Regulatory deadlines, official guidance, and tools to help you stay on top of EU AI Act and GDPR obligations.
Dates reflect the EU AI Act's phased implementation schedule (Regulation 2024/1689). GDPR has been in force since May 2018. Deadlines shown are based on the Act's provisions and may be subject to delegated acts or implementing measures.
The General Data Protection Regulation became applicable across all EU member states, replacing the 1995 Data Protection Directive.
The EU Artificial Intelligence Act (Regulation 2024/1689) was published in the Official Journal of the EU and entered into force 20 days later.
Article 5 (prohibited AI practices) becomes applicable. AI systems that manipulate individuals, exploit vulnerabilities, use social scoring, or deploy real-time remote biometric identification are prohibited.
Chapter III (notified bodies), Chapter V (general-purpose AI models), Chapter VII (governance), and Chapter XII (penalties) apply. Providers of GPAI models must comply with transparency and copyright obligations.
Providers of general-purpose AI models (including via API integration) should review their obligations under Chapter V now. Codes of practice are being finalised.
The main provisions for high-risk AI systems (Annex III) become applicable. This includes AI used in recruitment, employment management, education, essential services, and law enforcement. Full conformity assessment, technical documentation, and human oversight required.
If your business uses AI in recruitment, credit scoring, education, or employment management — preparation should begin now. Conformity assessments take months to complete.
Rules apply to AI systems that are safety components of products already regulated under existing EU sectoral legislation (medical devices, machinery, toys, etc.).
The complete text of Regulation (EU) 2024/1689 of the European Parliament and of the Council on artificial intelligence.
The official body responsible for oversight of general-purpose AI models and coordination of EU AI Act implementation.
Official questions and answers from the European Commission explaining key concepts and obligations under the EU AI Act.
A practical guide from the European Commission specifically aimed at small and medium-sized enterprises navigating EU AI Act compliance.
Interactive tracker and plain-language explanations of EU AI Act requirements, maintained by civil society organisations.
The complete text of Regulation (EU) 2016/679 (General Data Protection Regulation) as published in the Official Journal.
The independent body ensuring consistent application of GDPR across the EU. Publishes binding decisions, guidelines, and recommendations.
EDPB guidance on the interplay between GDPR and AI systems, including automated decision-making and profiling under Article 22.
Practical guidance from the UK Information Commissioner's Office on applying data protection principles to AI — largely applicable to EU contexts.
EU Agency for Cybersecurity guidance on securing AI systems and managing cybersecurity risks, relevant to EU AI Act security requirements.
The European Commission's interactive tool to help businesses understand which risk category their AI systems may fall into.
Independent database tracking GDPR fines and enforcement actions across EU member states — useful for understanding enforcement trends.
Stay up to date
EU AI Act implementation is ongoing. Subscribe to updates from the EU AI Office and your national supervisory authority for the latest guidance and implementing measures.
We use cookies
We use essential cookies to keep the site working. With your consent we also use optional cookies to remember your preferences and analyse site usage. See our .