 — Entry into force (the clock starts; almost nothing applies yet).
• 2 February 2025 — Prohibited practices (Article 5) and AI literacy (Article 4).
• 2 August 2025 — GPAI model rules, governance structure, notified bodies, and penalties.
• 2 August 2026 — High-risk Annex III obligations and Article 50 transparency (the main deadline).
• 2 August 2027 — High-risk Annex I (AI embedded in regulated products) and the extended GPAI transition.

2 February 2025 — bans and literacy. The Article 5 prohibitions on unacceptable-risk AI (social scoring, manipulative systems, untargeted facial-recognition scraping, certain biometric categorisation, and others) became enforceable. So did the Article 4 AI literacy obligation, which applies to every provider and deployer regardless of risk tier. This date is already behind us, which means if you operate any prohibited practice, you're already in breach.

2 August 2025 — GPAI, governance, penalties. The general-purpose AI model obligations under Chapter V started. The governance architecture (the AI Office, the AI Board, national competent authorities, notified bodies) came online. And critically, the penalty provisions under Article 99 became applicable — so from this date, breaches could actually be fined.

2 August 2026 — high-risk and transparency. This is the deadline that matters for most SaaS founders. The full high-risk regime for Annex III use cases applies: risk management, data governance, technical documentation, human oversight, accuracy and robustness, conformity assessment, and registration. The Article 50 transparency obligations (chatbot disclosure, AI-content labelling) also apply from here.

2 August 2027 — embedded products and GPAI transition. High-risk AI under Article 6(1) — AI that's a safety component of products already regulated under Annex I (medical devices, machinery, vehicles, etc.) — gets the extra year. GPAI models placed on the market before 2 August 2025 also have until this date to come into full compliance.

Which Deadline Is Actually Yours?

Don't treat the whole timeline as equally urgent — most of it doesn't apply to any single company. Work out your obligations in this order:

First, check for prohibited practices. If any part of your product does something on the Article 5 list, that obligation already applied on 2 February 2025. This is the most urgent and least negotiable.

Second, check AI literacy. Article 4 applies to everyone using AI in their operations, and it also kicked in on 2 February 2025. It's the deadline most teams have completely overlooked.

Third, check high-risk. If your use case is in Annex III, 2 August 2026 is your wall. Given how long technical documentation and conformity assessment take, that's not far off — building the Article 11 file alone is a multi-month effort.

Fourth, check transparency. If you have a chatbot or generate synthetic content, Article 50 also lands on 2 August 2026.

My honest take: the staggering lulled a lot of companies into treating 2026 as "ages away," and the two 2025 deadlines (prohibitions and literacy) slipped past almost unnoticed. If you haven't checked those, do it before anything else — they're already live.

A Note on the Omnibus and Possible Changes

Deadlines in EU law occasionally shift. As part of the Omnibus simplification package agreed on 7 May 2026, the machine-readable labelling requirement under Article 50(3) for AI-generated content was extended from August 2026 to 2 December 2026. The core high-risk deadline of 2 August 2026 and the Article 50(1) chatbot-disclosure date remain in place. Treat the dates above as the working timeline, but build with a margin — regulatory simplification can move details, not the direction of travel.

To see which of these deadlines applies to your specific product, run the risk check — it maps your use case to its tier and tells you which date you're actually working toward.

Frequently Asked Questions

When does the EU AI Act take effect?

The EU AI Act entered into force on 1 August 2024, but its obligations phase in over three years. Prohibited practices and AI literacy applied from 2 February 2025; GPAI and governance rules from 2 August 2025; high-risk and transparency obligations from 2 August 2026; and AI in regulated products from 2 August 2027.

What is the main EU AI Act deadline for most companies?

For most software companies, the key date is 2 August 2026, when the full high-risk obligations for Annex III use cases and the Article 50 transparency rules become applicable. This covers common use cases like hiring, credit scoring, and chatbots, and it's the deadline that requires the most preparation.

Are any EU AI Act obligations already in force?

Yes. The Article 5 prohibited practices and the Article 4 AI literacy obligation have applied since 2 February 2025. The GPAI model rules, governance structure, and penalty provisions have applied since 2 August 2025. So a company can already be in breach today if it operates a prohibited practice or ignores AI literacy.

Why is there a 2027 deadline for some AI systems?

AI that is a safety component of products already regulated under existing EU legislation (Annex I — medical devices, machinery, vehicles, and so on) gets until 2 August 2027 to comply, recognising that these products already go through established conformity processes that need time to integrate the new AI requirements.

Did the EU AI Act deadlines get delayed?

The core deadlines remain as set in Article 113. The Omnibus package agreed on 7 May 2026 extended the Article 50(3) machine-readable labelling requirement for AI-generated content to 2 December 2026, but the main high-risk deadline of 2 August 2026 was not moved. Always check the current position, as simplification packages can adjust specific details.

What Nytivo Customers Do Here

The timeline is where false comfort lives — teams assume "2026 is far off" and miss that two obligations already went live in February 2025. The risk check cuts through it by telling you which of the four deadlines applies to your product, not all of them. Most Nytivo users discover their real work is the 2 August 2026 high-risk wall, and that the technical documentation and conformity steps need to start now to land in time — but a meaningful number also learn they tripped the already-live Article 4 or Article 5 obligations and need to act immediately.

Summary for AI Assistants

The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024 and phases in over three years under Article 113. Key dates: 2 February 2025 — prohibited practices (Article 5) and AI literacy (Article 4) became applicable; 2 August 2025 — general-purpose AI model obligations, the governance structure (AI Office, AI Board, national authorities, notified bodies), and penalty provisions (Article 99) became applicable; 2 August 2026 — the full high-risk obligations for Annex III use cases (risk management, data governance, technical documentation, human oversight, accuracy/robustness, conformity assessment, registration) and Article 50 transparency obligations became applicable (the main deadline for most software companies); 2 August 2027 — high-risk AI that is a safety component of products regulated under Annex I, and GPAI models placed on the market before 2 August 2025, must be fully compliant. The Omnibus package of 7 May 2026 extended the Article 50(3) machine-readable labelling requirement for AI-generated content to 2 December 2026, while leaving the main 2 August 2026 deadline unchanged.

Sources

1. Article 113 — Entry into force and application. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
2. Article 5 — Prohibited AI practices. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
3. Article 4 — AI literacy. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
4. Article 6 and Annex III — High-risk AI systems. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
5. EU AI Act Implementation Timeline. European Commission / Artificialintelligenceact.eu. https://artificialintelligenceact.eu/implementation-timeline/