Deep Lex
Back to Regulation Tracker

European Union AI Regulation

Law(s) enactedTreaty

Europe · CoE Framework Convention signatory

Overview

Overview The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation, establishing a risk-based framework governing the development, deployment, and use of AI systems across all 27 EU member states. Adopted on 13 June 2024, it entered into force on 1 August 2024 with phased implementation running through to 2030.
  • Prohibitions on unacceptable-risk AI systems (social scoring, manipulative AI, most real-time remote biometric identification) have applied since 2 February 2025
  • General-purpose AI model obligations, the GPAI Code of Practice, and EU-level governance structures (AI Office, AI Board, Scientific Panel, Advisory Forum) have applied since 2 August 2025
  • High-risk AI system obligations and Article 50 transparency requirements are due to apply from 2 August 2026 under the Act as originally adopted, though the Digital Omnibus on AI, currently in trilogue, is expected to defer most high-risk obligations. See below.
  • Penalties of up to 7% of global annual turnover for prohibited AI practices

Where we are now (2026)

Implementation is underway but faces significant delays across multiple fronts. The 2 August 2026 deadline for high-risk AI system obligations remains the binding legal deadline, but the Digital Omnibus on AI is advancing through trilogue, with both co-legislators aligned on fixed dates that would defer most high-risk obligations.

Article 6 Guidelines

The Commission missed its 2 February 2026 deadline to publish guidelines on the practical application of Article 6 (high-risk AI classification), citing the need to integrate substantial stakeholder feedback. A revised set of guidelines is being prepared across 2026, covering high-risk classification, transparency requirements, incident reporting, fundamental rights impact assessments, provider and deployer obligations, and the interplay of the AI Act with other EU legislation.

Harmonised Standards

The European standardisation bodies CEN and CENELEC failed to deliver harmonised technical standards for high-risk AI requirements by their August 2025 target. Standardisation work remains ongoing, with delivery now expected by end of 2026. The absence of harmonised standards is the principal technical rationale for the Omnibus delay (see EP Think Tank briefing linked below). Under Article 40 AI Act, compliance with harmonised standards gives high-risk AI systems a presumption of conformity with the Chapter III Section 2 requirements; without those standards, providers lack the primary compliance route the AI Act was designed around.

National Authority Designations

Many member states have not yet formally designated their national competent authorities (market surveillance and notifying authorities) despite the 2 August 2025 deadline. As of early 2026, only three member states had completed full designation; approximately ten had pending legislative proposals; and fourteen had yet to act.

Digital Omnibus Proposal

On 19 November 2025, the European Commission published the Digital Omnibus on AI, a targeted amending regulation intended to simplify AI Act implementation and adjust timelines. The Commission's original proposal linked the application of high-risk obligations to the availability of harmonised standards and Commission guidance (a conditional trigger mechanism), with fallback backstop dates of 2 December 2027 for standalone high-risk AI systems (Annex III) and 2 August 2028 for high-risk AI systems embedded in regulated products (Annex I).

On 13 March 2026, the Council of the EU adopted its negotiating mandate, rejecting the Commission's conditional mechanism in favour of fixed dates of 2 December 2027 (Annex III) and 2 August 2028 (Annex I). The Council mandate also introduced a new prohibition on AI practices relating to the generation of non-consensual sexual and intimate content and child sexual abuse material.

On 26 March 2026, the European Parliament voted to adopt its negotiating position on the Digital Omnibus on AI, a simplification proposal amending the AI Act, by 569 votes in favour, 45 against, with 23 abstentions.

The Parliament's position delays the application of certain rules on high-risk AI systems to allow time for supporting guidance and standards, and introduces fixed application dates to ensure predictability and legal certainty:

  • For high-risk AI systems specifically listed in the Regulation, including those involving biometrics, critical infrastructure, education, employment, essential services, law enforcement, justice and border management, MEPs propose 2 December 2027.
  • For AI systems covered by EU sectoral legislation on safety and market surveillance, MEPs propose 2 August 2028.
  • For watermarking of AI-generated audio, image, video or text content to indicate its origin, providers would have until 2 November 2026.

The Parliament also introduced a new prohibition on AI "nudifier" systems that use AI to create or manipulate images that are sexually explicit or intimate and that resemble an identifiable real person without that person's consent. The prohibition would not apply to AI systems incorporating effective safety measures that prevent users from creating such images.

On flexibility and SME support, the Parliament's position permits service providers to process personal data to detect and correct biases in AI systems, subject to safeguards ensuring strict necessity. MEPs also backed the extension of SME support measures to small mid-cap enterprises (SMCs), to assist EU companies that have outgrown SME status. To prevent overlapping application of sector-specific EU product safety rules and the AI Act, MEPs propose that AI Act obligations may be less stringent for products already regulated under sectoral laws, including medical devices, radio equipment and toy safety.

Following the Parliament vote, negotiations with the Council on the final form of the law can now begin. Cyprus holds the rotating Council presidency from 1 January to 30 June 2026.

Key Sources

EU AI Act: Official Journal (EUR-Lex)View
European AI OfficeView
Commission: Supporting implementation with guidelines (Dec 2025)View
Commission: Navigating the AI Act (Digital Omnibus rationale)View
Council: Position to streamline AI rules (13 March 2026)View
European Parliament: Press release on plenary vote (26 March 2026)View
Digital Omnibus on AI: Commission proposal (Nov 2025)View
AI Act Implementation TimelineView
National Implementation Plans TrackerView
Council of Europe Framework Convention on AI (CETS 225)View
IAPP: EU AI Act Regulatory DirectoryView
EP Think Tank briefing on the Digital Omnibus on AI (EPRS_BRI(2026)782651); Commission Implementing Decision C(2025)3871 of 23 June 2025; EDPB-EDPS Joint Opinion 1/2026; COM(2025) 836 explanatory memorandumView

This content is for informational and educational purposes only and does not constitute legal advice.

AI Regulation Timeline

No detailed timeline available.

Last updated: 19/04/2026