The EU AI Act reached deployers before most of them noticed: prohibited practices and AI literacy duties have applied since February 2, 2025, and penalty provisions have been enforceable since August 2, 2025. The May 2026 Digital Omnibus agreement moved high-risk obligations to December 2, 2027, but Article 50 transparency duties keep their August 2, 2026 date, and Article 26 will hold deployers, not vendors, to oversight, logging, and disclosure duties. This playbook maps each obligation to a concrete system capability a compliance officer or CIO can specify, build, and test before the dates arrive.
Most of the Act already applies to you
The AI Act entered into force on August 1, 2024 and applies in stages. The staging is the trap. Many compliance teams filed the Act under 2026 or 2027 and moved on. The implementation timeline published at artificialintelligenceact.eu shows four milestones landing before the delayed high-risk date, and two of them have already passed.
Since February 2, 2025, the Article 5 prohibitions apply to everyone in the AI value chain, deployers included. The banned list is not exotic. It covers emotion recognition in workplaces and schools, social scoring that leads to unjustified detrimental treatment, untargeted scraping of facial images from the internet or CCTV, and manipulation techniques that materially distort behavior. A sentiment dashboard pointed at employee communications can cross the workplace emotion recognition line. The prohibition does not care whether you built the tool or bought it.
Article 4 took effect the same day. It requires providers and deployers alike to take measures so that staff, and anyone operating AI systems on their behalf, reach a sufficient level of AI literacy, scaled to their technical knowledge, their role, the deployment context, and the people affected. In our experience this is the most ignored live obligation in the Act. It is also the cheapest to satisfy.
On August 2, 2025, the governance framework and the penalty provisions became applicable, and member states were required to designate market surveillance authorities. The enforcement machinery now exists. What remains in the future is the high-risk regime, and even that is closer than the headline date suggests.
| Date | What applies | Who carries it |
|---|---|---|
| February 2, 2025 | Article 5 prohibitions; Article 4 AI literacy | Providers and deployers |
| August 2, 2025 | Governance framework; penalty provisions; GPAI model rules | Member states; GPAI providers; all operators via penalties |
| August 2, 2026 | General application; Article 50 transparency duties, held on schedule by the Omnibus agreement | Providers and deployers |
| December 2, 2026 | New prohibitions on non-consensual intimate imagery and CSAM generation, added by the Omnibus | Deployers, where intent or circumvention of safeguards is shown |
| December 2, 2027 | High-risk obligations for standalone Annex III systems, including Article 26 deployer duties | Deployers and providers of high-risk systems |
| August 2, 2028 | High-risk rules for AI embedded in regulated products under Annex I | Providers and deployers of product-embedded AI |
The deployer, not the provider, carries the operational burden
The Act splits duties between providers, who develop a system or place it on the market, and deployers, who use an AI system under their own authority. The split sounds clean. In practice the deployer side is heavier than most CIOs expect, because deployer duties are operational. They must run every day. They cannot be discharged once, the way a provider's conformity assessment can.
Article 26 sets out what a deployer of a high-risk system must do. The European Commission's AI Act Service Desk reproduces the full list. The duties that matter most in practice:
- Use the system in accordance with the provider's instructions for use, backed by appropriate technical and organisational measures.
- Assign human oversight to named natural persons who have the necessary "competence, training and authority", with the support they need to act.
- Where you control the input data, ensure it is relevant and sufficiently representative for the system's intended purpose.
- Monitor operation continuously; where use may present a serious risk, inform the provider and the market surveillance authority without undue delay, and suspend use.
- Keep the logs the system generates automatically for at least six months, longer where the intended purpose demands it.
- Inform workers' representatives and affected workers before putting a high-risk system into use in the workplace.
- Tell individuals when they are subject to decisions made or supported by a high-risk system.
- Cooperate with competent authorities on any action they take under the regulation.
Which systems count as high-risk is defined by use, not by technology. Annex III covers employment and worker management, education and vocational training, creditworthiness and essential services, biometrics, critical infrastructure, law enforcement, and migration. A CV-screening model is high-risk. A model that ranks internal support tickets is not. The classification work has to happen system by system, and it is the deployer's own inventory, not the vendor's brochure, that determines scope.
You cannot outsource Article 26. The provider writes the instructions for use. You must prove, with records, that you followed them.
There is one piece of good news for teams that did GDPR properly. Article 26(9) lets deployers use the provider's documentation to fulfil their data protection impact assessment duties. If your DPIA process works, the AI Act extends it rather than replacing it.
The December 2027 delay is a construction window, not a holiday
On May 7, 2026, the Council and the European Parliament reached provisional agreement on the Digital Omnibus on AI. The agreement defers high-risk obligations for standalone Annex III systems from August 2, 2026 to December 2, 2027, and for AI embedded in regulated products under Annex I to August 2, 2028. Covington's Inside Privacy analysis of the agreement expects formal adoption in June 2026 and publication in July. Until the text appears in the Official Journal, the original dates remain the law.
Note what did not move. Article 50 transparency obligations keep their August 2, 2026 date. From that day, people must be told when they are interacting with an AI system, unless that is obvious to a reasonably well-informed person. Deployers of emotion recognition or biometric categorisation systems must inform exposed individuals. Deepfakes must be disclosed at first exposure. AI-generated text published on matters of public interest must be labeled, unless a human holds editorial responsibility for it. None of this waits for 2027.
The Omnibus also adds two prohibitions, applicable from December 2, 2026: AI systems for generating non-consensual intimate imagery and child sexual abuse material. For deployers the standard is narrow, covering intentional use or circumvention of provider safeguards, but it is another live date inside the supposed quiet period.
We read the 16-month deferral the way we read any moved deadline on a delivery plan: as schedule, not relief. Log retention only has value once logs exist. Oversight only works once people have been trained on a running system. Acceptance tests only pass on systems that have been built. An organization that starts in mid-2027 will be writing policy documents in December. An organization that starts now can walk into December 2027 with six months of audit trail already on disk.
The deferral moved the deadline. It did not move the work.
Every obligation resolves to a system capability you can build and test
Compliance programs fail when obligations stay in legal language. They succeed when each obligation is restated as a system capability with a test that passes or fails. This is how we build at QueryNow: scope one workflow, sign executable acceptance criteria on day one, build in the client's environment over two weeks, and take payment of $10,000 only after every criterion passes. The same discipline transfers cleanly to AI Act work, because the Act is unusually concrete about what a deployer must be able to show.
| Obligation | System capability | Acceptance test |
|---|---|---|
| Art. 4: AI literacy | Role-based training records plus guidance inside the tools at the point of use | Every user of the system has a completion record dated before first access |
| Art. 5: prohibited practices | Use-case registry with a screening gate before any AI system goes live | No deployed system matches an Article 5 category; each screening decision is recorded with reviewer and date |
| Art. 26(2): human oversight | Oversight console with named owners, intervention controls, and an escalation path | A designated person can halt the system, and the halt is logged with timestamp and reason |
| Art. 26(4): input data quality | Validation checks on input data against the documented intended purpose | Out-of-scope input is rejected or flagged before inference, and the event is logged |
| Art. 26(5): monitoring and incidents | Drift and incident monitoring wired to a suspension switch and a reporting workflow | A simulated serious incident suspends the workload and produces a provider notification draft |
| Art. 26(6): log retention | Append-only audit trail retained for at least six months | An auditor can reconstruct any decision: inputs, model version, output, and human actions |
| Art. 26(7) and 26(11): notification | Worker and affected-person disclosure records | Notices exist, are dated before deployment, and are retrievable per person |
| Art. 50: transparency | Disclosure banners for AI interaction, labels on synthetic media | First interaction shows the disclosure; generated assets carry the label through export |
These are not eight separate projects. They share one spine (Exhibit 1). Build the spine once and each new system, and each new obligation, becomes an increment rather than a program.
A four-layer architecture. Layer 1 is the AI system registry: every system in use, its Annex III classification, its provider documentation. Layer 2 is controls: the oversight console, input validation checks, disclosure banners, and the suspension switch sit in the request path. Layer 3 is evidence: an append-only audit trail records every inference, every human intervention, and every disclosure, retained for at least six months. Layer 4 is reporting: dashboards and export jobs turn the evidence layer into the artifacts a market surveillance authority asks for. Obligations change at the edges; the spine persists.
We have shipped this pattern in production. A European pharmaceutical regulator runs our AI compliance scanner over its marketing assets: more than 620 assets scanned to date, 11 rules applied per scan, roughly 2 minutes per asset against the 2 to 3 hours a manual review took. The detail that matters for AI Act purposes is not the speed. It is that every scan leaves a record of which rule version ran, on which asset, with which result, and which human accepted or overrode the finding. That record is the evidence layer. The same structure satisfies an internal auditor and a market surveillance authority alike.
Reuse runs in the other direction too. We build systems to SOC 2 and GDPR standards, and every implementation we deliver is aligned with the EU AI Act. For deployers, the practical consequence is that access-control work done for SOC 2 becomes the oversight assignment record, and DPIA work done for GDPR feeds Article 26(9) directly. Compliance capability compounds. Policy documents do not.
Penalties scale with worldwide turnover, and deployers are squarely in scope
Article 99 sets three penalty tiers. Violating the Article 5 prohibitions draws fines of up to €35 million or 7 percent of total worldwide annual turnover, whichever is higher. Breaching other obligations, expressly including the deployer duties of Article 26, draws up to €15 million or 3 percent. Supplying incorrect or misleading information to authorities draws up to €7.5 million or 1 percent.
For SMEs and startups the cap flips to whichever of the amount or the percentage is lower. National authorities calibrate fines within the ranges on severity, organization size, prior conduct, degree of cooperation, and whether the breach was intentional or negligent. Cooperation is graded on records. The deployer that can produce its logs, its oversight roster, its screening decisions, and its incident timeline within days is in a different conversation with an authority than the deployer that needs a quarter to reconstruct events.
Worth restating: the penalty provisions have been enforceable since August 2, 2025. The Omnibus deferral moved the start date of the high-risk regime. It did not suspend the fine schedule for the prohibitions and transparency duties that apply earlier.
The cheapest artifact in an enforcement conversation is the log you were already keeping.
What to do with this on Monday morning
- 1. Build the inventory first. List every AI system in use, who provides it, what data it touches, who is affected by its outputs, and whether it falls under Article 5 or Annex III. Scope follows from the list, not the other way around.
- 2. Close the literacy gap now. Article 4 has applied since February 2, 2025. Assign role-based training, record completion dates, and put guidance inside the tools people actually use.
- 3. Turn on logging today and never turn it off. Configure every deployed AI system to write an append-only audit trail and retain it for at least six months. Evidence cannot be backfilled.
- 4. Name your human overseers in writing. Give each one documented competence and the authority to halt the system, plus an escalation path. Test the halt quarterly and log the test.
- 5. Ship Article 50 disclosures before August 2, 2026: interaction banners on chatbots, labels on synthetic media, notices on AI-generated public-interest text, and disclosure records for any biometric or emotion-adjacent system that survives your Article 5 screen.
- 6. Work back from December 2, 2027 in two-week increments. Write one executable acceptance criterion per Article 26 duty and build until each passes. We price exactly this way: $10,000 per two-week sprint, paid only after every criterion passes.
- artificialintelligenceact.eu, EU AI Act Implementation Timeline (2025)
- artificialintelligenceact.eu, Article 4: AI Literacy (2024)
- artificialintelligenceact.eu, Article 5: Prohibited AI Practices (2024)
- European Commission AI Act Service Desk, Article 26: Obligations of Deployers of High-Risk AI Systems (2025)
- artificialintelligenceact.eu, Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems (2024)
- artificialintelligenceact.eu, Article 99: Penalties (2024)
- European Commission, AI Act: Shaping Europe's Digital Future (2026)
- Covington & Burling, Inside Privacy: EU AI Act Update, Timeline Relief, Targeted Simplification, and New Prohibitions (2026)