Compliance Timeline
The EU AI Act applies in phases. Different obligations become enforceable on different dates, giving organisations time to prepare.
Prohibited AI Practices Apply
Chapter II (Article 5) prohibition on unacceptable-risk AI systems takes effect. Systems using subliminal manipulation, social scoring, real-time biometric surveillance, predictive crime profiling, and facial recognition scraping must cease immediately.
GPAI Model Rules Apply
Chapter V obligations for General-Purpose AI model providers (Articles 51–56) come into force. All GPAI providers must have technical documentation, copyright policies, and training data summaries in place. Providers of systemic-risk models also need adversarial testing and incident reporting.
Core Obligations Apply (High-Risk + Transparency)
Main body of the AI Act applies. High-risk AI system obligations (Chapters III–IV) take effect. Providers must have quality management systems, technical documentation, conformity assessments, and EU database registrations. Transparency obligations for chatbots and synthetic content (Article 50) also apply.
Annex I Product AI Rules Apply
High-risk AI systems embedded in products covered by Union harmonisation legislation (Annex I) — such as machinery, medical devices, and vehicles — must comply. These have a 3-year transition period from entry into force.