EU AI Act Implementation Roadmap: Eight Phases to Full Compliance
EU AI Act compliance roadmap: 8 phases from inventory to post-market monitoring. Correct deadlines — Art 5 live, Art 50 Aug 2026, Annex III Dec 2027.
EU AI Act compliance is not a single event. It is a project — one that runs across multiple deadlines, eight obligation clusters, and two distinct roles depending on what your organisation actually does with AI. The prohibited practices under Article 5 have applied since 2 February 2025. Literacy obligations under Article 4 are already live. Transparency rules for limited-risk systems land on 2 August 2026. Full high-risk obligations apply from 2 December 2027 for stand-alone Annex III systems (and from 2 August 2028 for AI embedded in regulated products, under the Digital Omnibus agreed in May 2026). That gives you a window — but documentation alone takes months, and the sequence matters.
This roadmap maps the eight implementation phases in order. Work through them top to bottom.
Phase 1: Inventory Every AI System You Build or Deploy
Before you can classify anything, you need a list. Most organisations undercount their AI exposure. Procurement-bought tools, developer integrations, and embedded scoring models all count if they meet the Regulation (EU) 2024/1689 definition in Article 3(1): a machine-based system that infers from inputs how to generate outputs such as predictions, decisions, recommendations, or content.
Walk through every line of business and ask: does this tool make a prediction, a recommendation, or a decision? Note the vendor, the version, the intended use, and whether the organisation built it or bought it. That last question pre-positions the role determination in Phase 2.
Maintain this as a living register. New system? Add it before deployment, not after.
Phase 2: Classify Each System and Derive Your Role
Classification determines everything downstream. Article 6 establishes four outcomes, and two of them impose no EU AI Act obligations.
Prohibited — Article 5 (in force 2 February 2025). Certain practices are banned outright regardless of safeguards. Key examples: real-time remote biometric identification in publicly accessible spaces for law enforcement (with narrow exceptions requiring judicial authorisation); social scoring of natural persons by public authorities; subliminal manipulation causing harm (Article 5(1)(a)); emotion recognition in workplaces and educational institutions (Article 5(1)(f)); predictive crime profiling based solely on profiling without objective factual grounding (Article 5(1)(d)); untargeted facial-image scraping to build recognition databases (Article 5(1)(e)); and sensitive-characteristic biometric categorisation (Article 5(1)(g)). These are not high-risk — they are prohibited. The fine ceiling is €35,000,000 or 7% of worldwide annual turnover (Article 99(3)), whichever is higher. If any system on your inventory touches these uses, it must stop immediately.
High-risk — Article 6 + Annex III (standalone deadline: 2 December 2027). Annex III lists eight categories: biometrics (remote identification; categorisation by sensitive characteristics; emotion recognition — distinguishing the permitted from the prohibited); critical infrastructure safety components; education and vocational training (admission, evaluation, exam-proctoring); employment and worker management (recruitment, screening, performance evaluation, task allocation — Annex III point 4); access to essential private and public services (creditworthiness/credit scoring at point 5(b), excluding fraud detection; life and health insurance risk assessment at 5(c); emergency dispatch; public-benefits eligibility); law enforcement (risk-of-offending assessment, polygraph, evidence reliability); migration, asylum and border control; and administration of justice and democratic processes.
Before accepting high-risk classification, check the Article 6(3) filter. A system that falls in an Annex III category is not high-risk if it performs a narrow procedural task, improves the result of a previously completed human activity, detects decision patterns without replacing or influencing human assessment, or does only preparatory work — and does not pose a significant risk of harm. One of those four conditions is enough; you do not need all four. But any system that profiles natural persons is always high-risk regardless. If you claim the exemption, document it and register the system under Article 49 anyway.
Limited / transparency risk — Article 50 (2 August 2026). Chatbots, synthetic media generation, emotion recognition (where not prohibited), and AI-generated content marking. The primary obligation is disclosure: users must know they are interacting with AI. No conformity assessment, no technical file. Article 50 has four paragraphs — 50(1) for chatbots, 50(2) for emotion recognition, 50(4) for public-interest text labelling.
Minimal risk — no mandatory EU AI Act obligations. Spam filters, recommendation engines in non-critical contexts, most productivity tooling. GDPR and general product safety still apply.
Derive your role simultaneously. If your organisation places an AI system on the EU market under your own name or trademark, you are a provider (Article 16) — the full obligation stack applies. If you operate a third-party system in a professional capacity under your authority, you are a deployer (Article 26). Most companies are deployers of bought tools and providers of products they ship to customers; many are both. Article 25 converts a deployer into a provider on rebranding, substantial modification (Article 3(23)), or repurposing.
Phase 3: Gap Assessment Against Articles 9–15
Once you know which systems are high-risk and whether you are the provider or deployer for each, map what you have against what the Act requires. The high-risk obligation set for providers runs across seven articles:
| Article | Obligation |
|---|---|
| Art 9 | Risk management system — continuous, iterative, documented |
| Art 10 | Data and data governance — training, validation, testing datasets |
| Art 11 + Annex IV | Technical documentation — nine content areas defined in Annex IV |
| Art 12 | Automatic logging / record-keeping |
| Art 13 | Transparency to deployers — instructions for use, capabilities, limitations |
| Art 14 | Human oversight — meaningful, not ceremonial |
| Art 15 | Accuracy, robustness, cybersecurity |
Run through each and score your current state honestly. Where nothing exists — no risk register, no data sheet, no oversight protocol — that is a gap requiring a work package. This gap assessment becomes your implementation backlog for Phases 4 through 7.
Deployers have a shorter list: follow provider instructions (Art 26(1)); ensure users are trained (Art 26(2)); implement human oversight where required (Art 26(3)); keep usage logs for at least six months (Art 26(6) — six months, not two or five years); notify workers' representatives before workplace deployment (Art 26(7)).
Phase 4: Build the Risk Management System (Article 9) and Data Governance (Article 10)
Article 9 requires providers to establish and maintain a risk management system throughout the lifecycle of a high-risk AI system. Four components: identify and analyse foreseeable risks; estimate and evaluate the risks that can materialise; adopt mitigation measures; and test their adequacy. Residual risk must be acceptable. The system must be updated whenever the AI system changes.
The risk register that emerges from Article 9 is the backbone of the Article 11 technical file and the evidence base for the Article 43 conformity assessment. Document every step.
Article 10 governs training, validation, and test data: relevance to intended purpose; representativeness; freedom from errors where reasonably possible; adequacy for the specific use. Gaps, biases, and deficiencies must be addressed and statistical properties documented — including demographic breakdowns where natural persons are affected. Article 10 is data governance. Staff competence is Article 4 (AI literacy), in force since 2 February 2025. The two are separate.
Phase 5: Compile Article 11 Technical Documentation and the Article 17 Quality Management System
Technical documentation under Article 11 must exist before market placement. Annex IV defines nine content areas: general description; elements and development process; performance information; monitoring and control arrangements; Article 9 risk management documentation; post-conformity changes; harmonised standards applied; the Article 47 Declaration; and cybersecurity measures. This is the document regulators will ask for first. Retain it for ten years after the system exits the market (Article 18).
The Article 17 QMS formalises the processes behind that file — data governance, change management, performance testing, incident handling. ISO/IEC 42001:2023 (38 Annex A controls across nine areas) maps well to Articles 9, 10, and 17, but certification is voluntary and does not replace the Article 43 conformity assessment.
Phase 6: Human Oversight (Article 14) and Transparency (Articles 13 and 50)
Article 14 is the most operationally demanding obligation for deployers. Oversight must be meaningful: the person exercising it must understand what the system is doing, have authority to override its output, and be able to identify anomalies. Ceremonial sign-off does not satisfy Article 14. Document who is responsible, what their competences are, and how overrides are recorded.
For providers, transparency to deployers is Article 13: instructions for use, performance levels and limitations, known risks, oversight requirements, and use restrictions.
For limited-risk systems, Article 50 applies. Chatbot users must be informed they are interacting with an AI (Article 50(1)); emotion recognition systems must inform subjects in real time (Article 50(2)). Deadline: 2 August 2026 — one of the earliest hard deadlines remaining.
The Article 27 FRIA applies to public bodies and to deployers of creditworthiness (Annex III 5(b)) or life/health insurance systems (5(c)). Private employers deploying recruitment AI do not automatically owe one. Where a GDPR Article 35 DPIA exists, Article 27(4) allows the FRIA to build on it.
Phase 7: Conformity Assessment (Article 43), Declaration of Conformity (Article 47), CE Marking (Article 48), and Registration (Article 49)
This phase closes out the pre-market obligations for providers of high-risk systems.
Conformity assessment — Article 43. Two routes exist. Annex VI is internal self-assessment: the provider documents compliance without a notified body. Annex VII is the notified-body route, generally required for Annex III point 1 (biometrics) where harmonised standards have not been applied. Systems in Annex III points 2–8 use Annex VI internal self-assessment in most cases. Do not assume a notified body is required for non-biometric high-risk systems.
Declaration of Conformity — Article 47. The provider issues a Declaration using Annex V, attesting that the system meets Regulation (EU) 2024/1689. Only the provider can sign it.
CE marking — Article 48. Affixed to the system or accompanying documentation after the Declaration is issued.
Registration — Article 49. Providers of stand-alone high-risk Annex III systems must register in the EU database (established under Article 71) before market placement. Registration is Article 49; the database is Article 71 — separate provisions, same obligation chain.
Phase 8: Post-Market Monitoring (Article 72) and Incident Reporting (Article 73)
Article 72 requires providers to maintain a post-market monitoring system throughout the AI system's operational life: collect real-world performance data, identify unexpected behaviours, and trigger corrective action. The monitoring plan forms part of the Article 11 technical file.
Article 73 governs serious incident reporting. A serious incident is defined in Article 3(49). Reporting timelines: 15 days from awareness (Article 73(2)); 2 days for widespread or irreversible disruption to critical infrastructure (Article 73(3)); 10 days where a person has died (Article 73(4)). An incomplete initial report is permitted and must be completed as information arrives (Article 73(5)). Reports go to the market-surveillance authority of the member state where the incident occurred. This is a provider obligation — deployers monitor and flag issues to the provider under Article 26.
Retention: technical documentation ten years (Article 18); deployer logs six months (Article 26).
Mapping Phases to the Compliance Timeline
| Deadline | What is live | Relevant phases |
|---|---|---|
| 2 February 2025 | Article 5 prohibitions; Article 4 AI literacy | Phase 1 (inventory); Phase 2 (prohibited-practice check) |
| 2 August 2025 | GPAI obligations (Articles 51–55); governance/AI Office; Article 99 penalties | Phase 2 (GPAI role check) |
| 2 August 2026 | General application; Article 50 limited-risk transparency | Phase 2 (limited-risk); Phase 6 (Article 50 transparency) |
| 2 December 2027 | High-risk Annex III stand-alone systems (Digital Omnibus) | Phases 3–8 |
| 2 August 2028 | High-risk AI embedded in Annex I regulated products (Digital Omnibus) | Phases 3–8 |
The 2 December 2027 date is not a reason to wait until 2027. Article 11 documentation takes months to assemble. Article 9 risk management systems take time to build and test. Article 43 conformity assessments — particularly the Annex VII notified-body route — have booking lead times. Companies that start in late 2027 will not make the deadline.
How Confir Helps
Confir runs the full sequence in three sessions or fewer. Phases 1 and 2 use a guided intake — plain-English scenarios about what each system does and who operates it — with a rule-based, deterministic engine that classifies under Articles 5 and 6 (Annex III logic) and derives your role. Phase 3 maps to four structured assessment tracks: AIRC (risk classification: Articles 5/6/43/50), AITR (data and technical robustness: Articles 10/11/15), AITO (transparency and oversight: Articles 13/14/27/50), and AIGM (governance and post-market monitoring: Articles 9/72/73). Phases 5 and 7 generate the Annex IV documentation pack and the Article 47 Declaration of Conformity. The Article 27 FRIA runs where triggered. Same intake, same output, every rule stated in plain text — audit-defensible by design.
Frequently Asked Questions
What is the correct deadline for high-risk AI compliance after the Digital Omnibus?
Under the Digital Omnibus (political agreement 7 May 2026), the deadline for stand-alone high-risk Annex III systems moved from 2 August 2026 to 2 December 2027. High-risk AI embedded in Annex I regulated products (medical devices, machinery) has until 2 August 2028. These deferrals do not affect Article 5 prohibitions (live 2 February 2025), Article 4 literacy (live), Article 50 limited-risk transparency (still 2 August 2026), or GPAI obligations under Chapter V (in force 2 August 2025).
How do I decide whether my organisation is a provider or a deployer?
If you place an AI system on the EU market under your own name or trademark, you are a provider under Article 16. If you operate a third party's AI system in a professional capacity, you are a deployer under Article 26. The two roles are not mutually exclusive. Article 25 converts a deployer into a provider on rebranding, substantial modification (Article 3(23)), or repurposing outside the system's intended scope.
Do deployers need their own risk assessment, or can they rely on the provider's conformity file?
Both are required. The provider's conformity assessment (Article 43) covers development-stage and market-level risks — the system as designed. Article 26 requires deployers to assess deployment-context risks: how the system integrates, who operates it, and what the operational environment introduces. Article 26 requires logs for at least six months; Article 26 requires notification to workers' representatives before workplace deployment. Neither party substitutes for the other.
What are the correct penalty tiers under Article 99?
Three tiers, each "whichever is higher" of a fixed sum or a percentage of total worldwide annual turnover. Article 5 prohibitions: €35,000,000 or 7% (Art 99(3)). Most other obligations including high-risk and provider/deployer duties: €15,000,000 or 3% (Art 99(4)). Incorrect information to authorities or notified bodies: €7,500,000 or 1% (Art 99(5)). For SMEs and start-ups, Article 99(6) caps the fine at the lower of the two measures. GPAI provider fines are a separate instrument under Article 101.
When must a serious incident be reported, and to whom?
Article 73 is a provider obligation, not a deployer obligation. General window: 15 days from awareness (Art 73(2)). Shortened to 2 days for widespread infringement or irreversible disruption to critical infrastructure (Art 73(3)); 10 days where a person has died (Art 73(4)). Reports go to the market-surveillance authority in the member state where the incident occurred. Deployers flag issues to the provider; the provider files with authorities.
Do I need a Fundamental Rights Impact Assessment?
The Article 27 FRIA applies to public bodies and bodies exercising public authority in any Annex III use, and to deployers of creditworthiness systems (Annex III 5(b)) or life/health insurance risk-assessment systems (5(c)). Private employers deploying recruitment or performance-management AI are not automatically in scope. Where a GDPR Article 35 DPIA exists, Article 27(4) allows the FRIA to build on it — they cover different dimensions of risk.
What does the Article 6(3) downclassification filter actually require?
A system that falls in an Annex III category is not high-risk if it satisfies one of four conditions: it performs a narrow procedural task; it improves the result of a previously completed human activity; it detects decision patterns without replacing or influencing human assessment; or it does only preparatory work. One condition is sufficient — not all four. Exception: any system that profiles natural persons is always high-risk regardless of which conditions are met. Providers claiming the exemption must document the assessment and still register the system under Article 49.
Related guides
- Articles 6-11 risk classification requirements
- Articles 6–29 compliance obligations checklist
- EU AI Act regulatory framework overview
- Article 6 high-risk AI classification
- SMB-focused compliance guidance
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →