EU AI Act timeline: what organizations need to know

The EU AI Act doesn't take effect all at once — its obligations phase in over several years. Knowing the sequence helps you prioritize your governance work instead of trying to do everything at once.

The phased rollout

• Entry into force (mid-2024). The Act becomes law and the clock starts on every later deadline.
• Prohibited practices (~6 months later). Bans on unacceptable-risk uses apply first. Confirm none of your activities fall into a banned category.
• General-purpose AI obligations (~12 months). Transparency and documentation duties for GPAI models.
• High-risk system requirements (~24–36 months). The bulk of the obligations — risk management, data governance, documentation, human oversight and conformity assessment.

What this means for your program

The phasing rewards organizations that build governance capability early rather than scrambling per deadline. A program-level posture — clear policies, ownership, risk processes and evidence — lets you meet each phase as it lands.

Where to start

Begin with an organization-level gap analysis so you know which obligations you already meet and which need work before the next milestone.

Treat the dates above as directional. Always confirm current deadlines against official EU sources for your specific situation.