Overview Timeline Risk tiers Self-assessment Checklists Human layer Demos Action plan Training Resources
EU AI Act

The EU AI Act, in practice.

A current, plain-language guide to what applies, when, and to whom, after the Digital Omnibus. Built for the people who use AI and write everyday communication, not only for the companies that build AI systems.

Where things stand

The timeline moved. Here is what is actually live.

On 29 June 2026 the Council gave final approval to the Digital Omnibus, which defers the high-risk obligations and softens a few others. Until it is published in the Official Journal, expected in the coming weeks, the original AI Act text remains the binding law. Filter the milestones below to see what is in force today.

Aug 2024
AI Act enters into forceThe clock starts for the phased obligations below.
Done
Feb 2025
Prohibited practices and AI literacy applyThe banned uses, plus a duty to support staff AI literacy.
In force
Aug 2025
GPAI model rules applyDocumentation, copyright, and training-data transparency for general-purpose models.
In force
Aug 2026
Transparency duties apply (Article 50)Tell people when they interact with AI, and label deepfakes and AI-generated content.
This August
Dec 2026
New prohibitions applyBans on AI that generates non-consensual intimate imagery and child sexual abuse material.
New
Dec 2027
High-risk duties apply (Annex III)Hiring, credit, biometrics, and more. Moved from August 2026 by the Omnibus.
Deferred
Aug 2028
High-risk duties apply (Annex I)AI embedded in regulated products. Moved from August 2027.
Deferred
The Digital Omnibus

What changed, and what held

What the Omnibus changed

  • High-risk Annex III duties moved from August 2026 to 2 December 2027.
  • Product-embedded Annex I duties moved to 2 August 2028.
  • AI literacy softened, from a duty to ensure a level of literacy to a duty to support and promote it with proportionate measures.
  • Two new prohibitions added: non-consensual intimate imagery and CSAM generators, from December 2026.
  • Sandbox relief for SMEs and start-ups, with more time and priority access.

What did not change

  • Prohibited practices have applied since February 2025.
  • AI literacy has applied since February 2025, now in its softer form.
  • GPAI model rules have applied since August 2025.
  • Transparency duties under Article 50 still land on 2 August 2026.
  • The penalties framework stands, up to 7 percent of global turnover for banned uses.
The shape of the law

Four risk tiers, and where you sit

The AI Act sorts systems by risk. Most organizations are deployers, using AI rather than building it, so the tiers that matter most are the banned uses, the transparency duties, and the literacy duty that applies to everyone.

Prohibited

Banned outright

Social scoring, manipulative or exploitative systems, workplace or school emotion recognition, and more. In force since February 2025.

High-risk

Heavily regulated

Hiring, credit, insurance, biometrics, essential services. Provider and deployer duties. Apply from December 2027.

Limited

Transparency

Chatbots, deepfakes, and AI-generated content. Disclose and label. Apply from August 2026.

Minimal

No specific duties

Most everyday tools. No dedicated obligations, though AI literacy and good practice still apply.

The part most guides miss

The human-use layer

Even a team that deploys no high-risk AI has two live exposures that do not wait for any deadline: what people write in everyday communication, and what they paste into public AI tools.

This is the layer VerbaPulse works on. It supports AI literacy in the moment, gives visibility into shadow AI use at the department level, and helps keep confidential and regulated language out of messages before they send. To be clear about the boundary: VerbaPulse is not an AI Act compliance platform. It does not classify your AI systems, run conformity assessments, or replace your legal obligations. It covers the everyday human layer underneath all of that.

Explore the toolkit

Work through it, or train your team on it

Each section below turns this guidance into something you can use. The interactive tools are rolling out over the coming days.

Assess
Self-assessment
Answer a few questions to see your role, which duties apply to you, and your personal checklist.
Act
Obligation checklists
Tickable checklists for prohibited uses, high-risk deployer duties, transparency, and AI literacy.
See it
Product demos
VerbaPulse in action across legal, finance, and HR, with real flagged phrases and safer wording.
Plan
30 / 60 / 90 day plan
A practical rollout you can start now, independent of the shifting compliance calendar.
Train
Training and knowledge check
A short scored quiz with instant feedback, plus the key takeaways for your team.
Reference
Resources
Glossary, penalties, key dates, sources, and a printable version of this guide.

See VerbaPulse on the messages your team actually sends

Book a demo →

As of July 2026. This guide is for orientation and internal training. It is not legal advice and does not certify compliance. The Digital Omnibus described here received final Council approval on 29 June 2026 and is awaiting publication in the Official Journal; until it is published, the original AI Act text remains binding. Confirm specifics with qualified counsel.