Armadillo
← EU AI Act Hub · Timeline

EU AI Act Timeline & Deadlines

Key dates for EU AI Act compliance. Know what's required and when.

· 5 min read

Overview

The EU AI Act entered into force on August 1, 2024. However, enforcement is phased over several years to give organizations time to comply.

Here’s what you need to know about each deadline.

February 2025

Prohibited AI systems banned

Starting February 2, 2025, the following AI practices are prohibited:

  • Social scoring: AI systems that evaluate individuals based on social behavior
  • Subliminal manipulation: AI designed to manipulate behavior without awareness
  • Exploitation of vulnerabilities: AI targeting children, elderly, or disabled
  • Real-time biometric identification: In publicly accessible spaces (with narrow exceptions)
  • Biometric categorization: Inferring race, politics, religion, sexual orientation
  • Facial recognition databases: Scraping facial images from internet or CCTV
  • Emotion inference: In workplace and educational settings (some exceptions)
  • Predictive policing: For individuals based on personality traits

What to do: Review your AI inventory. If any system falls into these categories, stop using it immediately.

August 2025

General-Purpose AI requirements apply

Starting August 2, 2025, providers of general-purpose AI models must comply with transparency and documentation requirements.

This affects organizations that:

  • Develop foundation models
  • Provide large language models
  • Offer AI-as-a-service platforms

Key requirements:

  • Technical documentation
  • Training data transparency
  • Downstream provider information
  • Copyright compliance

For deployers: If you use general-purpose AI (like ChatGPT, Claude, Gemini), your providers should be compliant. Focus on your own obligations as a deployer.

August 2026

Full enforcement for high-risk AI

Starting August 2, 2026, all requirements for high-risk AI systems apply:

For providers:

  • Conformity assessments
  • Quality management systems
  • Risk management
  • Data governance
  • Human oversight design
  • Technical documentation
  • Traceability

For deployers:

  • Use AI per provider instructions
  • Assign human oversight
  • Monitor operation
  • Keep logs
  • Report incidents
  • Conduct impact assessments

This is the big deadline. If you use AI for employment decisions, credit assessment, educational evaluation, or other high-risk purposes, full compliance is required.

How to prepare

Now through February 2025

  1. Audit for prohibited AI

    • Review current AI systems
    • Identify any that fall into prohibited categories
    • Plan for discontinuation or modification

  2. Start your AI inventory

    • Document all AI tools in use
    • Note their purpose and data access
    • Identify who uses them

February through August 2025

  1. Classify AI by risk

    • Apply EU AI Act risk categories
    • Identify high-risk systems
    • Document classification rationale

  2. Plan governance structure

    • Designate responsible parties
    • Define oversight processes
    • Establish incident procedures

August 2025 through August 2026

  1. Implement high-risk requirements

    • Establish human oversight
    • Create documentation
    • Implement monitoring
    • Train staff on AI literacy

  2. Prepare for audits

    • Compile compliance evidence
    • Test incident procedures
    • Conduct internal reviews

Ongoing

  1. Maintain compliance
    • Monitor for new AI adoption
    • Update documentation
    • Report incidents
    • Adapt to regulatory guidance

The key insight: Starting early gives you time to implement proper governance without rushing. Organizations that wait until August 2026 will face compressed timelines and higher risk.