Does the August 2, 2026 date apply to all AI systems or only high-risk?

Only to AI systems classified as high-risk under Annex III. Non-high-risk systems are not subject to the Chapter III, Section 2 obligations. The classification analysis is the operative question. Use the May 2026 Commission guidelines as the interpretive reference.

What happens to systems placed on the market before August 2, 2026?

High-risk systems placed on the market before August 2, 2026 enter scope on August 2, 2027 under the legacy provision. Systems that undergo substantial modification under Article 43(4) lose the legacy exception and enter scope immediately on modification.

When do the penalty caps apply?

The penalty caps under Article 99 are active from August 2, 2025. Penalties apply to the violations that are enforceable as of the date of the violation. A high-risk system non-compliance after August 2, 2026 carries the tier 2 cap of EUR 15 million or 3% of global annual turnover, whichever is higher.

Is there an extension or grace period for the August 2, 2026 date?

The Commission has not indicated any extension. The Polish presidency raised the possibility in early 2026, but no formal extension has been proposed at the Council level. Enterprise deployers should plan against the August 2 date.

What about general-purpose AI models that integrate into high-risk systems?

The shared responsibility model under the GPAI and high-risk frameworks assigns upstream obligations to the GPAI provider and downstream obligations to the high-risk provider and deployer. The May 2026 GPAI guidelines clarify the value-chain split. The GPAI provider's Article 53 and 55 documentation feeds the downstream provider's Article 11 technical documentation.

How does the Commission's implementing-act program affect the timeline?

The Commission is issuing implementing acts that further specify the operational requirements for several articles, including Article 43 (conformity assessment), Article 72 (post-market monitoring plan template), and the Article 5 prohibitions. The implementing acts do not change the enforcement dates. They specify how the obligations are operationalized.

EU AI Act Implementation Timeline: What Triggers When Between February 2025 and August 2027

The EU AI Act entered into force on August 1, 2024, but its operative obligations phase in across four enforcement dates between February 2, 2025 and August 2, 2027. The phased structure matters because the obligations and the evidence each phase expects differ. A provider that satisfies the Article 5 prohibitions enforced in February 2025 is not automatically prepared for the Article 12 traceability obligation that lands on August 2, 2026. The architecture each phase expects is different.

I want to walk through each milestone, the obligations that activate at each date, and the operational evidence the market surveillance authorities will expect to find at each phase.

February 2, 2025: Article 5 prohibitions and AI literacy

The first wave of obligations went live on February 2, 2025.

The prohibited practices under Article 5

Article 5 prohibits eight AI practices: subliminal manipulation that causes significant harm, exploitation of vulnerabilities, social scoring by public authorities, real-time remote biometric identification in publicly accessible spaces with narrow law-enforcement exceptions, predictive policing based solely on profiling, untargeted facial-recognition database scraping, emotion recognition in workplaces and educational institutions, and biometric categorization that infers sensitive attributes.

The prohibitions are absolute. A system that falls under any of the categories cannot be placed on the EU market or put into service, regardless of conformity assessments or impact assessments. Market surveillance authorities can order immediate withdrawal of any system in violation.

AI literacy under Article 4

Article 4 requires providers and deployers to ensure their staff and other persons dealing with the operation and use of AI systems have a sufficient level of AI literacy. The obligation is general. The Commission has not yet issued a binding curriculum. Most enterprise compliance teams have responded with internal training programs, contractor onboarding requirements, and documentation of the training in the personnel file.

August 2, 2025: General-purpose AI providers

The second wave landed on August 2, 2025.

Articles 53 and 55 for general-purpose AI providers

Article 53 sets the baseline GPAI provider obligations: technical documentation about the model, information for downstream providers integrating the model, a policy to comply with EU copyright law, and a sufficiently detailed summary of the training content. Article 55 adds obligations for GPAI models with systemic risk: model evaluations against systemic risks, risk mitigations, adversarial testing, incident reporting, and cybersecurity measures.

The May 19, 2026 GPAI guidelines from the Commission further specify how the Article 53 and 55 obligations apply to specific deployment patterns. The guidance is the operational reference GPAI providers should map against.

Penalties under Article 99

Article 99 penalty caps activated alongside the GPAI obligations. The penalty tiers reach EUR 35 million or 7% of global annual turnover for the most serious prohibited-practice violations, EUR 15 million or 3% for other non-compliance, and EUR 7.5 million or 1% for inaccurate information supplied to authorities. The tier 2 penalties are the operative cap most enterprise deployers face.

August 2, 2026: High-risk system obligations

The third wave is 47 days away as of this writing. It is the densest and the most operationally consequential phase.

Chapter III, Section 2 obligations for Annex III high-risk systems

The Chapter III, Section 2 obligations activate for AI systems classified as high-risk under Annex III. The obligations include the risk management system under Article 9, the data governance requirements under Article 10, the technical documentation under Article 11, the record-keeping under Article 12, the transparency obligations under Article 13, the human oversight under Article 14, the accuracy and resilience requirements under Article 15, the provider obligations under Articles 16 and 17, the deployer obligations under Article 26, the conformity assessment under Article 43, and the post-market monitoring under Article 72.

Article 12 traceability is the cross-cutting evidence requirement

Article 12 requires automatic recording of events over the lifetime of the system. The records have to include the period of use, the input data, the reference database (if any), the output, and the identification of natural persons involved in human oversight under Article 14. The records have to be retained for at least six months by the deployer under Article 26(7), longer if Union or national law requires.

The Article 12 records are the cross-cutting evidence. The risk management process under Article 9 consumes them. The post-market monitoring under Article 72 analyzes them. The market surveillance authority inspects them. The deployer's notification obligation under Article 26(11) depends on them. Without per-decision evidence at the request granularity, none of the other obligations have the source data they need.

The May 2026 high-risk classification guidelines

The Commission published draft guidelines on May 19, 2026 that sharpen the criteria for high-risk classification under Annex III. Three categories most enterprises had assessed as out-of-scope move into scope under the tightened criteria: HR screening that filters before human review, clinical decision support that influences treatment selection, and fraud detection that triggers account restrictions. Providers and deployers should run the classification analysis against the new guidelines before August 2.

August 2, 2027: Legacy high-risk systems

The final phase covers high-risk AI systems that were already on the market before August 2, 2026.

Scope of the legacy phase

High-risk systems placed on the market before August 2, 2026 are not retroactively in scope on that date. The legacy phase applies the high-risk obligations to those systems on August 2, 2027, with an exception for systems that undergo substantial modification, which triggers immediate scope.

Why the legacy phase is not a free pass

The legacy phase is often misread as a free pass for systems already in production. The exception under Article 111 covers systems that have not been substantially modified. Most enterprise AI systems in production go through model updates, training-data refreshes, and policy gateway changes that can constitute substantial modification under Article 43(4). The May 2026 guidelines tightened the substantial-modification test. Deployers should run the analysis on every covered system, not assume the legacy phase applies.

What each phase expects when an inspector arrives

The phased structure means the evidence the inspector expects depends on the date and the system's classification.

For Article 5 prohibitions, the inspector expects to confirm the system does not fall under any prohibited category. The evidence is descriptive: the system's intended purpose, the input modalities, the output behavior, the deployment context. Documentation suffices.

For GPAI providers, the inspector expects the model documentation, the training data summary, the copyright policy, and (for systemic risk models) the evaluation reports and incident logs. Documentation plus structured evaluation reports suffice.

For high-risk systems from August 2, 2026, the inspector expects per-decision evidence. The technical documentation describes the system. The Article 12 logs describe what the system did at each decision. The Article 26 deployer evidence describes how the system was used. Documentation alone fails. The architecture has to produce runtime evidence at the request granularity.

For legacy systems from August 2, 2027, the inspector expects the same per-decision evidence the August 2, 2026 phase requires, plus the substantial-modification analysis that confirms the legacy exception still applies.

DeepInspect

This is the per-decision evidence layer DeepInspect produces. DeepInspect sits at the AI request boundary as a stateless proxy between authenticated users or agents and the LLM endpoints, enforces identity-bound policy on every request, and records a per-decision audit record that includes the identity, the policy version, the data classification, the decision outcome, and a tamper-evident signature.

For the August 2, 2026 phase, the per-decision records are the source data for Article 12 traceability, the Article 26 deployer evidence, the Article 72 post-market monitoring inputs, and the corrective-action workflow under Article 79. For the August 2, 2027 phase, the same evidence layer covers legacy systems that move into scope after substantial modification.

If you are placing a high-risk AI system on the EU market and your evidence strategy depends on application logs, the August 2 enforcement date will surface the gap. Book a demo today.

Beyond the EU AI Act

The phased structure of the EU AI Act maps to similar trajectories in adjacent regimes. The NIST AI Risk Management Framework released its initial profile in January 2023 and expanded through subsequent versions. ISO/IEC 42001 was published October 2023 and is reaching enterprise adoption through 2025-2026. The Fannie Mae LL-2026-04 framework took effect August 6, 2026 (120 days after publication). The Colorado AI Act SB 26-189 revision takes effect January 1, 2027.

The per-decision evidence architecture that satisfies the August 2, 2026 EU AI Act phase satisfies these adjacent regimes on the same infrastructure.