Full Enforcement Timeline
| Date | What Applies | Articles / Chapters | Status |
|---|---|---|---|
| 1 Aug 2024 | Act enters into force. Definitions and general principles apply. | All — entry into force | In Force |
| 2 Feb 2025 | Prohibited AI practices banned. Chapter II fully enforceable. | Chapter II — Article 5 | Enforceable |
| 2 Aug 2025 | General Purpose AI (GPAI) model obligations apply. Governance framework and national authority rules take effect. Penalties become applicable. | Chapter V (Arts. 51–56), Chapter VII, Chapter XII | Enforceable |
| 2 Aug 2026 | High-risk AI system obligations apply for Annex III use cases. Most of the Act's substantive provisions become enforceable. | Chapters III–VI, VIII–XI (most provisions) | Upcoming |
| 2 Aug 2027 | High-risk AI systems embedded in Annex I regulated products (machinery, medical devices, vehicles, etc.) subject to full obligations. | Annex I product categories | Upcoming |
What Each Milestone Means
1 August 2024 — Entry into Force
Regulation (EU) 2024/1689 was published in the Official Journal of the EU on 12 July 2024 and entered into force on 1 August 2024. The Act is law from this date, but most substantive obligations did not yet apply. This date triggered the clock on all subsequent deadlines.
What companies should have done by this date: Begin internal assessment of which AI systems they develop or deploy, and whether any fall into high-risk or prohibited categories.
2 February 2025 — Prohibited Practices Ban
Chapter II (Article 5) became enforceable. The practices listed in Article 5 are now illegal across the EU. Any AI system that deploys a prohibited practice violates the Act from this date, regardless of when it was developed.
What companies should have done by this date: Audit all AI systems in use and ensure none deploy prohibited practices. Withdraw or modify any non-compliant systems. See the full list of prohibited practices →
2 August 2025 — GPAI and Governance Rules
Three major rule sets took effect simultaneously:
- GPAI obligations (Chapter V): Providers of general purpose AI models — including foundation models like GPT-4, Claude, and Gemini — must comply with transparency, documentation, and (for systemic risk models) testing and incident reporting requirements.
- Governance framework (Chapter VII): National competent authorities and market surveillance authorities must be designated in each member state.
- Penalties (Chapter XII): The fine structure becomes enforceable, including up to €35M or 7% of global turnover for prohibited practice violations.
See GPAI model obligations → | See penalty structure →
2 August 2026 — High-Risk AI Obligations
The core of the Act — obligations for high-risk AI systems in Annex III categories — become enforceable. This covers AI used in biometric identification, critical infrastructure, education, employment, essential services (credit, insurance), law enforcement, migration and asylum, and administration of justice.
What companies must have in place by this date:
- Risk management system (Article 9)
- Data governance documentation (Article 10)
- Technical documentation (Article 11)
- Logging and record-keeping (Article 12)
- Transparency to deployers (Article 13)
- Human oversight mechanisms (Article 14)
- Conformity assessment completed (Articles 43–44)
- Registration in EU database (Article 49)
Full high-risk obligations guide →
2 August 2027 — Annex I Products
High-risk AI systems embedded in or forming part of regulated products under Annex I — machinery, medical devices, in vitro diagnostics, lifts, radio equipment, civil aviation equipment, motor vehicles, agricultural tractors, and others — must comply with all AI Act obligations by this date.
These sectors already face existing EU product safety regulations (MDR, Machinery Directive, etc.). The additional 12-month window gives manufacturers more time to align AI compliance with existing conformity assessment processes.
Timeline Reference Table (Detailed)
| Date | Provision | Who It Affects |
|---|---|---|
| 1 Aug 2024 | Act enters into force. Definitions (Art. 3) and scope (Art. 2) apply. | All actors in scope |
| 2 Feb 2025 | Prohibited AI practices (Art. 5) — 8 categories banned | All AI providers and deployers in EU |
| 2 Aug 2025 | GPAI model obligations (Arts. 51–56) | Providers of general purpose AI models |
| 2 Aug 2025 | National governance rules (Chapter VII) | EU member states, national authorities |
| 2 Aug 2025 | Penalties enforceable (Chapter XII — Art. 99) | All actors subject to the Act |
| 2 Aug 2026 | High-risk AI obligations for Annex III systems (Arts. 6–51) | Providers and deployers of Annex III high-risk AI |
| 2 Aug 2026 | Obligations on deployers (Art. 26), post-market monitoring | Deployers of high-risk AI systems |
| 2 Aug 2027 | High-risk AI obligations for Annex I product-embedded systems | Manufacturers of regulated products with AI safety components |