European Union AI Regulation

Overview

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation, establishing a risk-based framework governing the development, deployment, and use of AI systems across all 27 EU member states. Adopted on 13 June 2024, it entered into force on 1 August 2024 with phased implementation running through to 2030.

–– Prohibitions on unacceptable-risk AI systems (social scoring, manipulative AI, most real-time remote biometric identification) have applied since 2 February 2025 – General-purpose AI model obligations, the GPAI Code of Practice, and EU-level governance structures (AI Office, AI Board, Scientific Panel, Advisory Forum) have applied since 2 August 2025 – High-risk AI system obligations and Article 50 transparency requirements are due to apply from 2 August 2026 – Penalties of up to 7% of global annual turnover for prohibited AI practices

Where we are now (March 2026)

Implementation is underway but faces significant delays across multiple fronts.

Article 6 Guidelines

The Commission missed its 2 February 2026 deadline to publish guidelines on the practical application of Article 6 (high-risk AI classification), citing the need to integrate substantial stakeholder feedback. A revised set of guidelines is being prepared across 2026, covering high-risk classification, transparency requirements, incident reporting, fundamental rights impact assessments, provider and deployer obligations, and the interplay of the AI Act with other EU legislation.

Harmonised Standards

The European standardisation bodies CEN and CENELEC failed to deliver harmonised technical standards for high-risk AI requirements by their August 2025 target. Standardisation work remains ongoing, with delivery now expected by end of 2026.

National Authority Designations

Many member states have not yet formally designated their national competent authorities (market surveillance and notifying authorities) despite the 2 August 2025 deadline. As of early 2026, only three member states had completed full designation; approximately ten had pending legislative proposals; and fourteen had yet to act.

Digital Omnibus Proposal

On 13 March 2026, the Council of the EU adopted its negotiating mandate on the Digital Omnibus on AI, proposing to defer high-risk enforcement dates and link them to the availability of harmonised standards and Commission guidance. The Council mandate proposes backstop dates of 2 December 2027 for standalone high-risk AI systems (Annex III) and 2 August 2028 for embedded high-risk AI systems in regulated products (Annex I). The Council mandate also introduces a new prohibition on AI practices relating to the generation of non-consensual sexual and intimate content or child sexual abuse material. Negotiations with the European Parliament are now underway.

Key Sources

EU AI Act — Official Journal (EUR-Lex)View ↗

European AI OfficeView ↗

Commission — Supporting implementation with guidelines (Dec 2025)View ↗

Commission — Navigating the AI Act (Digital Omnibus rationale)View ↗

Council — Position to streamline AI rules (13 March 2026)View ↗

Digital Omnibus on AI — Commission proposal (Nov 2025)View ↗

AI Act Implementation TimelineView ↗

National Implementation Plans TrackerView ↗

Council of Europe Framework Convention on AI (CETS 225)View ↗

IAPP — EU AI Act Regulatory DirectoryView ↗

This content is for informational and educational purposes only and does not constitute legal advice.