Current law still points to 2 August 2026 for most obligations. The 7 May political agreement is not final law yet.

Guides

EU AI Act guides

Start with the evergreen explainers: timeline, scope, roles, Article 4 AI literacy, Article 50 transparency, GPAI obligations, high-risk categories, inventory templates, and evidence workflows.

Last reviewed May 7, 2026
Current law firstPractical, evidence-led guidanceClear next steps

EU AI Act guides map

guide

Article 50 transparency obligations explained

Who must disclose AI interaction, mark AI-generated content, notify people about emotion recognition or biometric categorisation, and label deepfakes and public-interest…

EU AI Act Guides: The library for turning confusion into action

This hub routes you to the right operational EU AI Act guide based on your exact problem. Whether you need to know what applies when, determine if you are a provider or deployer, implement Article 4 AI literacy, meet Article 50 transparency obligations, handle general-purpose AI (GPAI) models, classify high-risk systems and run a Fundamental Rights Impact Assessment (FRIA), or manage vendor due diligence, start with the selector table below.

Current obligations are already in force for prohibitions, AI literacy, and GPAI models. Most remaining rules, including transparency under Article 50, begin 2 August 2026. All dates below reflect the law as it stands; proposed changes under the Digital Omnibus are labeled separately.

Current law status (May 2026)

  • 2 February 2025: AI literacy (Article 4) and prohibited practices apply.
  • 2 August 2025: GPAI model obligations and EU governance structures apply.
  • 2 August 2026: Transparency obligations (Article 50), high-risk AI systems listed in Annex III, most provider and deployer rules, and enforcement begin.
  • 2 August 2027: Rules for high-risk AI embedded in regulated products apply.

The European Commission has proposed linking some high-risk application dates to the availability of harmonised standards and support tools, with a maximum 16-month adjustment. These remain proposals and are not yet law. Always check the official AI Act Service Desk timeline for the latest confirmed dates.

Start here by problem

Choose your most pressing operational question. Each path links to a practical guide built for real workflows, not just legal text.

  • What applies when? Start with the phased timeline. Prohibitions and literacy are already live. GPAI rules are active. Transparency and high-risk Annex III obligations start in August 2026.

EU AI Act timeline for 2026 and beyond

  • Are we a provider or deployer? This distinction determines almost every obligation. Providers carry the heaviest duties; deployers have lighter but still important responsibilities. Do not blur roles with importers, distributors, or product manufacturers.

Provider versus deployer under the EU AI Act

  • Do we need Article 4 literacy actions? All providers and deployers must ensure a sufficient level of AI literacy among staff and others operating AI on their behalf, taking into account technical knowledge, context, and affected persons. There is no mandatory AI officer or formal certification.

Article 4 AI literacy: what you actually need to do

  • Do we need Article 50 disclosures? Transparency rules for interactive systems, AI-generated content, deepfakes, and certain text publications begin August 2026. A Code of Practice is being developed to help with marking and labelling.

Article 50 transparency obligations explained

  • Are we dealing with GPAI models? GPAI obligations (technical documentation, information to downstream providers, copyright policy, training summary) apply from August 2025. Models with systemic risk have extra evaluation and mitigation duties. Open-source models may qualify for exemptions under defined conditions.

→ Guide on GPAI models (linked from overview page)

  • Is this high-risk and do we need a FRIA? Classification uses Annex III plus the “significant risk” test. High-risk systems trigger risk management, data governance, technical documentation, human oversight, and — for certain public authority or private deployers — a Fundamental Rights Impact Assessment.

→ High-risk classification and FRIA guide

  • What should I ask vendors? Due diligence is essential when you are a deployer or integrator. A structured questionnaire helps you obtain necessary information on model capabilities, limitations, residual risks, and compliance artefacts.

AI vendor questionnaire for EU AI Act due diligence

Guide selector

ProblemBest guideBest toolBest sample report
What applies whenEU AI Act Timeline 2026Timeline & obligations checkerPhased compliance roadmap
Are we provider or deployerProvider vs DeployerRole classifierResponsibility matrix
Do we need Article 50 disclosuresArticle 50 Transparency ObligationsArticle 50 Disclosure GeneratorTransparency log template
Do we need literacy actionsArticle 4 AI LiteracyAI Literacy PlannerLiteracy needs assessment report
Is this high-riskHigh-Risk Classification & FRIAEvidence ScannerFRIA summary report
What should I ask vendorsAI Vendor QuestionnaireVendor Due Diligence WorkflowVendor response evaluation report

EU AI Act Timeline 2026 Practical breakdown of current obligations versus future dates. Includes what non-EU companies should monitor and how the Digital Omnibus proposals could affect high-risk timing (clearly labeled as proposal). Best for compliance leads and leadership teams.

Provider vs Deployer Decisional guide with examples of how the same AI product creates different duties depending on your role in the value chain. Essential reading before any procurement or product decision.

Article 4 AI Literacy Operational interpretation of “sufficient level” of AI literacy. Uses the official definition (skills, knowledge and understanding to make informed decisions and understand opportunities and risks). Includes training matrices and repository examples from the AI Office. No certificate is required. Ideal for people, risk, and L&D teams.

Article 50 Transparency Obligations Covers interactive AI, content labelling, deepfake disclosure, and exceptions. References the developing Code of Practice on marking and labelling of AI-generated content. Practical templates for disclosures that are clear, accessible, and machine-readable where required. Best for marketing, product, and communications teams.

GPAI Models – Obligations for Providers Explains technical documentation, downstream information duties, copyright policy, and the sufficiently detailed training content summary. Covers systemic risk classification and additional measures. References official guidelines and the GPAI Code of Practice. Critical for model developers and non-EU providers appointing authorised representatives.

Template and checklist guides

These ready-to-use artefacts turn legal requirements into internal processes.

  • AI Inventory Template – Structured tracker that captures system description, classification, provider/deployer status, risk level, and evidence of compliance artefacts.
  • AI Vendor Questionnaire – Targeted questions that elicit the information deployers need from providers (capabilities, limitations, residual risks, technical documentation summary, copyright compliance, systemic risk status). AI vendor questionnaire for EU AI Act due diligence
  • FRIA Template – Step-by-step Fundamental Rights Impact Assessment for high-risk use cases, aligned with Article 27 requirements. Includes example mitigations and documentation fields for authorities.

All templates are designed to produce evidence you can store, share with auditors, or upload to the Evidence Scanner for version control and gap tracking.

Common mistakes

  • Treating the entire AI Act as one deadline instead of a phased rollout — many organisations over-prepare for 2027 rules while missing live Article 4 and GPAI obligations.
  • Blurring provider and deployer roles, which leads to incorrect allocation of risk management, documentation, and transparency duties.
  • Assuming Article 4 AI literacy requires a formal training certificate or dedicated AI officer. The law requires a sufficient level tailored to context; the AI Office explicitly states there is no mandatory certification.
  • Ignoring transparency for chatbots or generative tools because “it is obvious the user is talking to AI.” The law still requires clear disclosure in most cases.
  • Failing to request sufficient information from vendors, then discovering downstream that the model documentation is inadequate for your own high-risk obligations.
  • Downloading a generic compliance checklist without mapping it to your actual role, system classification, and current applicable dates.

Action checklist

  • Identify your primary problem using the selector table above and open the linked guide.
  • Run a quick inventory of your current AI systems using the free Evidence Scanner to understand classification and applicable deadlines.
  • Complete the role mapping exercise (provider/deployer) for every system.
  • For any GPAI models or high-risk systems, request the necessary technical documentation and training summary from providers.
  • Schedule targeted AI literacy sessions for teams interacting with or overseeing AI.
  • Download the vendor questionnaire and FRIA template and adapt them to your internal workflow.
  • Set a recurring quarterly review to track new official guidelines from the AI Office and AI Act Service Desk.

Ready to turn reading into evidence? Primary: Scan your AI systems and generate compliance artefacts with the Evidence Scanner.

Secondary: Compare readiness tools and workflows.

All guides are kept up to date with official EU sources (AI Act Service Desk, European Commission guidelines on EUR-Lex, digital-strategy.ec.europa.eu). They focus on implementation sequencing, examples, and artefact lists so your team can move from confusion to operational readiness.

Next step

Turn this reading into an actionable report

Use the free scanner to map your likely role, detect likely obligations, and see which evidence is missing.

Official and reference sources