Current law still points to 2 August 2026 for most obligations. The 7 May political agreement is not final law yet.

Guide

EU AI Act timeline for 2026 and beyond

The majority of questions we see are date questions. This page gives the clean version: current law first, proposed changes second.

Last reviewed May 7, 2026
Current law firstPractical, evidence-led guidanceClear next steps

EU AI Act Timeline 2026: Current Law, May Political Agreement, and Next Steps

The EU AI Act applies in phases. As of May 2026, prohibitions on harmful AI practices, AI literacy requirements, and obligations for providers of general-purpose AI (GPAI) models have been in force since 2025. The next major deadline is 2 August 2026, when transparency obligations under Article 50, rules for most high-risk AI systems listed in Annex III, innovation support measures such as regulatory sandboxes, and national/EU enforcement begin. The final phase for high-risk AI embedded in regulated products (e.g., medical devices, machinery) is 2 August 2027.[1]

These dates come directly from the adopted Regulation (EU) 2024/1689 and the official implementation timeline. Proposed amendments under the Digital Omnibus could adjust timelines for certain high-risk rules and introduce simplifications, but they remain under negotiation and have no legal effect until formally adopted and published.[2]782651)

Current Law Status (May 2026)

  • In force today: Prohibited practices, AI literacy (Article 4), GPAI model obligations (since 2 August 2025), and governance structures.
  • 2 August 2026: Transparency (Article 50), high-risk Annex III systems, sandboxes, and enforcement.
  • 2 August 2027: High-risk AI in products governed by sectoral legislation.
  • Proposal note: The Digital Omnibus negotiations (Council position March 2026, Parliament position March 2026, trilogues underway) discuss linking some high-risk application dates to the availability of standards and extending certain flexibilities. These changes are not current law. Monitor official EU sources and our update page EU AI Act spring 2026 update: current law versus proposal. See the full comparison at EU AI Act current law versus proposed changes.

Timeline at a glance

The EU AI Act uses fixed application dates rather than a single “go-live.” Each date triggers specific obligations for particular roles and AI categories. The table below summarises current law.

DateWhat changesWho is most affectedWhat to do before then
2 February 2025General provisions, definitions, AI literacy (Article 4), and prohibited practices (Article 5) apply.All organisations developing, deploying or using AI systems.(Already in force) Maintain AI literacy measures for staff, map uses against the prohibition list, and stop any banned practices. Link to Article 4 AI literacy: what you actually need to do.
2 August 2025GPAI model obligations for providers, EU and national governance structures, national competent authorities and penalty rules.GPAI model providers (including those with systemic risk), Member State authorities.(Already in force) Providers should have technical documentation, copyright policy summaries, and risk policies in place; organisations should know which models they use.
2 August 2026High-risk rules for Annex III systems, transparency obligations (Article 50), innovation measures (sandboxes, real-world testing), start of enforcement.Providers and deployers of high-risk or transparency-triggering AI (chatbots, content generators, biometric systems, employment tools, etc.), publishers and agencies.Complete system inventory and classification, prepare Article 50 transparency statements or labels, implement basic risk and quality processes, train teams. See Article 50 transparency obligations explained.
2 August 2027Obligations for high-risk AI systems that are safety components of products already covered by EU sectoral legislation (e.g. medical devices, toys, machinery).Manufacturers, importers and distributors of regulated products containing AI.Conduct conformity assessment aligned with both AI Act and sectoral rules; prepare technical files and declarations of conformity.

This table reflects the law as published in the Official Journal and summarised on the AI Act Service Desk.[3]

Current law versus proposal noise

Current law is unambiguous on the 2026 and 2027 dates. The original Regulation sets a staggered rollout so authorities, standardisation bodies and companies have time to prepare. GPAI rules and prohibitions have been live for months; enforcement infrastructure is being built.

The Digital Omnibus proposal (November 2025) and subsequent Council and Parliament positions (March 2026) respond to stakeholder feedback on implementation challenges, particularly the readiness of harmonised standards and guidance for high-risk systems. Parliament has suggested fixed later dates for some high-risk obligations (e.g. December 2027 for certain Annex III uses and August 2028 for sectoral products) plus a new prohibition on certain “nudifier” systems and extensions of SME-style simplifications to small mid-caps.[2]782651)

These are negotiation status only. Until any amending regulation is adopted, published in the Official Journal, and enters into force, the original dates remain binding. Waiting for an uncertain outcome risks non-compliance on transparency or high-risk mapping that must begin well before August 2026.

How to monitor institutional status

Operational takeaway: Prepare under current law. Any final amendments are likely to provide additional lead time or simplification rather than remove core obligations such as transparency or risk management.

How to plan by quarter

With the 2 August 2026 deadline approximately four months away (as of April 2026), focus on no-regret actions that are useful regardless of Omnibus outcomes.

Q2 2026 (April–June)

  • Build or update a complete inventory of every AI system, tool, chatbot, content generator, biometric component, or GPAI model used or deployed in your organisation.
  • Classify each item: Is it high-risk under Annex III? Does Article 50 transparency apply (e.g. chatbots that interact with users or systems generating synthetic content)?
  • Assess current AI literacy efforts and roll out targeted training for relevant teams.
  • For GPAI models already subject to obligations, verify documentation and policy alignment.
  • Begin drafting transparency statements or disclosure language for customer-facing uses.
  • Identify any prohibited-practice risks and eliminate them.

Q3 2026 (July–September)

  • Finalise and test transparency mechanisms (labels, watermarks where technically feasible, clear user notices).
  • For any high-risk Annex III systems, start building required technical documentation, risk management records, quality management processes, and human oversight procedures.
  • Engage with (or establish) an AI regulatory sandbox if your use case benefits from supervised testing.
  • Prepare internal policies for deployers: how to monitor high-risk system performance, retain logs, report serious incidents, and conduct fundamental rights impact assessments where required.
  • Run internal dry-runs of enforcement-style audits so evidence is ready if authorities request it.

These steps remain valuable even if negotiations extend some high-risk conformity deadlines. Transparency obligations and enforcement are not expected to shift. A chatbot deployer, for example, needs Article 50 preparation now to avoid last-minute rework in July. A GPAI provider already has live obligations and should treat 2026 as an expansion of transparency and enforcement risk rather than a starting point.

The dates by role

Different roles face different triggers. The planning matrix below highlights immediate, medium-term and watchlist items under current law.

RoleImmediate work (now–Q2 2026)Medium-term work (Q3 2026–2027)Watchlist
DeployerInventory tools in use; check for Article 50 triggers (chatbots, emotion recognition); ensure staff understand AI literacy and human oversight duties.Implement monitoring, logging and incident reporting for high-risk systems; prepare fundamental rights impact assessments where relevant.Outcome of Omnibus on high-risk flexibilities; national authority guidance.
ProviderClassify outputs as high-risk or transparency-relevant; begin technical documentation and risk management where obligations are imminent.Complete conformity assessments, CE marking (if applicable), registration in EU database; maintain post-market monitoring.Standards availability and any timeline adjustments.
GPAI providerMaintain technical documentation, copyright summaries and systemic-risk measures (obligations already live).Align with any final Code of Practice; prepare for transparency when models are integrated into Article 50 systems.Designation as systemic risk and evolving agentic AI guidance.
Publisher/agencyReview all generated or manipulated content for Article 50 disclosure needs; update client contracts.Implement reliable detection and labelling processes for AI-generated text, image, audio or video.Development of the Code of Practice on marking and labelling.
HR teamMap recruitment, promotion or workplace monitoring tools against high-risk criteria (Annex III points on employment); assess data quality and bias risks.Establish oversight protocols and documentation retention for any high-risk HR AI; train recruiters on transparency duties.National authority interpretations of employment-related high-risk uses.

Examples:

  • A chatbot deployer must inform users they are interacting with an AI system (Article 50). Preparation in Q2 2026 avoids rushed changes in July.
  • A GPAI provider already faces obligations since August 2025; 2026 adds enforcement risk and transparency when their models power user-facing tools.
  • A team waiting for Omnibus changes risks missing the fixed 2 August 2026 transparency and Annex III deadlines that are unlikely to be fully postponed.

FAQ

What already applies right now? Prohibitions on unacceptable-risk AI, AI literacy duties for users and providers, and the full set of obligations for GPAI model providers (documentation, transparency toward downstream providers, copyright policy summaries, and systemic-risk measures where designated). Governance structures and national authorities are also active.

Does the proposal change the current deadline today? No. The Digital Omnibus amendments are still in trilogue negotiations following positions adopted in March 2026. Until any amending act is published, the original dates in the 2024 Regulation remain law.

What arrives in 2027? The remaining high-risk obligations for AI systems that form a safety component of products regulated under existing EU sectoral legislation (medical devices, machinery, toys, etc.). These require alignment between AI Act requirements and the relevant product-safety rules.

How should SMEs prioritize preparation? Focus first on the inventory and classification exercise, then on transparency (Article 50) because it affects many everyday tools. Use the simplified technical documentation options available to SMEs, participate in sandboxes, and leverage free guidance from the AI Office. Avoid waiting for final Omnibus text — core mapping and literacy work delivers value immediately.

Common mistakes

  • Treating every press article about “delays” as binding law and pausing all preparation. GPAI rules and prohibitions are already enforceable; transparency and enforcement start in August 2026 under current law.
  • Blurring roles — a deployer using a high-risk system has different duties (e.g. following instructions, human oversight, data quality) from the provider who must perform conformity assessment.
  • Assuming “certification” will be issued by someone else. The AI Act relies primarily on internal conformity assessment, technical documentation and evidence you generate and maintain.
  • Ignoring Article 50 for chatbots, generative tools or content publishers until the last minute. User-facing transparency must be operational by 2 August 2026.
  • Failing to distinguish GPAI models from AI systems. A foundation model is typically a GPAI model; once integrated with an interface or task-specific components it usually becomes an AI system subject to additional rules.
  • Not documenting decisions. Enforcement will look for evidence of classification, risk assessments and mitigation — start building that evidence now.

Action checklist

  1. Complete an organisation-wide AI system inventory by end of May 2026.
  2. Classify each system against Annex III (high-risk) and Article 50 triggers.
  3. Verify no prohibited practices are in use.
  4. Roll out role-appropriate AI literacy training (see Article 4 AI literacy: what you actually need to do).
  5. Draft and test Article 50 transparency statements or labels for all relevant deployments.
  6. For any high-risk systems, begin risk management, data governance and technical documentation files.
  7. Review contracts with GPAI providers and downstream users for information-flow obligations.
  8. Identify a single point of contact for national competent authorities and register systems where required.
  9. Schedule an internal dry-run audit before 2 August 2026.
  10. Subscribe to official updates and revisit this page or the April 2026 status update for any legislative changes.

Ready to prepare for Article 50 transparency obligations ahead of the August 2026 deadline? Use the Article 50 Disclosure Generator to create compliant user notices and labels for your chatbots, content tools and generative systems. It produces ready-to-implement outputs that align with current law while remaining flexible for any future simplifications. Start now at our tools section.

Next step

Turn this reading into an actionable report

Use the free scanner to map your likely role, detect likely obligations, and see which evidence is missing.