Implementation Timeline

The EU AI Act follows a phased implementation approach, with different provisions becoming applicable at different times between 2024 and 2030. This staged rollout allows organisations time to prepare while ensuring the most harmful AI practices are addressed first.

Legislative Timeline

The Six Implementation Phases

Phase 0: Entry into Force (1 August 2024)

What happened:

• The AI Act became legally binding as EU law
• Countdown to all application dates began
• Member States began transposing administrative requirements

Immediate effects:

• No direct obligations on providers/deployers yet
• Organisations should begin preparation
• Commission empowered to adopt implementing acts

---

Phase 1: First Enforcement Date (2 February 2025)

This is the most urgent deadline for most organisations.

What becomes applicable:

Article 4: AI Literacy Requirement Providers and deployers must take measures to ensure, to their best extent possible, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf.

❗ Action Required by Feb 2, 2025:

1. Complete prohibition audit of all AI systems
2. Cease any prohibited AI practices immediately
3. Implement AI literacy training programmes
4. Document compliance with Article 4

---

Phase 2: GPAI and Governance (2 August 2025)

What becomes applicable:

Key GPAI Obligations Taking Effect:

---

Phase 3: Full Application (2 August 2026)

The primary compliance deadline for high-risk AI systems.

What becomes applicable:

What providers of high-risk AI must have ready:

• Complete risk management system (Article 9)
• Data governance procedures (Article 10)
• Technical documentation (Article 11, Annex IV)
• Record-keeping/logging capabilities (Article 12)
• Transparency information for deployers (Article 13)
• Human oversight measures (Article 14)
• Accuracy, robustness, cybersecurity measures (Article 15)
• Quality management system (Article 17)
• Completed conformity assessment
• CE marking affixed
• EU database registration

---

Commission Guidelines on Classification (Article 6(5)) — Deadline: 2 February 2026

Article 6(5) required the Commission to publish practical guidelines specifying how Article 6 applies, including a comprehensive list of high-risk and not-high-risk use case examples, by 2 February 2026. These guidelines provide essential clarity for applying the Art. 6(3) filter exception. Providers should monitor the Official Journal and the European AI Office for publication and incorporate the guidelines into their classification processes once available.

---

Phase 4: Annex I Products (2 August 2027)

Extended deadline for AI in safety-critical products.

What becomes applicable: Full high-risk AI requirements for AI systems that are:

• Safety components of products covered by Annex I legislation
• Subject to third-party conformity assessment under that legislation

Why the extension? These products already have existing regulatory frameworks. The extra year allows alignment with product development cycles and integration with existing conformity assessment processes.

Affected sectors:

• Medical devices (Regulation 2017/745)
• In-vitro diagnostics (Regulation 2017/746)
• Motor vehicles (Regulation 2019/2144)
• Aviation (Regulation 2018/1139)
• Machinery (Regulation 2023/1230)
• Other Annex I sectors

---

Phase 5: Large-Scale IT Systems (31 December 2030)

Final deadline for EU operational systems.

What becomes applicable: Full compliance for AI systems that are components of EU large-scale IT systems listed in Annex X, including:

• Schengen Information System (SIS)
• Visa Information System (VIS)
• Eurodac
• Entry/Exit System (EES)
• European Travel Information and Authorisation System (ETIAS)
• European Criminal Records Information System (ECRIS-TCN)

Why the long timeline? These are massive, mission-critical systems requiring careful integration of AI Act requirements without disrupting essential EU border and security functions.

---

Transition Rules for Existing AI Systems

The AI Act includes transition provisions for AI systems already on the market:

Large-Scale IT Systems (Article 111(1))

AI systems that are components of EU large-scale IT systems listed in Annex X must comply by 31 December 2030.

Existing High-Risk AI (Article 111(2))

High-risk AI systems already placed on market or put into service before 2 August 2026 may continue operating, BUT:

• Must comply if significantly changed after that date
• High-risk AI systems used by public authorities must comply by 2 August 2030

Existing GPAI Models (Article 111(3))

GPAI models already on market before 2 August 2025:

• Must comply with GPAI obligations within 24 months (by 2 August 2027)

⚠️ No Transition for Prohibited Practices: There is absolutely no transition period for prohibited AI practices. All prohibited systems must cease by February 2, 2025, regardless of when deployed.

---

Compliance Roadmap Template

Immediate (Now - February 2025):

• Conduct AI system inventory
• Perform prohibition audit (Article 5)
• Implement AI literacy training (Article 4)
• Cease any prohibited practices

Short-term (February 2025 - August 2025):

• Classify all AI by risk level
• Begin GPAI compliance (if applicable)
• Establish governance roles and responsibilities
• Engage with standards development

Medium-term (August 2025 - August 2026):

• Implement risk management systems
• Prepare technical documentation
• Establish data governance
• Build logging capabilities
• Prepare for conformity assessment

Full Compliance (August 2026):

• Complete conformity assessments
• Register in EU database
• Affix CE marking
• Launch post-market monitoring

---