EU AI Act in 2026: Key Deadlines and What to Do Before August | Arté

The EU AI Act is no longer on the horizon — it's here, and the most significant compliance deadline is approaching fast. On August 2, 2026, the majority of the regulation's obligations take effect and enforcement begins at both national and EU level. Whether you develop AI systems, deploy them in your operations, or simply use AI-powered tools in your daily work, this timeline affects you. Here's where things stand as of early 2026 and what you should be doing now. What's Already in Effect Two phases of the AI Act are already active. February 2, 2025 — Prohibited Practices and AI Literacy Since February 2025, AI systems that pose unacceptable risks are banned across the EU. This includes social scoring systems, real-time remote biometric identification in public spaces (with limited exceptions), and AI that exploits vulnerabilities of specific groups. Equally important — and often overlooked — is the AI literacy requirement under Article 4. Organizations must ensure that staff involved with AI systems have a sufficient level of AI literacy. This obligation is already enforceable. August 2, 2025 — General-Purpose AI (GPAI) Obligations Since August 2025, providers of general-purpose AI models must maintain technical documentation, provide public summaries of training content, and comply with EU copyright rules. High-impact GPAI models face additional requirements including adversarial testing and serious incident reporting. What's Coming: August 2, 2026 This is the big date. The remaining core obligations become applicable, and enforcement machinery activates. Key provisions include: High-risk AI system requirements — Providers and deployers of high-risk AI systems listed in Annex III must comply with risk management, data governance, technical documentation, transparency, human oversight, and accuracy requirements Transparency obligations — Users must be informed when they're interacting with an AI system. AI-generated or manipulated content (including deepfakes) must be labeled Conformity assessments — High-risk AI systems require conformity assessments before being placed on the market National enforcement — EU member states must have their national supervisory authorities operational and empowered to enforce the regulation August 2, 2027 — Regulated Products The final phase applies to high-risk AI systems embedded in products already covered by EU safety legislation (medical devices, machinery, vehicles, etc.). These systems get an additional year to comply. The Digital Omnibus: A Possible Delay In late 2025, the European Commission proposed the Digital Omnibus package, which among other changes would delay some high-risk AI enforcement deadlines. The proposal introduces a moveable start date tied to the availability of harmonized standards and compliance support tools. If adopted, the effective dates could shift: Annex III high-risk systems: up to December 2, 2027 Annex I high-risk systems in regulated products: up to August 2, 2028 The rationale is practical — harmonized standards are not yet finalized, many member states have not yet established their national supervisory authorities, and the Commission itself missed its own February 2026 deadline for publishing high-risk classification guidelines. Important: The Digital Omnibus is a proposal, not law. It must be approved by the European Parliament and Council, and the final version may differ from what was proposed. Organizations should not assume delays will be granted and should continue preparing on the current timeline. What You Should Do Now Regardless of whether the Digital Omnibus delays some deadlines, the foundational work is the same: Map your AI systems. Identify every AI system your organization develops, deploys, imports, or uses — including commercial AI tools accessed via APIs and AI features embedded in existing software. Take a department-by-department approach; shadow AI usage is common and often overlooked. Clarify your role. Determine whether you act as a provider (developer), deployer, importer, or distributor for each AI system. Different roles carry different obligations under the Act. Classify by risk level. Determine which of your AI systems fall into the prohibited, high-risk, or lower-risk categories. High-risk classification triggers the most demanding requirements. Address AI literacy. This obligation is already in effect. Ensure that employees who interact with AI systems — from developers to business users — have adequate training on AI capabilities, limitations, and risks. Establish governance. Build an internal AI governance framework with clear policies, roles, and accountability. This doesn't have to be complex, but it needs leadership support and documented processes. Review contracts and procurement. Update AI-related vendor agreements and procurement processes to reflect compliance obligations, particularly around data handling, modification rights, and incident reporting. Don't Wait for Certainty The regulatory landscape is still evolving — guidelines are being published, standards are being finalized, and the Digital Omnibus may reshape some timelines. But the core framework is set, and the August 2026 date remains the planning target. Organizations that start preparing now will be in a far stronger position than those waiting for every detail to be finalized. The compliance work — AI inventory, risk classification, governance framework, literacy training — is valuable regardless of how specific deadlines shift. Assess your AI governance readiness