A regulation that applies in phases is easy to misread. Teams hear "2026" or "2027" and file the whole thing under "later," then discover that one slice of their obligations went live last year and another just moved. The EU AI Act has been live since February 2025, the general-purpose AI rules since August 2025, and as of the May 2026 Digital Omnibus political agreement, the headline high-risk deadline everyone planned around has shifted. If your board reporting still says "high-risk obligations apply 2 August 2026," it is out of date, and someone should fix it before the next risk committee.
This post lays out the dates as they actually stand in mid-2026, flags what is settled versus still moving, and tells you what evidence to have in hand when each milestone lands.
A note on the moving target
The AI Act, Regulation (EU) 2024/1689, entered into force on 1 August 2024 and was written to apply in stages. Most of those stages are fixed. The one that has changed is the application date for high-risk systems.
In November 2025 the Commission proposed a "Digital Omnibus" package to simplify and stagger parts of the Act. On 7 May 2026 the Council and Parliament reached a provisional political agreement on the AI portion of that package. The agreement postpones the high-risk deadlines and makes other changes, including new prohibitions on AI-generated CSAM and non-consensual intimate imagery, reduced duplication for AI embedded in regulated products, and accommodations for SMEs.
The important caveat: as of this writing, the omnibus text still requires formal adoption by Parliament and Council and publication in the Official Journal before it is law. A political agreement is a strong signal, not a statute. Plan against the revised dates, but keep the original 2 August 2026 high-risk date in your risk register until the text is published. If adoption slips, the original date is what the Act still says, and that is the date your enforcement exposure runs against.
The deadlines, in order
2 February 2025, already in force
Two things went live first: the prohibited practices (Article 5) and the AI literacy obligation (Article 4).
Article 5 bans a defined set of uses outright. Social scoring by public authorities, untargeted scraping of facial images to build recognition databases, certain emotion-inference systems in workplaces and schools, and manipulative or exploitative systems that cause significant harm are among them. There is no transition period and no grandfathering. If you operate one, you are already non-compliant.
Article 4 requires providers and deployers to ensure a sufficient level of AI literacy among staff and others operating AI on their behalf.
Have ready now: a confirmed inventory showing you run none of the Article 5 prohibited uses, and a record of your AI literacy measures, including training delivered, who received it, and when.
2 August 2025, already in force
The obligations for general-purpose AI (GPAI) models under Chapter V and the governance and penalties architecture took effect.
GPAI model providers owe technical documentation, transparency to downstream deployers, a copyright policy, and a summary of training content. Providers of models presenting systemic risk owe additional model evaluation, adversarial testing, and incident reporting. Models placed on the market before 2 August 2025 have until 2 August 2027 to comply.
On governance, Member States were to designate national competent authorities and lay down penalty rules. Penalties are steep, reaching up to 35 million euro or 7 percent of global annual turnover for prohibited-practice violations, with lower tiers for other breaches. For a Fortune 500 balance sheet, the turnover-based ceiling is the figure that gets attention.
Have ready now, if you build or fine-tune models: model documentation, a training-content summary, and a copyright-compliance policy.
2 August 2026, transparency, sandboxes, and the original high-risk date
Two things here are settled, and one has moved.
Settled, Article 50 transparency obligations apply. Providers must ensure AI systems that interact with people, or that generate synthetic audio, image, video, or text, are disclosed as such, with machine-readable marking of synthetic content. Deployers of emotion-recognition or biometric-categorisation systems, and of deep fakes, owe disclosure to affected people.
Settled, innovation measures and sandboxes. Member States should have at least one operational AI regulatory sandbox.
Moved, high-risk Annex III obligations. This is the date that changed. Under the Act as originally written, the obligations for standalone high-risk systems listed in Annex III applied from 2 August 2026. The May 2026 omnibus agreement postpones them, covered below. Until the omnibus text is published in the Official Journal, treat 2 August 2026 as the operative date and keep building toward it.
Have ready by August 2026: transparency disclosures and synthetic-content marking wired into any qualifying system, and, given the legal uncertainty, your high-risk compliance program substantially built rather than parked.
2 December 2027, standalone high-risk systems (revised)
Per the May 2026 agreement, obligations for standalone high-risk AI systems listed in Annex III apply from 2 December 2027. Annex III covers categories such as biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential services, law enforcement, migration, asylum, and border control, and administration of justice.
If you provide or deploy one of these, the full high-risk obligation set lands here: a risk management system (Article 9), data governance (Article 10), technical documentation (Article 11 and Annex IV), automatic logging (Article 12), transparency to deployers (Article 13), human oversight (Article 14), accuracy, robustness, and cybersecurity (Article 15), a quality management system (Article 17), conformity assessment, and registration in the EU database.
Have ready by December 2027: the complete technical documentation dossier, a running risk management system with evidence of iteration, logging that produces tamper-evident records, and a passed conformity assessment.
2 August 2027, GPAI legacy models
Providers of GPAI models that were on the market before 2 August 2025 must be fully compliant by this date. The grace period ends.
2 August 2028, high-risk systems embedded in regulated products (revised)
The other high-risk track. AI systems that are safety components of, or are themselves, products covered by EU product-safety legislation listed in Annex I, such as machinery, medical devices, toys, and lifts, have obligations applying from 2 August 2028 under the revised timeline. The longer runway reflects the work to align with existing sectoral conformity regimes.
Why phased dates trip teams up
Three recurring mistakes show up across large programs.
Treating the latest date as the only date. The prohibitions and literacy rules have been enforceable since February 2025. Transparency lands August 2026 regardless of what happens to the high-risk delay. Anchoring everything to the high-risk date leaves nearer obligations unmet.
Assuming a proposed delay is a granted delay. The high-risk postponement is, as of mid-2026, a political agreement awaiting formal adoption. Building your plan as if December 2027 is locked, then discovering the text slipped or changed, is an avoidable self-inflicted wound. Plan to the revised date and hedge to the original.
Confusing "we have a policy" with "we can show it ran." Every one of these milestones is ultimately about producing evidence on request. Documentation that describes intended behavior is not the same as records showing actual behavior over time. The closer you get to the high-risk dates, the more that gap matters, and the harder it is to close retroactively.
Where the runtime record fits
That last point is where Cytra focuses. The Act's high-risk obligations, Article 9's continuous risk management and Article 12's automatic logging among them, are satisfied by records generated as your AI runs, not by a binder assembled the week before review. Cytra's approach routes AI and agent tool calls through a managed gateway, currently in private beta, that applies deterministic policy and writes each event to a tamper-evident, per-tenant hash-chained ledger; a standalone collector can stream signed events from inside your environment without the gateway. The point is to map that running record to specific control objectives, so that when a deadline arrives, the evidence already exists. Cytra is built to keep you aligned and audit-ready, not to certify you, and coverage means mapping evidence to obligations rather than guaranteeing a compliance outcome. SOC 2 and a HIPAA BAA are in process.
The countdown checklist
- Now: Confirm zero Article 5 prohibited uses; document AI literacy measures.
- Now: If you build or fine-tune GPAI models, hold documentation, training-content summary, and copyright policy.
- By 2 Aug 2026: Article 50 transparency disclosures and synthetic-content marking live.
- By 2 Aug 2026: High-risk program substantially built; do not assume the delay is law yet.
- By 2 Aug 2027: Legacy GPAI models fully compliant.
- By 2 Dec 2027 (revised): Full Annex III standalone high-risk obligations met, conformity assessment passed, EU database registration done.
- By 2 Aug 2028 (revised): Annex I product-embedded high-risk obligations met.
- Ongoing: Track the Digital Omnibus through formal adoption and Official Journal publication; update your register the day it lands.
Dates verified against the European Commission AI Act timeline, the Council's 7 May 2026 press release on the AI Omnibus political agreement, and the official AI Act text, as of June 2026.