Artifact GuideEU

EU AI Act Timeline and Phasing Roadmap

Practical EU AI Act guide to Timeline and Phasing Roadmap: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations.

Grounded in external official sources with practical checks for product, model-risk, engineering, legal, privacy, procurement, security, and compliance owners.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
5

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This EU AI Act guide gives a practical phasing roadmap for the law's key dates so teams can see what starts when, who needs to act, and what evidence to keep. It links the official timeline to scope, owners, evidence, edge cases, and review triggers so product, legal, security, operations, and compliance teams can work from the same record.

Section 1

What decision should teams make about Timeline and Phasing Roadmap under the EU AI Act?

Start by deciding whether the Timeline and Phasing Roadmap issue is in scope, which AI Act obligation applies, who owns the workflow, and what evidence proves implementation.

Treat the answer as a source-linked decision record. It should connect the cited external source to the actual product, service, data flow, supplier, incident, request, or user journey.

  • Name the AI Act trigger for timeline, phasing roadmap.
  • Map the role, service tier, risk tier, entity type, or data category before assigning work.
  • Write the source-linked reason in plain language so a non-specialist reviewer can follow it.
  • Tie the decision to a durable artifact: checklist, register, report, disclosure, clause, workflow, or control test.
Sources for this answer
Regulation (EU) 2024/1689 (EU AI Act)
Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context and official public explanation.
AI Act Service Desk - Article 5 prohibited AI practices
Official AI Act Service Desk article page for prohibited-practice screening.
Section 2

Which EU AI Act dates belong in the phasing roadmap, and what should stay out of scope?

Use the roadmap in date order: 1 August 2024 the AI Act enters into force; 2 February 2025 the prohibitions and general provisions apply; 2 August 2025 the provisions on notified bodies and governance structure apply, GPAI obligations apply, and the penalties provisions apply; 2 August 2026 the main application date starts for the rest of the Act. The roadmap should also flag later dates such as 2 August 2027 for public summaries for models placed on the market before 2 August 2025, where that issue is relevant.

Exclusions matter as much as inclusions. If a rule does not apply, record why, because future product or supplier changes can reopen the same decision.

  • Write each phase date next to the obligation it triggers, not as a generic timeline note.
  • Record the in-scope facts and the out-of-scope facts separately.
  • Note which phase applies to prohibitions, governance, GPAI, penalties, or the general application date.
  • Add the country, service, customer segment, data type, supplier, and launch date when they affect the answer.
  • Use a reassessment trigger for material changes rather than relying on annual review alone.
Sources for this answer
Regulation (EU) 2024/1689 (EU AI Act)
Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context and official public explanation.
AI Act Service Desk - Article 5 prohibited AI practices
Official AI Act Service Desk article page for prohibited-practice screening.
European Commission - GPAI provider guidelines
Commission guidance context for GPAI model provider duties.
Section 3

Who should own the Timeline and Phasing Roadmap under the EU AI Act, and what evidence should they maintain?

Ownership should sit with AI governance, product, model, legal, risk, security, procurement, and business process owners. The owner must be able to change the process, not merely describe it.

For Timeline and Phasing Roadmap, evidence should include risk-classification records, Annex III use-case analysis, technical documentation, FRIA records, transparency notices, GPAI evidence, monitoring logs, and incident triage records. Keep the cited source and a short quote beside the evidence so later reviewers can see why the artifact exists.

  • Assign a legal interpretation owner and an operational delivery owner.
  • Give one team responsibility for source citations and one team responsibility for evidence retrieval.
  • Keep approvals, change history, and rejected alternatives with the same record.
  • Make the evidence usable by product, engineering, procurement, security, support, and compliance teams.
Sources for this answer
Regulation (EU) 2024/1689 (EU AI Act)
Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context and official public explanation.
AI Act Service Desk - Article 5 prohibited AI practices
Official AI Act Service Desk article page for prohibited-practice screening.
Section 4

Which edge cases make Timeline and Phasing Roadmap under the EU AI Act risky or easy to misunderstand?

The common failure mode is treating every AI feature as the same risk class, missing deployer duties, relying on vendor claims without evidence, or postponing Article 5 prohibited-practice screening and Article 4 AI literacy work beyond their 2 February 2025 application date. Treat those as escalation triggers, not footnotes.

For EU AI Act, an edge case should be resolved with the same discipline as the main rule: facts, source, owner, evidence, and review trigger.

  • Mixed roles or multi-service products can trigger different duties for the same workflow.
  • A supplier certificate, template, or standard can support evidence but may not replace the legal source.
  • Deadlines and authority routes may differ when Member State implementation or supervisory guidance is involved.
  • User-facing notices, reports, and controls should match the internal evidence record.
Sources for this answer
Regulation (EU) 2024/1689 (EU AI Act)
Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context and official public explanation.
AI Act Service Desk - Article 5 prohibited AI practices
Official AI Act Service Desk article page for prohibited-practice screening.
European Commission - GPAI provider guidelines
Commission guidance context for GPAI model provider duties.
Section 5

Implementation checklist for Timeline and Phasing Roadmap under the EU AI Act

Use this checklist before approving Timeline and Phasing Roadmap. It is intentionally practical: it asks whether the decision can survive customer questions, audit review, regulator questions, and product change.

The checklist should stay in the same system as the evidence so it can be reused for future changes and not rebuilt from memory.

What is the first practical step for handling Timeline and Phasing Roadmap under the EU AI Act?

Start by recording why Timeline and Phasing Roadmap matters under the EU AI Act, which official source controls the decision, who owns the work, and what evidence will prove the implementation is complete.

What evidence should teams save for Timeline and Phasing Roadmap under the EU AI Act?

Save the external source URL, a short quote, the EU AI Act fact pattern, the decision owner, the implementation artifact, approval history, and the reassessment trigger for Timeline and Phasing Roadmap.

  • Scope decision for timeline, phasing roadmap is written and source-linked.
  • Owner map covers legal, product, technical, operations, and evidence roles for AI Act.
  • Required artifact is complete: register, report, notice, checklist, clause, control, workflow, or template.
  • Source URL, short quote, approval date, and reviewer are saved with the evidence.
  • Reassessment triggers are defined for product, service, supplier, country, data, user, or authority changes.
Sources for this answer
Regulation (EU) 2024/1689 (EU AI Act)
Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
European Commission - AI Act regulatory framework
Commission policy page used for implementation context and official public explanation.
AI Act Service Desk - Article 5 prohibited AI practices
Official AI Act Service Desk article page for prohibited-practice screening.
Recommended next step

Use this EU AI Act guide as a cited implementation workflow

Sorena can turn the Timeline and Phasing Roadmap decisions on this page into cited answers, owner assignments, evidence requests, and reusable review steps for EU AI Act work.

Research workflow
Open Research Copilot for EU AI Act

Ask source-linked questions about Timeline and Phasing Roadmap, scope, deadlines, and evidence using the cited sources on this page.

Explore next step
Talk to Sorena
Talk through implementation

Review your Timeline and Phasing Roadmap workflow, source gaps, and next implementation steps with Sorena.

Explore next step
Primary sources

References and citations

European Commission - AI Act regulatory framework
digital-strategy.ec.europa.eu
Referenced sections
  • Commission policy page used for implementation context and official public explanation.
"The AI Act is the first-ever comprehensive legal framework on AI worldwide."
Regulation (EU) 2024/1689 (EU AI Act)
eur-lex.europa.eu
Referenced sections
  • Primary legal text for EU AI Act scope, roles, risk tiers, obligations, penalties, and phased dates.
"laying down harmonised rules on artificial intelligence"
Related guides

Explore more topics

Are industry AI use cases high-risk under EU AI Act Annex III?
FAQ answer on when an industry AI use case falls under EU AI Act Annex III, how Article 6 classification works, when Article 6(3) can support a non-high-risk conclusion, and what evidence providers should keep.
EU AI Act AI System Classification Edge Cases FAQ
Answers for EU AI Act edge cases: AI system definition, inference versus simple rules, GPAI models, embedded products, territorial scope, roles, and classification evidence.
EU AI Act Applicability and Roles: Scope, Actor Map, and Evidence
Determine whether the EU AI Act applies to an AI system or GPAI model, map provider, deployer, importer, distributor, and product manufacturer roles, and record evidence for classification.
EU AI Act applicability test: scope, role, and risk classification
Stepwise EU AI Act applicability test for AI-system status, exclusions, territorial scope, operator role, prohibited uses, high-risk systems, GPAI models, transparency duties, and evidence records.
EU AI Act Article 5 Prohibited AI Practices Screening Guide
Screen AI systems against the EU AI Act Article 5 prohibitions, including manipulation, exploitation, social scoring, biometric and law-enforcement exceptions.
EU AI Act Article 50 transparency disclosures FAQ
Article 50 FAQ for EU AI Act transparency duties covering chatbot notices, synthetic content marking, biometric and emotion notices, deepfakes, public-interest text, timing, accessibility, and exceptions.
EU AI Act Article 50 transparency, labeling, and user disclosures
Source-grounded guide to EU AI Act Article 50 duties for user interaction notices, synthetic content marking, deepfake labels, emotion recognition notices, biometric categorisation notices, and related high-risk AI instructions for use.
EU AI Act Article 73 serious incident FAQ
FAQ on EU AI Act serious incident handling for high-risk AI systems, including Article 73 reporting, deployer escalation, corrective action, and GPAI systemic-risk distinctions.
EU AI Act Compliance Checklist by Risk Class
A practical EU AI Act checklist for classifying AI systems, assigning operator roles, screening prohibited practices, and collecting evidence for high-risk, GPAI, transparency, monitoring, and incident duties.
EU AI Act Compliance Program: roles, high-risk evidence, GPAI and incidents
Build an EU AI Act compliance program around provider, deployer, importer, distributor, high-risk, GPAI, transparency, monitoring, and incident evidence duties.
EU AI Act conformity assessment and notified bodies for high-risk AI
Grounded guide to EU AI Act high-risk AI conformity assessment routes, provider evidence, EU declaration of conformity, CE marking, and notified body involvement.
EU AI Act deadlines and compliance calendar | Article 113 dates
source-linked EU AI Act compliance calendar for Article 113 staged application dates, Article 111 transitions, GPAI, prohibited practices, AI literacy, and high-risk AI planning.
EU AI Act FAQ: scope, roles, high-risk AI, GPAI, FRIA, and dates
Grounded EU AI Act FAQ covering scope, provider and deployer roles, prohibited practices, high-risk classification, GPAI duties, transparency notices, FRIAs, EU database registration, serious incidents, and staged application dates.
EU AI Act FRIA FAQ: Article 27 Scope, Contents, and Notification
Source-grounded FAQ on when Article 27 requires a fundamental rights impact assessment, which deployers are covered, what the FRIA must contain, and how it relates to DPIAs and registration.
EU AI Act FRIA for high-risk AI systems: Article 27 scope and evidence
Source-grounded guide to EU AI Act Article 27 fundamental rights impact assessments: who must run a FRIA, Article 6(2) triggers, Annex III carveouts, DPIA overlap, notification, and registration evidence.
EU AI Act GPAI and Systemic-Risk Duties: Article 53 and 55 FAQ
FAQ on EU AI Act duties for general-purpose AI model providers, including Article 53 documentation, copyright and training-summary duties, Article 55 systemic-risk duties, serious incidents, cybersecurity, and staged enforcement.
EU AI Act GPAI evidence pack checklist for Article 53 and 55
Build a source-grounded evidence pack for EU AI Act GPAI model obligations: technical documentation, downstream information, copyright policy, training-content summary, and systemic-risk records where applicable.
EU AI Act GPAI Provider Obligations: Articles 53 and 55
Grounded guide to EU AI Act duties for general-purpose AI model providers: Article 53 documentation, copyright policy, training-content summary, downstream information, and Article 55 systemic-risk controls.
EU AI Act High-Risk AI Requirements: Articles 8-16 and 26
Map the EU AI Act requirements for high-risk AI systems: risk management, data governance, technical documentation, logs, transparency, human oversight, accuracy, robustness, cybersecurity, and deployer duties.
EU AI Act high-risk AI use cases by industry | Article 6 and Annex III guide
Industry-by-industry guide to EU AI Act high-risk classification under Article 6, Annex III, Annex I product safety routes, exclusions, and provider/deployer boundaries.
EU AI Act high-risk conformity assessment route selector
Select the EU AI Act Article 43 conformity assessment route for a high-risk AI system, including Annex I product legislation, Annex III categories, notified body triggers, standards, declaration, CE marking, registration, and evidence.
EU AI Act high-risk requirements checklist: Articles 8-15
Checklist for EU AI Act high-risk AI system requirements in Articles 8-15: risk management, data governance, documentation, logs, transparency, human oversight, accuracy, robustness, and cybersecurity.
EU AI Act penalties and fines: Article 99 tiers and GPAI exposure
EU AI Act penalties explained: Article 99 fine tiers, prohibited-practice exposure, incorrect information, SME caps, Member State rules, and GPAI model fines.
EU AI Act post-market monitoring and serious incident reporting
Grounded guide to EU AI Act Articles 72 and 73 for high-risk AI: monitoring plans, serious incident reporting, deployer escalation, corrective action, and GPAI distinctions.
EU AI Act post-market monitoring FAQ for high-risk AI systems
Answer to how providers and deployers should handle EU AI Act post-market monitoring for high-risk AI systems under Article 72, with serious-incident, log, corrective-action, and lifecycle-change triggers.
EU AI Act provider vs deployer role boundaries: Article 3 and Article 25 FAQ
FAQ on EU AI Act provider, deployer, operator, importer, distributor, authorised representative, product manufacturer, downstream provider, and GPAI model provider boundaries.
EU AI Act risk classification intake workflow
A grounded intake structure for classifying EU AI Act scope, prohibited practices, high-risk routes, Annex III use cases, GPAI model status, roles, and reassessment triggers.
EU AI Act serious incident reporting triage workflow: Article 73 and Article 55
Triage EU AI Act serious incidents by definition, actor, reporting route, deadline, deployer escalation, corrective action, and separate GPAI systemic-risk reporting.
EU AI Act Technical Documentation and Provider Evidence Templates
Build AI Act evidence templates for high-risk AI providers: Article 11 technical documentation, Annex IV fields, quality management, conformity, CE marking, registration, logs, and post-market monitoring.
EU AI Act technical documentation FAQ | Article 11 and Annex IV
What Article 11 and Annex IV require in high-risk AI technical documentation: system identity, intended purpose, architecture, data, testing, oversight, cybersecurity, conformity, and post-market monitoring.
EU AI Act vs ISO/IEC 42001: legal duties, controls, and evidence limits
Compare the EU AI Act and ISO/IEC 42001 across legal status, risk classification, high-risk AI, GPAI, transparency, conformity, evidence, and assurance limits.
EU AI Act vs NIST AI RMF: legal duties, risk controls, and evidence boundaries
Compare the binding EU AI Act with the voluntary NIST AI RMF, including role classification, high-risk duties, GPAI, transparency, conformity evidence, and reuse limits.
FAQ: EU AI Act conformity assessment procedures and notified body selection
source-linked FAQ on EU AI Act Article 43 conformity assessment routes, Annex VI internal control, Annex VII notified-body review, CE marking, declarations, and registration.