EU AI Act deadlines now start for AI developers

The EU AI Act has been published in the bloc's Official Journal, starting the countdown for phased legal deadlines. The first major rules cover banned AI uses, followed by codes of practice, GPAI transparency duties and high-risk system obligations.

WTF Index NEUTRAL
◄ Terminator 1 Idiocracy 0 ►

This is mainly a regulatory deadline update, with only mild relevance to controlling risky or banned AI uses.

EU AI Act deadlines now start for AI developers

With the full and final text of the EU AI Act now published in the European Union's Official Journal, the law has moved from political agreement into a countdown for AI developers. The regulation will come into force on August 1, and its obligations will then arrive in stages rather than all at once.

The framework is built around risk. Most AI uses are treated as low risk and will not be regulated, while a smaller set of uses will be banned or placed under stricter obligations. For companies building or deploying AI systems, the practical question is no longer whether the EU AI Act is coming, but which deadline applies to which kind of system.

What the EU AI Act changes

The EU AI Act is a risk-based regulation for applications of artificial intelligence. EU lawmakers reached a political agreement on the bloc's first comprehensive AI rulebook in December last year, and publication in the Official Journal starts the legal clock.

The law creates different levels of obligation depending on how an AI system is used and what risk lawmakers believe that use creates. The source article describes three broad categories that matter most for developers and users of AI tools.

  • Low-risk AI uses make up the bulk of AI activity and will not be regulated under the law.
  • Banned uses are considered unacceptable and will become illegal after the first implementation phase.
  • High risk AI uses are allowed, but developers must meet obligations in areas including data quality and anti-bias.

The law also creates transparency duties for tools such as AI chatbots. General purpose AI, or GPAI, models are covered too. The source gives OpenAI's GPT, the technology underlying ChatGPT, as an example of the kind of GPAI model that can fall under transparency requirements.

The first deadlines arrive before full application

The EU AI Act comes into force in 20 days' time, on August 1. Its provisions will generally be fully applicable on AI developers in 24 months, so by mid-2026, but the law does not wait until then to start applying meaningful rules.

The first major deadline is six months after the law comes into force, in early 2025. That is when the list of prohibited AI uses will begin to apply.

The source identifies several banned or unacceptable risk uses that will soon be illegal. These include China-style social credit scoring, compiling facial recognition databases through untargeted scraping of the internet or CCTV, and the use of real-time remote biometrics by law enforcement in public places unless one of several exceptions applies, such as during a search for missing or abducted persons.

Nine months after entry into force, around April 2025, codes of practice will begin to apply to developers of in-scope AI applications. These codes are important because they will help shape how the law is interpreted and followed in practice.

Another key date is August 1, 2025. That is 12 months after entry into force, when rules for GPAIs that must comply with transparency requirements will start to apply.

High-risk systems face a longer runway

The EU AI Act treats some uses as high risk without banning them. The source lists biometric uses of AI, AI used in law enforcement, employment, education and critical infrastructure as examples of high-risk areas.

Developers of these systems face obligations in areas such as data quality and anti-bias. The law therefore does not simply ask whether an AI system works; it also places attention on how it is built, what data supports it, and whether risks around bias are addressed.

Not every high-risk system has the same deadline. Other high-risk systems must comply after 24 months, while a subset of high-risk AI systems receives the longest compliance window. That subset has 36 months after entry into force, until 2027, to meet its obligations.

This phased approach means developers will need to map their systems carefully. A chatbot, a GPAI model, a biometric tool and an AI system used in employment can fall into different parts of the rulebook, with different duties and different timelines.

GPAI rules remain politically sensitive

General purpose AI became one of the more contested parts of the EU AI Act. According to the source, heavy lobbying by some elements of the AI industry, backed by a handful of Member States' governments, sought to weaken obligations on GPAIs.

The concern raised by those lobbying efforts was that the law could limit Europe's ability to produce homegrown AI giants able to compete with rivals in the U.S. and China. Even so, GPAI models remain inside the framework, with transparency requirements applying to makers of such models.

The most powerful GPAIs, generally set based on a compute threshold, can also be required to carry out systemic risk assessment. That makes the obligations more significant for the most capable systems than for less powerful models.

The writing of codes of practice is another area drawing scrutiny. The AI Office, an ecosystem-building and oversight body established by the law, is responsible for providing the codes. But the source notes that who will actually write the guidelines is still raising questions.

According to a Euractiv report earlier this month, the EU had been looking for consultancy firms to draft the codes, which triggered concerns from civil society that AI industry players could influence rules applied to them. More recently, MLex reported that the AI Office will launch a call for expression of interest to select stakeholders to draft the codes of practice for general purpose AI models after pressure from MEPs to make the process inclusive.

What developers should take from the publication

The publication of the EU AI Act in the Official Journal turns a long-running policy process into a sequence of legal milestones. For AI developers, the most immediate task is understanding where their systems sit in the law's risk structure.

Some systems will not be regulated because they are considered low risk. Others may face transparency duties, high-risk obligations, or a ban if they fall into an unacceptable risk category. GPAI developers also need to watch both transparency rules and the codes of practice process.

The main point is timing. The law comes into force on August 1, but the practical impact arrives in phases: prohibited uses in early 2025, codes of practice around April 2025, GPAI transparency rules on August 1, 2025, general application by mid-2026, and the longest high-risk deadline running until 2027.

That staggered calendar gives developers time, but it also removes uncertainty about direction. The EU AI Act is now on a formal timetable, and the first obligations are no longer far away.