EU AI Act Timeline: Every Milestone, Every Deadline

Regulation (EU) 2024/1689 entered into force on 1 August 2024. It does not apply all at once. Obligations arrive in six distinct waves across four years, each wave binding a different set of actors. Getting the sequence wrong — or relying on a summary that still shows the now-outdated August 2026 high-risk date — is the fastest route to a mispriced compliance programme.

This article gives you the complete chronology: each date, what activates on that date, which articles govern it, and what it means in practice.

The Six Milestones at a Glance

These dates come directly from Article 113 of the Regulation, read alongside the Digital Omnibus political agreement reached on 7 May 2026. Each one is fixed; none floats based on when you placed your system on the market.

---

1 August 2024 — Entry into Force

The Regulation was published in the EU Official Journal and entered into force twenty days later. Nothing is enforceable on this date. The clock starts; the obligations do not.

The practical significance is for providers who had already started developing high-risk systems. Any system placed on the market before the relevant application date still needs to comply by that date — "already in use" is not a permanent exemption.

---

2 February 2025 — Prohibitions and AI Literacy

Six months after entry into force, two sets of obligations became live.

Article 5 prohibitions banned eight categories of AI practice outright. The most consequential:

• Subliminal or manipulative techniques that exploit psychological vulnerabilities to distort behaviour without the person's awareness (Art 5(1)(a)).
• Social scoring by public or private bodies that leads to detrimental treatment in unrelated contexts (Art 5(1)(c)).
• Real-time remote biometric identification of natural persons in publicly accessible spaces by law enforcement, outside the narrow listed exceptions (Art 5(1)(h)).
• AI that infers emotions in the workplace or educational institutions — prohibited regardless of purpose (Art 5(1)(f)).
• Untargeted scraping of facial images from the internet or CCTV to build or expand facial recognition databases (Art 5(1)(e)).
• Biometric categorisation inferring sensitive characteristics such as race, political opinions, or sexual orientation (Art 5(1)(g)).
• AI that assesses the risk of natural persons committing offences solely on the basis of profiling, without factual conduct (Art 5(1)(d)).

These are not high-risk obligations. They are bans. A system in any of these categories should not exist in the EU market; the question is not "how do we comply" but "do we decommission or redesign before 2 February 2025."

Enforcement: fines under Article 99(3) — up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher. For companies below that ceiling, Article 99(6) caps the fine at the lower of the percentage or fixed amount.

Article 4 AI literacy also became binding on 2 February 2025. Providers and deployers must take measures to ensure that staff who operate or oversee AI systems have sufficient AI literacy — appropriate to the systems they handle and the context of deployment. This is not a training certification. It is a proportionate competence standard, and it applies to all AI, not only high-risk systems.

---

2 August 2025 — GPAI, Governance, and Penalties

One year after entry into force, three things became live simultaneously.

General-Purpose AI (GPAI) model obligations under Chapter V (Articles 51–56) now apply. These attach to the model provider, not to the company deploying an application built on top. The baseline duties under Article 53 apply to all GPAI providers: technical documentation, provision of information to downstream deployers, a publicly available copyright policy, and a summary of training data. For providers whose models are classified as systemic risk (the Article 51 threshold: 10²⁵ FLOPs of training compute, or a Commission designation), the heavier obligations under Article 55 also apply — model evaluations, adversarial testing, incident reporting, and cybersecurity measures.

GPAI providers who had models on the market before 2 August 2025 have until 2 August 2027 to bring those earlier models into compliance. This is the only GPAI-specific transitional date. The Digital Omnibus high-risk deferral does not touch Chapter V — do not attach the December 2027 date to GPAI articles.

Governance structures came online with penalties. The AI Office within the European Commission, national competent authorities, and the scientific panel of independent experts are all operational. Advisory forums are established. The infrastructure for enforcement exists.

Article 99 penalties are now effective. All three tiers of fines can be imposed from this date. As noted above, the Article 5 violations are the most severe (€35M/7%); most other obligations carry the €15M/3% ceiling under Article 99(4); supplying incorrect or misleading information to notified bodies or authorities is €7,500,000 or 1% under Article 99(5). The GPAI-specific fine mechanism (Article 101, imposed by the Commission) operates separately.

---

2 August 2026 — General Application and Article 50 Transparency

This is the date most compliance summaries call "the deadline." It is, more precisely, the date on which the Regulation applies generally — all provisions not already in force and not explicitly deferred apply from here.

The substantive obligation that lands squarely on 2 August 2026 for most companies is Article 50 limited-risk transparency. Four disclosure duties:

• If you operate a chatbot or other conversational AI, you must inform natural persons that they are interacting with an AI system — in advance, clearly, and in a way that does not require the person to ask (Art 50(1)).
• Providers of AI systems that generate synthetic audio, image, video, or text must ensure the output is marked as AI-generated or AI-manipulated, with narrow exceptions for assisting human creativity or content clearly flagged as satire (Art 50(2)).
• Providers and deployers of emotion-recognition or biometric-categorisation systems must inform the natural persons concerned, except where the use is expressly permitted for law enforcement purposes (Art 50(3)).
• Providers of AI systems that generate or manipulate text published in the public interest — news, election content — must mark the content as machine-generated in a manner detectable, at minimum, automatically (Art 50(4)).

Article 50 is not the same as the high-risk transparency rules under Article 13 (which require providers to give deployers sufficiently detailed instructions for use). Article 13 is part of the high-risk stack. Article 50 governs limited-risk systems — chatbots, deepfakes, generative content — regardless of whether they are high-risk.

2 August 2026 is also the date on which general high-risk obligations were originally scheduled to apply. Under the Digital Omnibus, that wave has been deferred. What remains at 2 August 2026 is everything the Act covers that does not fall into the earlier milestones and is not a high-risk Annex III or Annex I product obligation.

---

2 December 2027 — High-Risk Annex III Stand-Alone Systems

This is the date that moved. The original Article 113 application schedule placed high-risk obligations at 2 August 2026. Under the Digital Omnibus — a Commission proposal of 19 November 2025, with political agreement between the Parliament and Council on 7 May 2026 — stand-alone high-risk AI systems under Annex III are deferred to 2 December 2027.

Annex III lists eight areas:

1. Biometrics (remote biometric identification where permitted; biometric categorisation where not already prohibited; emotion recognition where permitted by law).
2. Critical infrastructure (safety components in digital infrastructure, road traffic, water, gas, electricity, heating).
3. Education and vocational training (admission/assignment decisions; evaluation of learning outcomes; exam monitoring).
4. Employment and worker management (recruitment screening and selection; promotion/termination; task allocation; performance monitoring). Emotion recognition in this category remains prohibited — it does not become merely high-risk by being in Annex III.
5. Access to essential private and public services (creditworthiness and credit scoring, excluding fraud detection; life and health insurance risk and pricing; emergency dispatch; public benefits eligibility).
6. Law enforcement (risk-of-offending or recidivism assessment grounded in objective facts; polygraph-style systems; evidence reliability assessment; profiling in investigations).
7. Migration, asylum, and border control (risk assessment of applicants; examination of applications; document verification).
8. Administration of justice and democratic processes (assisting judicial authorities; influencing elections or referenda).

A system that falls within one of these areas is not automatically high-risk. The Article 6(3) filter applies: if the system does not pose a significant risk of harm to health, safety, or fundamental rights, it may be excluded — provided the provider documents the assessment and registers the system (Article 49). One condition out of the four listed in Article 6(3) is sufficient; all four are not required simultaneously. But any system that profiles natural persons is always high-risk, without exception.

For systems that are high-risk, the obligations are substantial: risk management system under Article 9; data and data governance under Article 10; technical documentation under Article 11 and Annex IV; record-keeping under Article 12; transparency to deployers under Article 13; human oversight under Article 14; accuracy, robustness, and cybersecurity under Article 15; quality management system under Article 17; declaration of conformity under Article 47; CE marking under Article 48; registration in the EU database under Article 49; post-market monitoring under Article 72; and reporting of serious incidents under Article 73.

The conformity assessment route varies by Annex III area: biometric systems (point 1) generally require a notified-body route under Annex VII when harmonised standards have not been applied; most other Annex III categories use internal self-assessment under Annex VI (Article 43).

2 December 2027 is breathing room. It is not a reprieve from preparation. The technical documentation alone — Annex IV requires nine content areas including architecture descriptions, training-data specifications, validation and testing documentation, and performance metrics — takes months to assemble properly. A risk management system under Article 9 must be designed, implemented, and evidenced before the conformity assessment. None of that work compresses into the final quarter before a deadline.

---

2 August 2028 — High-Risk AI Embedded in Annex I Products

The second wing of the Digital Omnibus deferral. High-risk AI systems that function as safety components of products subject to EU product harmonisation legislation listed in Annex I of the AI Act — medical devices (MDR/IVDR), machinery, radio equipment, toys, and similar regulated products — apply from 2 August 2028.

For these systems the conformity assessment integrates with the underlying product safety regime. A diagnostic AI in a medical device, for example, follows the MDR / IVDR conformity process; the AI Act requirements are layered in. The deadline is 2028 precisely because the integration with existing sectoral regulation takes additional time to align.

---

How These Dates Interact: A Practical Example

Take a 35-person HR-tech company that sells a candidate-screening tool to employers across Germany and the Netherlands.

The screening tool scores candidates based on CV content, structured interview transcripts, and skills assessments. No emotion inference. No biometric data.

• 2 February 2025: The company must confirm its tool does not infer emotions in the hiring context (which would be prohibited). It does not — so no Article 5 issue. AI literacy measures for staff using the tool are required from this date.
• 2 August 2025: The company is not a GPAI provider. Chapter V does not apply to it directly; but if it builds on a GPAI model provider, it is a downstream deployer of that model and can use the documentation the model provider is required to supply under Article 53.
• 2 August 2026: Article 50 does not create obligations for this company's B2B tool unless it interacts with natural persons in a way that triggers the disclosure duties. Worth a review.
• 2 December 2027: The screening tool falls squarely in Annex III point 4(a) — AI used for recruitment and selection. It is high-risk. The company — which places the tool on the market under its own name — is the provider under Article 16. The full high-risk stack applies from this date.

That company has until December 2027. Realistically, the technical documentation, risk management system, and conformity assessment should be in progress by early 2026 at the latest. Some of that work is valuable independently of regulatory timing.

---

How Confir Helps

Confir's rule-based classification engine asks you about each AI system in your register, derives the risk tier (unacceptable / high / limited / minimal) using Annex III logic, and determines your role (provider under Article 16, deployer under Article 26, or one of the intermediary roles). From that intake, it applies the relevant application date to each system automatically — so a company with a mix of a customer-facing chatbot, an internal credit-scoring model, and a third-party HR tool sees three different deadline indicators, not one.

No AI inference is involved in that derivation. The same intake always produces the same finding. The logic is human-readable and audit-defensible — which matters when your compliance documentation has to hold up to a national competent authority.

Pricing starts at €600/year. Self-serve checkout; no implementation engagement required.

---

Frequently Asked Questions

Is the high-risk deadline still 2 August 2026?

No. Under the Digital Omnibus, agreed in May 2026, the high-risk deadline has been deferred to 2 December 2027 for stand-alone Annex III systems and 2 August 2028 for AI embedded in Annex I regulated products. August 2026 is now the date for general application of the Act — including Article 50 limited-risk transparency — but not for high-risk Annex III obligations. Any compliance summary still citing August 2026 as the high-risk deadline is out of date.

What is the difference between the Annex III and Annex I high-risk routes?

Annex III lists eight areas of use (biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice). These are classified high-risk based on what the AI system does. Annex I lists regulated product categories — medical devices, machinery, radio equipment, and others — where an AI system may be a safety component. Systems in the Annex I route follow an integrated conformity assessment with the product-law regime and have a later deadline (2 August 2028). A diagnostic AI in a CE-marked medical device is on the Annex I route, not the Annex III self-assessment route.

What does "general application" on 2 August 2026 actually cover?

It covers all provisions not already in force and not explicitly deferred. The most concrete obligation landing on that date is Article 50 limited-risk transparency — chatbot disclosure, synthetic-content marking, emotion-recognition disclosure, and AI-generated text labelling. Governance structures, the EU database, market-surveillance authority mandates, and procedural provisions also apply fully from this date.

Do GPAI model obligations follow the same timeline as high-risk obligations?

No. GPAI model obligations under Chapter V applied from 2 August 2025 — they were not deferred. A company that provides a GPAI model (a foundation model, a large language model, or similar) was required to comply with Articles 51–56 from that date, or by 2 August 2027 for models already on the market before that date. The Digital Omnibus deferral affects only the high-risk Annex III and Annex I timetable; it leaves Chapter V untouched.

When do Article 99 penalties start applying?

Article 99 penalties have been in effect since 2 August 2025. The argument that "fines don't apply until 2026" is incorrect. The penalty structure — €35M/7% for Article 5 violations; €15M/3% for most other obligations; €7,500,000/1% for supplying incorrect information to authorities — can be imposed now. For companies below the fixed-amount threshold, Article 99(6) caps the fine at the lower of the percentage or fixed amount.

Which high-risk obligations apply to deployers rather than providers?

Deployers under Article 26 must: use the system as directed by the provider; assign human oversight to staff with sufficient authority and competence; monitor system performance and report malfunctions to the provider; retain logs for at least six months; notify worker representatives before deploying AI in the workplace; and — for deployers of creditworthiness or life/health insurance systems, or public-body deployers — run a Fundamental Rights Impact Assessment under Article 27. Providers bear the heavier obligations (Articles 9–17, conformity assessment, registration), but deployer duties are real and enforceable.

If my system was already deployed before the high-risk deadline, do I still need to comply?

Yes. Prior deployment does not exempt a system from the high-risk obligations when the application date arrives. A system used since 2023 that falls in Annex III still needs a complete risk management system, technical documentation, human oversight framework, conformity assessment, and registration by 2 December 2027. Plan accordingly — the documentation will not assemble itself in the weeks before the deadline.

Related guides

• EU AI Act overview
• High-risk AI deadlines and obligations
• Digital Omnibus: the 2027 deferral explained
• Company compliance obligations guide
• Article 3 definitions
• AI risk management tools comparison