The EU AI Act: What Actually Applies When

The EU AI Act is a regulation, not a directive. That distinction does real work. A directive tells member states to pass their own laws. A regulation applies directly across all 27 EU member states without national transposition. Think of it as the GDPR's structural cousin: one legal instrument, binding on anyone who builds, deploys, or distributes AI systems that touch the EU market. It classifies AI systems into risk tiers, assigns obligations scaled to each tier, and enforces them on a staggered timeline that started in February 2025 and won't fully resolve until 2030.

The core mechanism: this regulation classifies AI systems by what they do to people. Classification turns entirely on purpose and effect. A perfectly hardened system can be prohibited. A system with mediocre security controls can sail through unregulated. If your compliance instincts come from FedRAMP and SOC 2, the tiered structure will make sense immediately. The trigger logic runs on completely different inputs.

Parts of this regulation are live right now. Other parts got delayed on May 7, 2026. Whether that delay is legally binding yet is a genuinely open question.

• EU AI Act: A directly applicable EU regulation that classifies AI systems into risk tiers and imposes obligations scaled to each tier's potential for societal harm. Enforcement is staged from February 2025 through 2030.

How the Timeline Works

The European Commission designed a phased rollout. Political reality then modified it. Where things stand as of this writing:

February 2, 2025. Already in effect. Two categories went live: the prohibition on certain AI practices (social scoring, untargeted biometric scraping, manipulation of vulnerable groups, workplace emotion inference in most contexts) and AI literacy obligations requiring organizations to ensure staff working with AI systems have adequate training. The Commission published non-binding guidelines (Wilson Sonsini's summary of the official Commission guidance, published February 2025) clarifying the prohibited categories two days later.

On AI literacy: this obligation is live now and applies to every organization deploying AI systems, which means it applies to every account you cover. What "adequate training" means operationally is still underdefined. The Commission's guidelines address prohibited practices in detail but practical guidance on literacy program design remains thin. If your account hasn't addressed this yet, they're not alone, but the obligation isn't waiting for the guidance to catch up.

As of February 2026, no public enforcement actions had been announced under these provisions (per the Future of Privacy Forum, a well-regarded privacy research organization that tracks EU enforcement activity across data protection and AI regulation). The enforcement architecture is fragmented and still standing up. Member states designated national competent authorities by August 2025, but full investigative and fine powers for most provisions don't activate until August 2026. Finland became the first member state with fully operational AI Act enforcement powers in January 2026 (per Axis Intelligence, a secondary compliance tracker; official Finnish government confirmation should be verified independently). Read the absence of enforcement as a point-in-time fact, not a forecast.

August 2, 2025. Already in effect. Obligations for providers of general-purpose AI models kicked in. The compliance mechanics are distinct enough to warrant their own section below.

August 2, 2026. Genuinely uncertain. This was the original date for the full high-risk AI system regime. On May 7, 2026, the European Parliament and the Council reached a political agreement (Council of the EU press release, primary source) to delay this date through a package called the Digital Omnibus on AI, a simplification regulation the Commission proposed in November 2025 that amends the AI Act and adjacent files. You'll hear this term. It touches more than just the AI Act timeline, but for your purposes, the political agreement contains the following:

Standalone high-risk AI systems listed in Annex III (employment decisions, credit scoring, law enforcement tools, and similar): pushed to December 2, 2027. High-risk AI systems embedded in products governed by EU product safety law (medical devices, machinery, toys): pushed to August 2, 2028. The deal also tightened the timeline for AI-generated content transparency obligations, now due by December 2, 2026, and added a new prohibition on AI-generated non-consensual intimate imagery.

Both co-legislators and the Commission want the delay. The compliance infrastructure, including harmonized standards, notified bodies, and conformity assessment procedures, plainly isn't ready. But "everyone wants it" and "it's legally binding" are different sentences (Travers Smith analysis, published May 8, 2026; note this is law firm interpretation, not regulatory determination).

August 2, 2027. The original deadline for high-risk AI systems embedded in products covered by Annex I EU safety legislation. Under the Digital Omnibus political agreement, this moves to August 2, 2028, pending formal adoption.

December 2030. This one matters for your accounts specifically. AI systems already in operation by public authorities get an extended compliance runway through this date. The Commission carved this out because government agencies running legacy AI systems face procurement and modernization constraints that commercial providers don't. If your account is a public authority running an AI system that was deployed before the high-risk regime takes effect, December 2030 is their operative deadline for full compliance. That's not a pass on the prohibited practices (those are already live) or on deployer obligations (those apply when the high-risk regime activates). It's additional time for conformity assessment and technical documentation on systems already in the field.

Quick-Reference Timeline

Date	What Applies	Status
Feb 2, 2025	Prohibited practices; AI literacy	In effect
Aug 2, 2025	GPAI model obligations	In effect
Aug 2, 2026	Full enforcement powers; original high-risk deadline	In effect for enforcement powers; high-risk deadline subject to Digital Omnibus delay
Dec 2, 2026	AI-generated content transparency	Per Digital Omnibus political agreement; pending formal adoption
Dec 2, 2027	Standalone high-risk systems (Annex III)	Per Digital Omnibus political agreement; pending formal adoption
Aug 2, 2028	Embedded-product high-risk systems (Annex I)	Per Digital Omnibus political agreement; pending formal adoption
Dec 2030	Public authority legacy AI systems	Full conformity assessment deadline

• Staged enforcement: Prohibited practices and AI literacy are live now. GPAI obligations are live. The high-risk regime is politically agreed for delay via the Digital Omnibus but not yet legally postponed. Public authority legacy systems get until December 2030. Full enforcement powers for most provisions activate August 2026.

The Four Risk Tiers

The Act sorts AI systems into four tiers. Classification depends entirely on what the system does and to whom.

Unacceptable risk. Prohibited. Social scoring by governments. Untargeted scraping of facial images for biometric databases. AI that exploits vulnerabilities of specific groups. Real-time remote biometric identification in public spaces for law enforcement, with narrow exceptions. If a system does any of these things, no compliance engineering fixes it. You stop. Fines run up to €35 million or 7% of global annual turnover, whichever is higher.

High risk. Heavy obligations. Most of the regulatory weight concentrates here. AI systems used in critical infrastructure, education, employment decisions (hiring, promotion, termination), essential services (credit scoring, insurance), law enforcement, migration and border control, and administration of justice. Providers must meet requirements for risk management, data governance, technical documentation, transparency, human oversight, accuracy, robustness, and cybersecurity. They require conformity assessments before market placement. Deployers of high-risk systems carry their own obligations, separate from the provider's: fundamental rights impact assessments, human oversight implementation, and ongoing performance monitoring. For your accounts, which are almost always deployers rather than providers, the deployer obligation set is the one that lands on their desk.

Limited risk. Transparency obligations. Chatbots must disclose they're AI. Deepfakes must be labeled. Emotion recognition systems must inform the subject. The obligations are lighter: tell people what they're interacting with.

Minimal risk. No specific obligations. Everything else. Spam filters, recommendation engines, code completion tools. Most AI applications land here. The Act explicitly leaves them alone, beyond the general AI literacy requirement.

• Four risk tiers: Unacceptable (banned), High (conformity assessment and heavy compliance for both providers and deployers), Limited (transparency requirements), Minimal (no specific obligations). Classification turns on purpose and societal impact. Architecture and security posture are outside the calculus.

Okta Concept Mapping: Tiered Compliance Frameworks

The bridge. You already think in tiered compliance. FedRAMP Low, Moderate, and High impose escalating control requirements based on data sensitivity and breach impact. SOC 2 Type II evaluates whether controls operate effectively over time. The EU AI Act's risk tiers work the same way structurally: higher classification means more obligations, more documentation, more oversight.

The break. FedRAMP and SOC 2 evaluate security posture. The EU AI Act evaluates purpose and societal impact. A system that holds FedRAMP High authorization and passes every SOC 2 control with clean opinions can still be prohibited under the EU AI Act if it performs social scoring or untargeted biometric scraping. A minimal-risk AI system with poor security controls faces zero AI Act obligations beyond literacy training. The Act evaluates what the system does to people. How well you protect the system is outside its aperture. Your tiered-compliance intuition maps cleanly to the structure. Apply it to the trigger logic and it steers you wrong.

GPAI Obligations Are Already Live

General-purpose AI model obligations took effect August 2, 2025. These apply to providers of foundation models and large language models, and the obligations sit with the provider, not with companies that deploy them. The obligations cover transparency (model documentation, training data summaries), copyright compliance, and for models classified as posing systemic risk, additional safety and security requirements.

The primary compliance pathway is the GPAI Code of Practice (European Commission, primary source), published July 10, 2025 by the European AI Office. It's voluntary in theory, functionally essential in practice: providers who sign and adhere to it can demonstrate compliance without building a bespoke case. The Code has been endorsed by the Commission and the AI Board as an adequate compliance tool, though formal adoption as an implementing act is still pending. As of late 2025, 26 organizations had signed (AI News, corroborated by multiple sources), including Amazon, Anthropic, Google, IBM, Microsoft, and OpenAI.

Meta refused. Their Chief Global Affairs Officer called it legally uncertain and beyond the Act's scope. That refusal has drawn regulatory attention from the Commission.

The AI Office has been operating under a good-faith enforcement posture during the first year: signatories that haven't fully implemented all commitments won't be treated as violators, provided they're working toward compliance. That posture ends August 2, 2026 (DLA Piper analysis of the official enforcement timeline), when the Commission's full enforcement powers over GPAI models activate. Fines for non-compliance: up to €15 million or 3% of global turnover.

For your accounts: if they're deploying models from providers who signed the Code, the model-level compliance burden sits with the provider. If they're fine-tuning or building on open-weight models from non-signatory providers, the allocation of responsibility gets murkier. The spec assigns obligations to providers. Who qualifies as a "provider" when an agency fine-tunes an open model is one of the areas where practical guidance is still developing. Say so when it comes up.

• GPAI obligations: In effect since August 2025. The Code of Practice is the primary compliance pathway, endorsed but not yet formally adopted as an implementing act. Major US providers (except Meta) have signed. Full enforcement powers activate August 2026. Fines up to €15 million or 3% of global turnover.

Extraterritorial Reach Follows Output

The trigger is output. If an AI system's output is used within the EU market, the provider is in scope regardless of where the company sits. This follows the GDPR's extraterritorial pattern (Holland & Knight analysis, April 2026): the regulation reaches the effect wherever it lands.

A US-based HR tech platform that uses AI for candidate screening is building a high-risk AI system under the Act. The moment an EU employer uses that platform to evaluate EU candidates, the US provider must comply with high-risk requirements. Providers of high-risk systems without EU establishment must appoint an authorized representative in the EU before placing their system on the market.

The practical problem: most SaaS companies don't track whether their customers are European. Their AI doesn't have a geographic boundary. Scope can be triggered without the provider knowing it.

Microsoft has been the most publicly visible in documenting compliance steps: dedicated cross-functional working groups, updated contracts prohibiting banned uses, and active participation in standards development through CEN and CENELEC. Google, OpenAI, and Anthropic have published similar commitments, primarily through their Code of Practice signatories. Among standard enterprise SaaS vendors below the GPAI tier, publicly documented compliance actions are sparse. The compliance machinery is still spinning up.

• Extraterritorial reach: The Act applies to non-EU companies whose AI system outputs are used in the EU. The trigger is market effect. High-risk system providers must appoint an EU authorized representative.

The Conversation You'll Actually Have

Your account's CIO asks: "We're deploying an AI-assisted identity verification system for citizen-facing services. Our vendor is US-based. Does the EU AI Act matter to us?"

The answer depends on specifics you can walk through. If the system processes EU residents, the vendor is likely in scope. Biometric identification systems are explicitly high-risk under the Act. The vendor needs to have conducted a conformity assessment, maintained technical documentation, and ensured human oversight mechanisms. If the vendor hasn't started this work, the politically agreed Digital Omnibus timeline gives them until December 2027 for standalone high-risk systems, assuming formal adoption proceeds. But the prohibited-practices provisions are already live. If the system crosses into real-time remote biometric identification in public spaces, no timeline helps. It's banned.

The CIO's follow-up will be about their own obligations as a deployer. Deployers of high-risk AI systems must conduct fundamental rights impact assessments, implement human oversight, and monitor system performance. These obligations are separate from the provider's and can't be outsourced. If the account is a public authority with an AI system already in operation, the December 2030 extended timeline may apply to their conformity assessment work, but not to the prohibited practices or their core deployer responsibilities.

What your account is really asking is whether their AI procurement process needs a new filter. It does. And the filter runs orthogonal to security posture. It asks: what does this system do, and to whom?

FedRAMP and SOC 2 never surfaced that question. Every risk tier in the EU AI Act turns on the answer to it.

• Practical takeaway: The EU AI Act introduces a procurement filter orthogonal to security compliance. Accounts deploying AI systems that touch EU residents need to classify those systems by risk tier and verify that both the provider and deployer are meeting their respective obligations.