EU AI Act Deadlines: The Verified Timeline (Updated July 2026)

Verified against official EU sources on July 4, 2026: the EU AI Act’s prohibitions and AI-literacy duties have applied since February 2, 2025, general-purpose AI obligations since August 2, 2025, and the Article 50 transparency duties (chatbot disclosure, deepfake labelling, synthetic-content marking) still take effect August 2, 2026. The high-risk obligations, however, are being deferred: the "Digital Omnibus" amendment — adopted by the European Parliament on June 16 and the Council on June 29, 2026 — moves stand-alone Annex III high-risk duties to December 2, 2027 and product-embedded Annex I duties to August 2, 2028. It awaits only Official Journal publication.

The timeline as it stands on July 4, 2026

Regulation (EU) 2024/1689 entered into force on August 1, 2024 with staggered application dates. The Digital Omnibus amendment reshuffles the high-risk dates; it has cleared every political stage but is not yet published in the Official Journal, so until publication the statute book formally still reads August 2, 2026 for high-risk systems. Publication is expected imminently — the final act was signed on July 3, 2026.

ObligationDateStatus (July 4, 2026)
Prohibited AI practices (Art. 5) + AI literacy (Art. 4)February 2, 2025In force
General-purpose AI model obligations + EU governance structuresAugust 2, 2025In force
Transparency duties (Art. 50): chatbot disclosure, deepfake labelling, marking synthetic content — new systemsAugust 2, 2026Unchanged — applies in under a month
Machine-readable marking for generative systems already on the market before Aug 2, 2026December 2, 2026Transitional deadline added by the Omnibus
New prohibition: AI generating non-consensual intimate imagery / CSAMDecember 2, 2026Added by the Omnibus
Stand-alone high-risk AI systems (Annex III)December 2, 2027Deferred from Aug 2, 2026 by the Omnibus
High-risk AI embedded in regulated products (Annex I)August 2, 2028Deferred by the Omnibus
National AI regulatory sandboxes operationalAugust 2, 2027Postponed from Aug 2, 2026

Sources: Regulation (EU) 2024/1689 (eur-lex.europa.eu); Council of the EU press release, June 29, 2026 (consilium.europa.eu); European Parliament legislative observatory, procedure 2025/0359(COD) (oeil.europarl.europa.eu); European Commission AI policy page (digital-strategy.ec.europa.eu). Verified July 4, 2026.

Penalties (Article 99) — unchanged by the Omnibus

The fine maximums scale with worldwide annual turnover, whichever amount is higher — with one deliberate break for small businesses: for SMEs and start-ups, each fine is capped at the lower of the fixed amount or the percentage.

ViolationMaximum fine
Prohibited practices (Art. 5)€35 million or 7% of worldwide annual turnover
Most other obligations (incl. high-risk duties and Art. 50 transparency)€15 million or 3%
Supplying incorrect or misleading information to authorities€7.5 million or 1%
SMEs and start-upsThe lower of the applicable amount or percentage

Source: Regulation (EU) 2024/1689, Article 99 (eur-lex.europa.eu/eli/reg/2024/1689/oj).

What changed for small businesses

Three Omnibus changes matter most for smaller organizations:

  • The simplified technical-documentation form previously reserved for SMEs is extended to "small mid-caps" — companies up to roughly 750 employees or €150 million annual revenue.
  • National AI regulatory sandboxes, which SMEs were promised priority access to, are pushed to August 2, 2027.
  • The deferral applies to the high-risk regime only. If you deploy a customer-facing chatbot, generate synthetic content or use emotion recognition, the Article 50 transparency duties still land on August 2, 2026.

What to do before August 2, 2026

The near-term obligation is transparency, not the high-risk regime: disclose AI interaction to users, label deepfakes and machine-generated content, and document how your systems do it. For most small companies the practical work is an AI usage policy, an AI system register with risk classification, and transparency notices — the documentation layer an AI governance pack covers. ISO/IEC 42001 remains the certifiable management-system standard for organizations that want audited proof of AI governance. No template makes an organization compliant with the AI Act; compliance comes from operating the controls, and for high-risk systems the deferred dates buy time to build them properly.

Frequently asked questions

Do high-risk AI rules still start on August 2, 2026?
In practice, no. The Digital Omnibus amendment — adopted by the European Parliament on June 16, 2026 and the Council on June 29, 2026 — defers stand-alone Annex III high-risk obligations to December 2, 2027 and product-embedded Annex I obligations to August 2, 2028. As of July 4, 2026 it awaits Official Journal publication, so August 2, 2026 technically remains on the statute book until that formality completes.
Was the EU AI Act delayed?
Partly. Only the high-risk regime was deferred (to December 2, 2027 for Annex III and August 2, 2028 for Annex I products). The prohibitions and AI-literacy duties (in force since February 2, 2025), the general-purpose AI obligations (since August 2, 2025) and the Article 50 transparency duties (from August 2, 2026) were not postponed.
What EU AI Act rules apply right now?
As of July 2026: the bans on prohibited AI practices and the AI-literacy duty (since February 2, 2025), and the obligations for general-purpose AI models plus the EU governance framework (since August 2, 2025). The Article 50 transparency duties — chatbot disclosure, deepfake labelling, synthetic-content marking — apply from August 2, 2026.
What are the maximum EU AI Act fines?
Up to €35 million or 7% of total worldwide annual turnover for prohibited practices; up to €15 million or 3% for most other violations, including the high-risk and transparency duties; up to €7.5 million or 1% for supplying incorrect information to authorities. For SMEs and start-ups each fine is capped at the lower of the amount or the percentage (Art. 99).
Does the EU AI Act apply to small businesses?
Yes — there is no small-business exemption from the prohibitions, transparency duties or (when they apply) high-risk obligations. The Act does soften the impact: fines for SMEs are capped at the lower tier value, and the 2026 Omnibus extends simplified technical documentation to companies up to roughly 750 employees or €150 million revenue.

Related guides: AI Governance (EU AI Act & NIST AI RMF) · ISO 42001

Toolkits that help

AI Governance (EU AI Act + NIST AI RMF)

AI Governance Policy Pack

10 editable AI policies — including an employee AI use policy and an AI risk register — aligned to the EU AI Act and NIST AI RMF. Govern workplace AI before regulators and clients ask.

$4930% off · auto-appliedView toolkit
ISO/IEC 42001:2023 AI Management System

ISO 42001 AI Management System Toolkit

14 editable ISO/IEC 42001:2023 policies and procedures — impact assessments, AI lifecycle, data governance, third-party AI — plus the Annex A Statement of Applicability, an AI risk register, and an audit evidence checklist.

$9930% off · auto-appliedView toolkit

Related articles

← All articles

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.