A quick reference for the EU AI Act after the Digital Omnibus. Save this page as a PDF for your team, or use it as a training handout.
| Date | What happens | Status |
|---|---|---|
| 1 Aug 2024 | AI Act enters into force | Done |
| 2 Feb 2025 | Prohibited practices and AI literacy apply | In force |
| 2 Aug 2025 | GPAI model rules and governance apply | In force |
| 2 Aug 2026 | Transparency duties apply (Article 50) | This August |
| 2 Dec 2026 | New prohibitions apply (intimate imagery, CSAM) | New |
| 2 Dec 2027 | High-risk Annex III duties apply, moved from Aug 2026 | Deferred |
| 2 Aug 2028 | High-risk Annex I duties apply, moved from Aug 2027 | Deferred |
| Breach | Maximum fine |
|---|---|
| Prohibited practices (Article 5) | Up to €35 million or 7 percent of total worldwide annual turnover, whichever is higher |
| Most other obligations, including high-risk and transparency | Up to €15 million or 3 percent |
| Supplying incorrect, incomplete, or misleading information to authorities | Up to €7.5 million or 1 percent |
For SMEs and start-ups, the lower of the fixed amount or the percentage applies.
| Provider | An organization that develops an AI system or general-purpose model and places it on the market under its own name. |
| Deployer | An organization that uses an AI system under its own authority in a professional setting. Most organizations are deployers. |
| GPAI | A general-purpose AI model that can handle many tasks and be built into other systems. Its providers carry documentation and transparency duties. |
| Annex III | The list of high-risk use areas, including employment, credit, biometrics, education, and essential services. |
| Conformity assessment | The check that a high-risk system meets the Act's requirements before it goes on the market. |
| FRIA | A fundamental rights impact assessment, required of certain deployers of high-risk AI (Article 27). |
| DPIA | A data protection impact assessment under the GDPR, often relevant alongside AI use. |
| Systemic risk | A category of the most capable general-purpose models, which carry extra obligations. |
| AI literacy | A suitable level of understanding of AI among the people who use it, which providers and deployers must support (Article 4). |
| Transparency obligation | The duty to disclose AI interaction and label AI-generated or manipulated content (Article 50). |
| Digital Omnibus | The 2026 simplification package that deferred the high-risk deadlines and adjusted several other duties. |
As of July 2026. This reference is for orientation and internal training. It is not legal advice and does not certify compliance, and it simplifies the underlying text. The Digital Omnibus received final Council approval on 29 June 2026 and is awaiting publication in the Official Journal; until it is published, the original AI Act text remains binding. Confirm specifics with qualified counsel.