Compliance CalendarEU AI Act

EU AI Act deadlines and compliance calendar

Track the staged AI Act application dates that matter for product, model, compliance, legal, security, and procurement owners.

Grounded in Article 113, Article 111, Commission GPAI guidance, and official AI Act source material; use it to assign owners and evidence before each date arrives.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 17, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
10

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 17, 2026
Overview

This page is a practical EU AI Act compliance calendar. It does not add milestones beyond the cited source material; it turns the sourced Article 113 and Article 111 dates into owner, evidence, and readiness planning checkpoints.

Section 1

Article 113 staged application dates to put on the calendar

Article 113 is the anchor for the AI Act calendar. The Regulation applies from 2 August 2026 as the general application date, but Article 113 brings selected chapters into application earlier and delays Article 6(1) product-safety high-risk classification until 2 August 2027.

Use one calendar row per application date. Each row should identify the legal provision, affected systems or models, accountable owner, required evidence, and the internal readiness date that comes before the legal application date.

  • 2 February 2025: Chapters I and II apply; calendar owners should cover AI literacy and prohibited-practice screening.
  • 2 August 2025: Chapter III Section 4, Chapter V, Chapter VII, Chapter XII, and Article 78 apply, except Article 101.
  • 2 August 2026: the Regulation applies as the main application date for obligations not covered by the specific Article 113 exceptions.
  • 2 August 2027: Article 6(1) and corresponding obligations apply for the product-safety high-risk route.
  • Evidence to keep: source citation, affected chapter or article, system/model inventory slice, owner, readiness status, and approval date.
Sources for this answer
Regulation (EU) 2024/1689 - Article 113
Primary legal text for the AI Act staged application dates used in this compliance calendar.
European Commission - AI Act regulatory framework
Commission policy page used to cross-check the risk-based implementation context and high-risk planning sequence.
Section 2

2 February 2025: prohibited practices and AI literacy

The first operating deadline is not a paperwork date. It is the point when Chapter I and Chapter II apply, so the calendar should force two workstreams: an AI literacy owner for staff and other persons operating or using AI systems on the organisation's behalf, and a prohibited-practices owner for product and deployment screening.

The useful evidence is concrete: training audience, AI system context, role-specific literacy material, product-screening notes, and a release gate showing that prohibited-practice review happened before placing on the market, putting into service, or use.

  • AI literacy owner: legal/compliance sets the standard; product, engineering, support, and business owners identify who operates or uses each AI system.
  • Prohibited-practice owner: product and legal screen manipulation, exploitation of vulnerabilities, social scoring, certain biometric uses, and other Article 5 categories against the actual feature behavior.
  • Evidence: role-based literacy plan, attendance or completion records, product review notes, risk acceptance or rejection, and release-ticket links.
  • Reopen trigger: new AI feature, new user group, new deployment context, supplier model change, or expansion into workplace, education, law-enforcement, biometric, or vulnerable-person contexts.
Sources for this answer
AI Act Service Desk - Article 4 AI literacy
Official Service Desk article used for the AI literacy workstream that applies through Chapter I.
AI Act Service Desk - Article 5 prohibited AI practices
Official Service Desk article used for prohibited-practice screening under Chapter II.
Regulation (EU) 2024/1689 - Article 113
Primary legal text confirming that Chapters I and II apply from 2 February 2025.
Section 3

2 August 2025: GPAI, governance, confidentiality, and penalty chapters

The 2 August 2025 row should separate GPAI model-provider obligations from ordinary AI-system deployment work. Article 113 brings Chapter V into application on this date, while Commission GPAI guidance states that GPAI provider obligations enter into application on 2 August 2025.

For organisations building on third-party GPAI models, the calendar should still assign a procurement and product owner. They need model documentation requests, downstream integration records, supplier contact points, and evidence that the product team knows whether the organisation is only deploying a model, integrating it into an AI system, or significantly modifying it.

  • GPAI provider owner: maintain model inventory, documentation status, copyright-policy evidence, public summary status, and systemic-risk notification review where relevant.
  • Downstream/product owner: record which GPAI model versions are integrated, what supplier documentation was received, and what product obligations depend on that model.
  • Compliance owner: track Chapter VII governance contacts, Article 78 confidentiality handling, and Chapter XII penalty exposure except Article 101 at this stage.
  • Procurement owner: add renewal triggers for model-provider documentation, material model changes, new model versions, and supplier non-response.
  • Evidence: model card or equivalent documentation, supplier correspondence, model version register, integration notes, and internal assessment of provider versus downstream-provider role.
Sources for this answer
Regulation (EU) 2024/1689 - Article 113
Primary legal text confirming the 2 August 2025 application of Chapter V and related chapters listed in Article 113.
European Commission - Guidelines for GPAI providers
Commission guidance page used for GPAI provider application and enforcement planning dates.
European Commission - General-Purpose AI Code of Practice
Commission page used to identify the voluntary GPAI Code of Practice as an implementation planning aid for GPAI providers.
Section 4

2 August 2026 and 2 August 2027: main application and high-risk product-safety route

The 2 August 2026 row should be the broad readiness gate for AI Act obligations that are not already in force under Article 113. Product, legal, security, privacy, and operations owners should use it to close inventory gaps and map each system to its role, risk category, deployment context, and evidence owner.

The 2 August 2027 row is narrower but important for product teams. Article 113 applies Article 6(1) and corresponding obligations from that date; Article 6(1) covers AI systems used as safety components of products, or AI systems that are themselves products, where the covered product route requires third-party conformity assessment under Annex I Union harmonisation legislation.

  • Main application owner: compliance maintains the master calendar; each system owner confirms role, risk category, deployment geography, and evidence location before 2 August 2026.
  • High-risk product-safety owner: product regulatory or quality teams identify products and safety components covered by Annex I legislation and whether third-party conformity assessment is required.
  • Engineering owner: prepare technical documentation, logging, robustness, cybersecurity, human oversight, and post-market monitoring evidence where a high-risk path is confirmed.
  • Quality owner: link AI Act evidence to conformity assessment, declaration of conformity, CE marking, and post-market monitoring records where those steps are required for the system.
  • Reopen trigger: substantial system change, new product route, new Annex I covered product, new conformity assessment path, or change in intended purpose.
Sources for this answer
Regulation (EU) 2024/1689 - Article 6 and Article 113
Primary legal text for Article 6(1) high-risk classification and the 2 August 2027 application date.
European Commission - AI Act regulatory framework
Commission policy page used for the practical high-risk provider sequence: conformity assessment, EU database registration, declaration of conformity, CE marking, and post-market monitoring.
Section 5

Article 111 transitional provisions to track separately

Article 111 is not a general grace period for every AI system. It creates specific transitional treatment for large-scale IT systems, pre-2 August 2026 high-risk systems, public-authority high-risk systems, and GPAI models placed on the market before 2 August 2025.

Keep these rows separate from Article 113 because the owner question is different: not just when a chapter applies, but whether an already-placed system or model is grandfathered, changed, public-authority-facing, or subject to a later compliance deadline.

  • Large-scale IT systems in Annex X: systems placed on the market or put into service before 2 August 2027 must be brought into compliance by 31 December 2030.
  • Other high-risk AI systems placed on the market or put into service before 2 August 2026: Article 111 applies the Regulation only if, from that date, they are subject to significant design changes.
  • High-risk AI systems intended for use by public authorities: providers and deployers must take necessary steps to comply by 2 August 2030.
  • GPAI models placed on the market before 2 August 2025: providers must take the necessary steps to comply by 2 August 2027.
  • Evidence: first placing-on-market or putting-into-service date, change-control record, public-authority use flag, GPAI model market date, and owner sign-off on the applicable transition row.
Sources for this answer
Regulation (EU) 2024/1689 - Article 111
Primary legal text for transition rows covering existing high-risk AI systems, Annex X large-scale IT systems, public-authority use, and pre-2 August 2025 GPAI models.
European Commission - Guidelines for GPAI providers
Commission guidance page confirming the GPAI transition date for models placed on the market before 2 August 2025.
Section 6

Owner and evidence planning fields for each calendar row

A useful AI Act calendar is more than a date list. Each row should be tied to a system or model inventory view so product and compliance teams can see which obligations are approaching, which evidence is missing, and who can unblock the work.

Do not validate unsupported future guidance dates in the calendar. If a date is not in the cited source material, leave it out and track the dependency as a watch item rather than a legal milestone.

  • Calendar row fields: date, source article or guidance page, affected chapter or obligation set, systems/models in scope, owner, evidence owner, readiness status, and next review trigger.
  • System/model fields: provider, deployer, importer, distributor, downstream provider, GPAI provider, public-authority use, Annex I product route, Annex III category, and significant-change status.
  • Evidence fields: source URL, source quote, inventory export, role assessment, risk classification, supplier documentation, training record, conformity evidence, registration evidence, and approval record.
  • Owner fields: legal interpretation, product behavior, engineering controls, security evidence, privacy review, procurement supplier file, quality/conformity assessment, operations monitoring, and executive escalation.
  • Watch items: Commission guidance, harmonised standards, supplier model changes, product redesign, new deployment context, and authority requests; do not turn watch items into dated obligations without source support.
Sources for this answer
Regulation (EU) 2024/1689 - AI Act
Primary legal text used for source-linked calendar rows, AI Act roles, staged dates, transition provisions, and high-risk classification.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context, risk categories, high-risk provider workflow, and transition support through the AI Pact and Service Desk.
Recommended next step

Build an evidence-backed EU AI Act calendar

Sorena can help convert the Article 113 and Article 111 rows into system inventory fields, owner assignments, evidence requests, and review triggers.

Research workflow
Open Research Copilot for EU AI Act

Ask source-linked questions about Article 113 dates, GPAI planning, high-risk classification, and evidence gaps using the sources on this page.

Explore next step
Talk to Sorena
Talk through AI Act readiness

Review your AI Act calendar, system inventory, owner map, and source-linked evidence plan with Sorena.

Explore next step
Primary sources

References and citations

AI Act Service Desk - Article 4 AI literacy
ai-act-service-desk.ec.europa.eu
Referenced sections
  • Official Service Desk article used for the AI literacy workstream that applies through Chapter I.
"ensure, to their best extent, a sufficient level of AI literacy"
European Commission - AI Act regulatory framework
digital-strategy.ec.europa.eu
Referenced sections
  • Commission policy page used for implementation context, risk categories, high-risk provider workflow, and transition support through the AI Pact and Service Desk.
"risk-based rules for AI developers and deployers"
Regulation (EU) 2024/1689 - AI Act
eur-lex.europa.eu
Referenced sections
  • Primary legal text used for source-linked calendar rows, AI Act roles, staged dates, transition provisions, and high-risk classification.
"binding in its entirety and directly applicable"
Regulation (EU) 2024/1689 - Article 111
eur-lex.europa.eu
Referenced sections
  • Primary legal text for transition rows covering existing high-risk AI systems, Annex X large-scale IT systems, public-authority use, and pre-2 August 2025 GPAI models.
"AI systems already placed on the market"
Regulation (EU) 2024/1689 - Article 113
eur-lex.europa.eu
Referenced sections
  • Primary legal text confirming the 2 August 2025 application of Chapter V and related chapters listed in Article 113.
"Chapter V, Chapter VII and Chapter XII"
Regulation (EU) 2024/1689 - Artificial Intelligence Act
eur-lex.europa.eu
Referenced sections
  • Primary legal text for Article 113 staged application dates, Article 111 transition provisions, Article 4 AI literacy, Article 5 prohibited practices, and Article 6(1) high-risk classification.
"Entry into force and application"
Related guides

Explore more topics

Are industry AI use cases high-risk under EU AI Act Annex III?
FAQ answer on when an industry AI use case falls under EU AI Act Annex III, how Article 6 classification works, when Article 6(3) can support a non-high-risk conclusion, and what evidence providers should keep.
EU AI Act AI System Classification Edge Cases FAQ
Answers for EU AI Act edge cases: AI system definition, inference versus simple rules, GPAI models, embedded products, territorial scope, roles, and classification evidence.
EU AI Act Applicability and Roles: Scope, Actor Map, and Evidence
Determine whether the EU AI Act applies to an AI system or GPAI model, map provider, deployer, importer, distributor, and product manufacturer roles, and record evidence for classification.
EU AI Act applicability test: scope, role, and risk classification
Stepwise EU AI Act applicability test for AI-system status, exclusions, territorial scope, operator role, prohibited uses, high-risk systems, GPAI models, transparency duties, and evidence records.
EU AI Act Article 5 Prohibited AI Practices Screening Guide
Screen AI systems against the EU AI Act Article 5 prohibitions, including manipulation, exploitation, social scoring, biometric and law-enforcement exceptions.
EU AI Act Article 50 transparency disclosures FAQ
Article 50 FAQ for EU AI Act transparency duties covering chatbot notices, synthetic content marking, biometric and emotion notices, deepfakes, public-interest text, timing, accessibility, and exceptions.
EU AI Act Article 50 transparency, labeling, and user disclosures
Source-grounded guide to EU AI Act Article 50 duties for user interaction notices, synthetic content marking, deepfake labels, emotion recognition notices, biometric categorisation notices, and related high-risk AI instructions for use.
EU AI Act Article 73 serious incident FAQ
FAQ on EU AI Act serious incident handling for high-risk AI systems, including Article 73 reporting, deployer escalation, corrective action, and GPAI systemic-risk distinctions.
EU AI Act Compliance Checklist by Risk Class
A practical EU AI Act checklist for classifying AI systems, assigning operator roles, screening prohibited practices, and collecting evidence for high-risk, GPAI, transparency, monitoring, and incident duties.
EU AI Act Compliance Program: roles, high-risk evidence, GPAI and incidents
Build an EU AI Act compliance program around provider, deployer, importer, distributor, high-risk, GPAI, transparency, monitoring, and incident evidence duties.
EU AI Act conformity assessment and notified bodies for high-risk AI
Grounded guide to EU AI Act high-risk AI conformity assessment routes, provider evidence, EU declaration of conformity, CE marking, and notified body involvement.
EU AI Act FAQ: scope, roles, high-risk AI, GPAI, FRIA, and dates
Grounded EU AI Act FAQ covering scope, provider and deployer roles, prohibited practices, high-risk classification, GPAI duties, transparency notices, FRIAs, EU database registration, serious incidents, and staged application dates.
EU AI Act FRIA FAQ: Article 27 Scope, Contents, and Notification
Source-grounded FAQ on when Article 27 requires a fundamental rights impact assessment, which deployers are covered, what the FRIA must contain, and how it relates to DPIAs and registration.
EU AI Act FRIA for high-risk AI systems: Article 27 scope and evidence
Source-grounded guide to EU AI Act Article 27 fundamental rights impact assessments: who must run a FRIA, Article 6(2) triggers, Annex III carveouts, DPIA overlap, notification, and registration evidence.
EU AI Act GPAI and Systemic-Risk Duties: Article 53 and 55 FAQ
FAQ on EU AI Act duties for general-purpose AI model providers, including Article 53 documentation, copyright and training-summary duties, Article 55 systemic-risk duties, serious incidents, cybersecurity, and staged enforcement.
EU AI Act GPAI evidence pack checklist for Article 53 and 55
Build a source-grounded evidence pack for EU AI Act GPAI model obligations: technical documentation, downstream information, copyright policy, training-content summary, and systemic-risk records where applicable.
EU AI Act GPAI Provider Obligations: Articles 53 and 55
Grounded guide to EU AI Act duties for general-purpose AI model providers: Article 53 documentation, copyright policy, training-content summary, downstream information, and Article 55 systemic-risk controls.
EU AI Act High-Risk AI Requirements: Articles 8-16 and 26
Map the EU AI Act requirements for high-risk AI systems: risk management, data governance, technical documentation, logs, transparency, human oversight, accuracy, robustness, cybersecurity, and deployer duties.
EU AI Act high-risk AI use cases by industry | Article 6 and Annex III guide
Industry-by-industry guide to EU AI Act high-risk classification under Article 6, Annex III, Annex I product safety routes, exclusions, and provider/deployer boundaries.
EU AI Act high-risk conformity assessment route selector
Select the EU AI Act Article 43 conformity assessment route for a high-risk AI system, including Annex I product legislation, Annex III categories, notified body triggers, standards, declaration, CE marking, registration, and evidence.
EU AI Act high-risk requirements checklist: Articles 8-15
Checklist for EU AI Act high-risk AI system requirements in Articles 8-15: risk management, data governance, documentation, logs, transparency, human oversight, accuracy, robustness, and cybersecurity.
EU AI Act penalties and fines: Article 99 tiers and GPAI exposure
EU AI Act penalties explained: Article 99 fine tiers, prohibited-practice exposure, incorrect information, SME caps, Member State rules, and GPAI model fines.
EU AI Act post-market monitoring and serious incident reporting
Grounded guide to EU AI Act Articles 72 and 73 for high-risk AI: monitoring plans, serious incident reporting, deployer escalation, corrective action, and GPAI distinctions.
EU AI Act post-market monitoring FAQ for high-risk AI systems
Answer to how providers and deployers should handle EU AI Act post-market monitoring for high-risk AI systems under Article 72, with serious-incident, log, corrective-action, and lifecycle-change triggers.
EU AI Act provider vs deployer role boundaries: Article 3 and Article 25 FAQ
FAQ on EU AI Act provider, deployer, operator, importer, distributor, authorised representative, product manufacturer, downstream provider, and GPAI model provider boundaries.
EU AI Act risk classification intake workflow
A grounded intake structure for classifying EU AI Act scope, prohibited practices, high-risk routes, Annex III use cases, GPAI model status, roles, and reassessment triggers.
EU AI Act serious incident reporting triage workflow: Article 73 and Article 55
Triage EU AI Act serious incidents by definition, actor, reporting route, deadline, deployer escalation, corrective action, and separate GPAI systemic-risk reporting.
EU AI Act Technical Documentation and Provider Evidence Templates
Build AI Act evidence templates for high-risk AI providers: Article 11 technical documentation, Annex IV fields, quality management, conformity, CE marking, registration, logs, and post-market monitoring.
EU AI Act technical documentation FAQ | Article 11 and Annex IV
What Article 11 and Annex IV require in high-risk AI technical documentation: system identity, intended purpose, architecture, data, testing, oversight, cybersecurity, conformity, and post-market monitoring.
EU AI Act Timeline and Phasing Roadmap: practical obligations and evidence guide
Practical EU AI Act guide to Timeline and Phasing Roadmap: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations.
EU AI Act vs ISO/IEC 42001: legal duties, controls, and evidence limits
Compare the EU AI Act and ISO/IEC 42001 across legal status, risk classification, high-risk AI, GPAI, transparency, conformity, evidence, and assurance limits.
EU AI Act vs NIST AI RMF: legal duties, risk controls, and evidence boundaries
Compare the binding EU AI Act with the voluntary NIST AI RMF, including role classification, high-risk duties, GPAI, transparency, conformity evidence, and reuse limits.
FAQ: EU AI Act conformity assessment procedures and notified body selection
source-linked FAQ on EU AI Act Article 43 conformity assessment routes, Annex VI internal control, Annex VII notified-body review, CE marking, declarations, and registration.