★ 2 February 2025

Six months after entry into force

• Prohibitions on unacceptable risk AI.

★ 2 August 2025

12 months after entry into force

• Obligations go into effect for providers of general purpose AI models.

• Appointment of member state competent authorities.

• Annual Commission review of, and possible legislative amendments to, the list of prohibited AI..

★ 2 February 2026

18 months after entry into force

• Commission implements act on post-market monitoring.

★ 2 August 2026

24 months after entry into force

• Obligations go into effect for high-risk AI systems specifically listed in Annex III, including systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

• Member states to have implemented rules on penalties, including administrative fines.

• Member state authorities to have established at least one operational AI regulatory sandbox.

• Commission review, and possible amendment of, the list of high-risk AI systems.

★ 2 August 2027

36 months after entry into force

• Obligations go into effect for high-risk AI systems that are not prescribed in Annex III but are intended to be used as a safety component of a product.

• Obligations go into effect for high-risk AI systems in which the AI itself is a product and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.

★ By The End of 2030

• Obligations go into effect for certain AI systems that are components of the large-scale information technology systems established by EU law in the areas of freedom, security and justice, such as the Schengen Information System.

View as Infographic

Further rulemaking

• The Commission can issue delegated acts on:

• Definition of AI system.
• Criteria and use cases for high-risk AI.
• Thresholds for general purpose AI models with systemic risk.
• Technical documentation requirements for general purpose AI.
• Conformity assessments.
• EU declaration of conformity.

• The Commission's power to issue delegated acts lasts for an initial period ending 2 Aug. 2029 and is extendable for another five years.

• The AI Office is to draw up codes of practice covering, but not necessarily limited to, obligations for providers of general purpose AI models. Codes of practice should be ready by 2 May 2025 and should provide at least a three-month period before taking effect.

Guidance

• The Commission can issue guidance on:

• High-risk AI incident reporting by 2. Aug 2025.
• Practical implementation of high-risk AI requirements, with a list of practical examples of high-risk and not high-risk use cases by 2 Feb. 2026.
• Prohibited AI practices "when deemed necessary."
• Application of the definition of an AI system "when deemed necessary."
• Requirements for high-risk AI systems "when deemed necessary."
• Practical implementation of transparency obligations "when deemed necessary."
• Relationship of the AI Act and its enforcement with other EU law "when deemed necessary."

• The Commission is to issue its report on its delegated powers no later than nine months before five years after entry into force.