Overview Timeline Risk tiers Self-assessment Checklists Human layer Demos Action plan Training Resources
Resources

Dates, penalties, and plain-language definitions.

A quick reference for the EU AI Act after the Digital Omnibus. Save this page as a PDF for your team, or use it as a training handout.

Key dates

The timeline after the Omnibus

DateWhat happensStatus
1 Aug 2024AI Act enters into forceDone
2 Feb 2025Prohibited practices and AI literacy applyIn force
2 Aug 2025GPAI model rules and governance applyIn force
2 Aug 2026Transparency duties apply (Article 50)This August
2 Dec 2026New prohibitions apply (intimate imagery, CSAM)New
2 Dec 2027High-risk Annex III duties apply, moved from Aug 2026Deferred
2 Aug 2028High-risk Annex I duties apply, moved from Aug 2027Deferred
Penalties

What non-compliance can cost

BreachMaximum fine
Prohibited practices (Article 5)Up to €35 million or 7 percent of total worldwide annual turnover, whichever is higher
Most other obligations, including high-risk and transparencyUp to €15 million or 3 percent
Supplying incorrect, incomplete, or misleading information to authoritiesUp to €7.5 million or 1 percent

For SMEs and start-ups, the lower of the fixed amount or the percentage applies.

Glossary

The terms, in plain language

ProviderAn organization that develops an AI system or general-purpose model and places it on the market under its own name.
DeployerAn organization that uses an AI system under its own authority in a professional setting. Most organizations are deployers.
GPAIA general-purpose AI model that can handle many tasks and be built into other systems. Its providers carry documentation and transparency duties.
Annex IIIThe list of high-risk use areas, including employment, credit, biometrics, education, and essential services.
Conformity assessmentThe check that a high-risk system meets the Act's requirements before it goes on the market.
FRIAA fundamental rights impact assessment, required of certain deployers of high-risk AI (Article 27).
DPIAA data protection impact assessment under the GDPR, often relevant alongside AI use.
Systemic riskA category of the most capable general-purpose models, which carry extra obligations.
AI literacyA suitable level of understanding of AI among the people who use it, which providers and deployers must support (Article 4).
Transparency obligationThe duty to disclose AI interaction and label AI-generated or manipulated content (Article 50).
Digital OmnibusThe 2026 simplification package that deferred the high-risk deadlines and adjusted several other duties.
Sources

Where this comes from

Turn the human-use layer into something your team does every day

Book a demo →

As of July 2026. This reference is for orientation and internal training. It is not legal advice and does not certify compliance, and it simplifies the underlying text. The Digital Omnibus received final Council approval on 29 June 2026 and is awaiting publication in the Official Journal; until it is published, the original AI Act text remains binding. Confirm specifics with qualified counsel.