Skip to content
Confir.
Free trial

Every binding date in the EU AI Act.

Regulation (EU) 2024/1689 phases in from 1 August 2024 to the close of 2030. Here is when each obligation takes effect, who it lands on, and the Articles behind it.

Rollout complete

Fully in force

Every EU AI Act obligation is now in effect.

Rollout progress0 of 9 milestones in force
  1. 2024

  2. 1 August 2024

    Upcoming

    Entry into force

    Regulation (EU) 2024/1689 enters into force — twenty days after its 12 July 2024 publication in the Official Journal. Every later deadline is counted from this date.

    Art. 113
    All operators
  3. 2025

  4. 2 February 2025

    Upcoming

    Prohibited practices & AI literacy

    The Article 5 bans take effect: manipulative or exploitative AI, social scoring, untargeted facial-image scraping, emotion recognition at work and in education, certain biometric categorisation, and — for law enforcement — most real-time remote biometric identification in public. In parallel, Article 4 requires every organisation to ensure its people are AI-literate.

    Art. 4Art. 5
    Every organisation using AI

  5. 2 May 2025

    Upcoming

    GPAI Code of Practice

    The statutory target for the general-purpose AI Code of Practice under Article 56. The final Code was published on 10 July 2025 and endorsed ahead of the August GPAI obligations — covering transparency, copyright safeguards and systemic-risk evaluation.

    Art. 56
    General-purpose AI model providers

  6. 2 August 2025

    Upcoming

    GPAI obligations, governance & penalties

    Obligations for general-purpose AI models apply (Chapter V), the AI Office and national competent authorities stand up (Chapters VII and III), and the penalty regime takes effect — up to €35M or 7% of worldwide turnover for breaching the Article 5 prohibitions. GPAI-specific fines (Article 101) follow on 2 August 2026.

    Art. 51–55Art. 99
    GPAI providers · Member States · authorities
  7. 2026

  8. 2 February 2026

    Upcoming

    High-risk classification guidance

    The Commission must publish guidelines on the practical application of Article 6 — with worked examples of what is and isn't high-risk — together with a template for the post-market monitoring plan. The reference points providers will lean on to defend classification and monitoring decisions.

    Art. 6(5)Art. 72(3)
    Providers assessing high-risk status

  9. 2 August 2026

    Upcoming

    Main application date

    The core of the Act applies. High-risk systems under Annex III must meet the full regime: risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11 / Annex IV), logging (Art. 12), transparency (Art. 13), human oversight (Art. 14) and accuracy and robustness (Art. 15) — plus deployer duties, the Article 27 FRIA, EU-database registration (Art. 49), post-market monitoring (Art. 72) and serious-incident reporting (Art. 73). Each Member State must have an operational AI sandbox.

    Art. 6(2)Art. 9–15Art. 27Art. 49–73
    Annex III high-risk providers & deployers
  10. 2027

  11. 2 August 2027

    Upcoming

    Product-embedded AI & legacy GPAI

    High-risk obligations extend to AI that is a safety component of products already regulated under Annex I — medical devices, machinery, vehicles, lifts, in-vitro diagnostics and more (Article 6(1)). General-purpose AI models placed on the market before 2 August 2025 must reach full compliance by this date.

    Art. 6(1)Art. 111(3)
    Annex I product providers · legacy GPAI providers
  12. 2030

  13. 2 August 2030

    Upcoming

    Public-authority legacy systems

    High-risk AI systems already in use by public authorities before 2 August 2026 must be brought into full compliance. Private-sector legacy high-risk systems are generally caught only if they undergo a significant change in design.

    Art. 111(2)
    Public authorities operating legacy high-risk AI

  14. 31 December 2030

    Upcoming

    Large-scale EU IT systems

    The final deadline. AI components of the large-scale EU IT systems listed in Annex X — such as SIS, VIS, Eurodac, EES, ETIAS and ECRIS-TCN — placed on the market before 2 August 2027 must be brought into compliance. After this date, no legacy carve-out remains.

    Art. 111(1)
    Operators of Annex X large-scale IT systems

Source: Regulation (EU) 2024/1689 — Articles 111 & 113, with Articles 5, 6, 56, 72, 99 and 101. Verified against the consolidated text in the EU Official Journal.

Assess your first AI system with Confir today.

Create your account, add your first AI system, and produce a full EU AI Act assessment with signed conformity documentation — in days, not months.

Start free trialView platform
7-day full-access trialCancel anytime before day 7EU-hosted · GDPR Art. 28 DPA