Open navigation menu

EU AI Act tracker

Which obligations of Regulation (EU) 2024/1689 apply to providers, deployers, and general-purpose AI model providers, from when — every claim linked to the official text. Each tracked tool's page maps its own risk tier to this reference.

Not legal advice. This page is source-backed information to orient a compliance review. Obligations depend on how your organisation develops or deploys a system; confirm against the official text and your counsel.

Canonical starting point at the source: the European Commission's AI regulatory framework overview (opens in a new tab).

Where the law stands as of 17 Jul 2026

Legislative status source

As of 17 July 2026: the prohibitions on unacceptable-risk AI practices and the deployer AI-literacy duty have applied since 2 February 2025, and the transparency obligations for general-purpose AI model providers since 2 August 2025. Commission enforcement powers over GPAI providers begin on 2 August 2026. Most remaining obligations — including those for Annex III high-risk systems — are legally due on 2 August 2026 under the adopted AI Act; the Digital Omnibus on AI (provisional agreement, May 2026, not yet published in the Official Journal) would defer stand-alone high-risk obligations to 2 December 2027 and product-embedded ones to 2 August 2028. Until the amendment is published, the adopted dates remain the law.

Application timeline

Subscribe to deadlines (.ics)
  1. Prohibited AI practices and AI literacy

    In force. Bans on unacceptable-risk practices (Article 5) and deployer AI-literacy duties (Article 4) apply.

    Source
  2. Governance rules and general-purpose AI model obligations

    In force. GPAI model transparency obligations and the AI Act governance bodies apply; Commission enforcement powers over GPAI providers begin 2 August 2026.

    Source
  3. Most AI Act obligations, including Annex III high-risk systems

    Legally in force on this date under the adopted AI Act. The Digital Omnibus on AI (provisional agreement May 2026, close to adoption — not yet published in the Official Journal) would defer stand-alone Annex III high-risk obligations to 2 December 2027.

    Source
  4. High-risk AI systems embedded in regulated products

    Application date for Annex I product-embedded high-risk systems under the adopted AI Act. The Digital Omnibus on AI would defer this to 2 August 2028 (provisional, pending formal adoption).

    Source

Providers of AI systems

Organisations that develop an AI system and place it on the EU market or put it into service under their own name.

Article 4AI literacy

Providers and deployers must take measures to ensure a sufficient level of AI literacy in staff and other persons operating AI systems on their behalf.

Applies from

Official text
Article 5Prohibited AI practices

Placing on the market, putting into service, or using AI systems for the unacceptable-risk practices listed in Article 5 (e.g. social scoring, exploitative manipulation, untargeted facial-image scraping) is banned outright.

Applies from

Official text
Articles 8–17High-risk system requirements (providers)

Providers of high-risk AI systems must implement a risk-management system, data governance, technical documentation, automatic event logging, transparency to deployers, human oversight, and appropriate accuracy, robustness, and cybersecurity.

Applies from — proposed deferral to 2 Dec 2027 (Digital Omnibus on AI provisional agreement (May 2026) would defer stand-alone Annex III high-risk obligations; not yet published in the Official Journal.)

Official text
Articles 43, 48–49Conformity assessment, CE marking, and EU database registration

High-risk AI systems must pass the applicable conformity-assessment procedure, carry CE marking, and be registered in the EU database before being placed on the market or put into service.

Applies from — proposed deferral to 2 Dec 2027 (Digital Omnibus on AI provisional agreement (May 2026) would defer stand-alone Annex III high-risk obligations; not yet published in the Official Journal.)

Official text
Article 50Transparency for certain AI systems

People must be informed when they interact with an AI system; synthetic audio, image, video, and text content must be marked as artificially generated, and deepfakes disclosed.

Applies from

Official text
Articles 72–73Post-market monitoring and serious-incident reporting

Providers of high-risk AI systems must operate a post-market monitoring system and report serious incidents to market-surveillance authorities within the deadlines set by Article 73.

Applies from — proposed deferral to 2 Dec 2027 (Digital Omnibus on AI provisional agreement (May 2026) would defer stand-alone Annex III high-risk obligations; not yet published in the Official Journal.)

Official text
Article 95Voluntary codes of conduct

For AI systems outside the high-risk tier, the Act encourages voluntary codes of conduct that apply some high-risk requirements proportionately — no mandatory obligations attach to minimal-risk systems beyond AI literacy. (voluntary)

Applies from

Official text

Deployers of AI systems

Organisations using an AI system under their authority in the EU — the role most enterprise buyers of the tools tracked here hold.

Article 4AI literacy

Providers and deployers must take measures to ensure a sufficient level of AI literacy in staff and other persons operating AI systems on their behalf.

Applies from

Official text
Article 5Prohibited AI practices

Placing on the market, putting into service, or using AI systems for the unacceptable-risk practices listed in Article 5 (e.g. social scoring, exploitative manipulation, untargeted facial-image scraping) is banned outright.

Applies from

Official text
Article 26High-risk deployer duties

Deployers of high-risk AI systems must use them per the provider's instructions, assign competent human oversight, ensure relevant and representative input data where they control it, monitor operation, retain automatically generated logs, and report serious incidents.

Applies from — proposed deferral to 2 Dec 2027 (Digital Omnibus on AI provisional agreement (May 2026) would defer stand-alone Annex III high-risk obligations; not yet published in the Official Journal.)

Official text
Article 27Fundamental-rights impact assessment

Bodies governed by public law, private entities providing public services, and deployers of certain Annex III systems must assess the impact on fundamental rights before first use of a high-risk AI system.

Applies from — proposed deferral to 2 Dec 2027 (Digital Omnibus on AI provisional agreement (May 2026) would defer stand-alone Annex III high-risk obligations; not yet published in the Official Journal.)

Official text
Article 50Transparency for certain AI systems

People must be informed when they interact with an AI system; synthetic audio, image, video, and text content must be marked as artificially generated, and deepfakes disclosed.

Applies from

Official text
Article 95Voluntary codes of conduct

For AI systems outside the high-risk tier, the Act encourages voluntary codes of conduct that apply some high-risk requirements proportionately — no mandatory obligations attach to minimal-risk systems beyond AI literacy. (voluntary)

Applies from

Official text

General-purpose AI model providers

Providers of general-purpose AI models (foundation models), regardless of how the model reaches the market.

Articles 53–54GPAI model provider obligations

Providers of general-purpose AI models must maintain technical documentation, supply information to downstream providers, put in place a copyright-compliance policy, and publish a summary of training content. Commission enforcement powers begin 2 August 2026.

Applies from

Official text
Article 55GPAI models with systemic risk

Providers of general-purpose AI models classified as posing systemic risk must additionally perform model evaluations, assess and mitigate systemic risks, report serious incidents, and ensure adequate cybersecurity protection.

Applies from

Official text

How tracked tools map to this

Every tool record carries a source-backed EU AI Act risk tier in its governance posture. The tool's page shows the obligations implicated by that tier. Start from a category hub — agents, orchestration, governance, or assistants — or use the guided evaluation, which already asks for your EU AI Act role.