EU AI Act spring 2026 update

As of May 2026, current law under the EU AI Act still follows the phased dates in Article 113. Prohibitions on harmful AI practices and AI literacy rules have applied since 2 February 2025. General-purpose AI (GPAI) model obligations took effect on 2 August 2025. The majority of rules for high-risk AI systems listed in Annex III, transparency obligations under Article 50, and the start of enforcement are scheduled for 2 August 2026, with remaining rules for high-risk AI embedded in regulated products (such as medical devices) applying from 2 August 2027.[1]

The Commission’s Digital Omnibus proposal (November 2025) and the subsequent Council (13 March 2026) and Parliament (26 March 2026) positions suggest possible delays to high-risk rules, extensions of SME supports to small mid-cap enterprises, a new prohibition on non-consensual “nudifier” apps, and simplifications to reduce overlap with sectoral legislation. These remain in the legislative process—trilogue negotiations are underway and have not produced a final amending regulation. Until one is adopted and published, the original Article 113 dates constitute current law.[2]

This April 2026 update serves as the time-stamped companion to the standing comparison page. It focuses on what teams must act on today versus what is still proposal or negotiation status.

March 2026 saw accelerated movement on the Digital Omnibus proposal aimed at simplifying certain AI Act rules. On 13 March the Council adopted its negotiating mandate, signalling broad support for streamlining while proposing fixed application dates rather than purely conditional triggers tied to standards.[2]

The European Parliament’s IMCO and LIBE committees finalised a joint report, followed by plenary adoption on 26 March. MEPs proposed concrete new dates—2 December 2027 for high-risk AI systems listed in the main Annex III (biometrics, critical infrastructure, education, employment, law enforcement, etc.) and 2 August 2028 for those governed by existing EU sectoral product safety rules. They also backed a new prohibition on AI systems designed to generate or manipulate sexually explicit intimate images resembling identifiable individuals without consent (with carve-outs for systems with strong safety guardrails), extended certain SME flexibilities to small mid-cap companies, allowed limited personal data processing for bias detection under safeguards, and sought to reduce duplicative obligations where sectoral legislation already applies.[3]

As of 8 May 2026, the Commission has announced a political agreement between Parliament and Council. That is a major step, but the final amending text still needs formal adoption and publication before it changes the current-law timeline. These developments are therefore labelled clearly as negotiation status—not current law. Official EU timelines on the AI Act Service Desk continue to list the original Article 113 dates while noting the ongoing simplification discussions in the FAQ section.[4]

For the standing side-by-side view, see EU AI Act current law versus proposed changes.

The core obligations and dates from Regulation (EU) 2024/1689 have not changed. Providers, deployers, importers, distributors, and authorised representatives must continue to observe the phased rollout without assuming future amendments will automatically postpone deadlines.

Key current-law milestones that remain binding:

• Since 2 February 2025: Prohibited AI practices (Article 5), AI literacy obligations (Article 4), and most general provisions.
• Since 2 August 2025: Rules for providers of general-purpose AI models (including those with systemic risk), EU governance structures, and Member State designation of competent authorities.
• From 2 August 2026: Obligations for most high-risk AI systems listed in Annex III (classification, risk management, data governance, technical documentation, transparency to deployers, human oversight, accuracy/robustness/cybersecurity, conformity assessment, CE marking, registration). Transparency rules for certain AI systems (Article 50) also apply. Enforcement begins at national and EU level. Measures supporting innovation, including regulatory sandboxes, become available.
• From 2 August 2027: Rules for high-risk AI systems that are components of regulated products under existing EU sectoral legislation (e.g., medical devices, machinery, toys).

These dates anchor operational planning. For instance, providers of Annex III high-risk systems must have a quality management system, maintain technical documentation, conduct conformity assessments (or use notified bodies where required), and register in the EU database before placing systems on the market after August 2026. Deployers have distinct duties focused on proper use, human oversight, and reporting serious incidents. GPAI providers must already comply with transparency, technical documentation, and (where applicable) systemic risk evaluation and mitigation.[5]

See the detailed official timeline at the AI Act Service Desk and our operational guide EU AI Act timeline for 2026 and beyond.

Focus on low-regret actions that satisfy current obligations and build reusable evidence regardless of how trilogues conclude.

• Map and classify every AI system or GPAI model in use or under development against the legal definitions and Annex III criteria that already apply.
• Verify that no prohibited practices are present or reasonably likely (this has been law since early 2025).
• For any GPAI models you provide, ensure technical documentation, copyright policy summaries (where relevant), and systemic risk measures (if designated) are in place.
• Begin preparing Article 50 transparency artefacts (clear disclosure that content is AI-generated) for deployment by August 2026.
• Run an internal AI literacy programme for staff involved in development, deployment, or oversight.
• Generate and store evidence artefacts (risk assessments, data governance records, human oversight procedures) in a structured way that can support future FRIA, conformity assessment, or authority requests.
• Use EU AI Act Evidence Scanner to produce a point-in-time readiness snapshot based on obligations in force today.

Monitor negotiation outcomes without letting headlines drive your roadmap. Base resource allocation on the binding August 2026 and 2027 dates.

• Team pausing all work incorrectly: Some organisations see Parliament or Council headlines about “delayed application” or “simplification” and halt AI projects, training, or procurement. This exposes them to risk because prohibitions, AI literacy, and GPAI rules are already enforceable, and the 2026 wave for Annex III systems has not been legally postponed.
• Team overreacting to a proposal headline: Others treat the Parliament’s proposed 2027/2028 dates as certain and immediately slow-walk documentation or risk management. Proposals and even agreed negotiation positions can shift during trilogues or fail to become law on the expected timeline. Over-reliance on possible future state leaves teams unprepared for current deadlines and enforcement that begins in August 2026.

• [ ] Complete AI system inventory and role mapping (provider vs deployer vs importer/distributor).
• [ ] Confirm zero tolerance for prohibited practices with supporting evidence.
• [ ] Validate GPAI model compliance (documentation, transparency, systemic risk where applicable).
• [ ] Draft Article 50 disclosure templates and integration points for user-facing systems.
• [ ] Schedule and document AI literacy activities for relevant teams.
• [ ] Pilot the Evidence Scanner on two high-priority use cases and retain the output report.
• [ ] Subscribe to neutral operational updates so you receive the next trilogue summary when it lands.
• [ ] Set a calendar reminder to re-run your readiness scan in 30 days or after any major negotiation announcement.

Stay ahead of the EU AI Act

Subscribe for monthly updates that separate current obligations from negotiation status. Scan your current materials today with the free Evidence Scanner at EU AI Act Evidence Scanner. It generates a concrete readiness report anchored in what applies now—not what might change later. For the full timeless comparison, visit EU AI Act current law versus proposed changes.

Sources (official primary references): AI Act Service Desk timeline and FAQ, eur-lex.europa.eu regulation text, European Commission Digital Omnibus proposal page, Council press release of 13 March 2026, European Parliament press material and texts adopted 26 March 2026. All legal claims are drawn directly from these materials. This page does not constitute legal advice.