The EU AI Act becomes fully applicable on 2 August 2026, but a 2025-2026 simplification package has shifted some of the hardest deadlines. Here is a clear, current map of what is in force now, what moved, and what it means for anyone deploying LLMs.
The EU AI Act is the most consequential AI regulation in force anywhere, and 2026 is the year it stops being a future problem. But the timeline most teams memorised in 2024 is no longer accurate. A simplification package moving through Brussels has shifted several of the most demanding obligations, and if you are planning compliance work against the old dates you are planning against the wrong calendar.
This is a current, plain-language map of where things actually stand. It is not legal advice; it is the orientation we wish more teams had before they started.
What is already in force
Two milestones have already passed and are live obligations today.
Prohibited practices (since 2 February 2025). A defined set of "unacceptable risk" uses, things like certain social scoring and manipulative systems, are banned outright. This is not a future deadline. It applied over a year ago.
General-purpose AI model obligations (since 2 August 2025). Providers of general-purpose models, the foundation models that sit under most products, carry transparency, documentation, and, for the most capable models, safety and security duties. A voluntary Code of Practice offers a "presumption of conformity" for those who sign it, which functions as a practical safe harbor. If you build on top of a general-purpose model, your provider is already inside this regime.
The headline date: 2 August 2026
The Act becomes fully applicable on 2 August 2026. In the original timeline this is also when the obligations for high-risk systems under Annex III, things like AI used in employment, credit, education, biometrics, and access to essential services, were due to bite, along with the Article 50 transparency rules.
Here is where the calendar changed.
What the simplification package moved
In late 2025 the European Commission proposed a simplification package, commonly called the Digital Omnibus, to ease and stagger parts of the AI Act's rollout. The legislative proposal was adopted in November 2025 and a political agreement was reached in May 2026. Its most important effect for deployers is on the high-risk timeline.
| Obligation | Original date | Status under the simplification package |
|---|---|---|
| Prohibited practices | 2 Feb 2025 | In force (unchanged) |
| GPAI model obligations | 2 Aug 2025 | In force (unchanged) |
| Full applicability of the Act | 2 Aug 2026 | Still the headline date |
| High-risk systems (Annex III) | 2 Aug 2026 | Deferred toward 2 December 2027 |
| High-risk AI embedded in regulated products (Annex I) | 2 Aug 2027 | Deferred toward 2 August 2028 |
A critical caveat: at the time of writing, the package is a political agreement pending formal adoption. The direction, more transition time for the hardest high-risk obligations, is clear, but the exact final dates can still move. Treat the deferrals as planning guidance, not as permission to stop work, and confirm the final text before you rely on a specific day.
The part that did not move
The deferrals affect the timing of high-risk compliance. They do not repeal the prohibitions, the GPAI duties, or the transparency expectations, and they do not change the penalty structure. The maximum fine remains the larger of €35 million or 7% of global annual turnover, a ceiling that sits above the GDPR's. Regulators also did not soften the substance of what a high-risk system has to demonstrate: risk management, data governance, logging and traceability, human oversight, robustness, and security against manipulation.
That last item is the one that turns this from a legal exercise into a security one.
What it means for anyone deploying LLMs
The Act repeatedly demands robustness against manipulation and continuous monitoring for unexpected behavior. For an LLM or an agent, "manipulation" has a specific meaning: prompt injection, jailbreaks, indirect injection through retrieved content, and the agentic attacks that follow from them. You cannot document a risk-management and monitoring program for an LLM system without a concrete answer to how you detect and prevent those attacks.
So the practical compliance checklist for an LLM deployment heading into the high-risk regime looks a lot like a security checklist:
- A documented threat model covering prompt injection and agentic attack classes
- Active detection and prevention controls at the input and retrieval layers, not just policy on paper
- Logging and traceability of model interactions for audit
- Human oversight where the Act requires it, with the ability to intervene
- Evidence of ongoing testing as the threat landscape evolves, not a one-time review
The extra transition time is a gift only if you use it. The organisations that treat the deferral as breathing room to build real controls will walk into conformity assessment with evidence. The ones that treat it as a delay will arrive in 2027 with the same gap they have now.
Frequently asked questions
Is the high-risk deadline definitely December 2027 now? The political agreement points that way, but it is pending formal adoption. Plan toward it, verify the final published date before relying on it, and do not pause the underlying work.
We only use a third-party model through an API. Are we exempt? No. Provider obligations sit with the model provider, but deployer obligations, including oversight, logging, and appropriate use, sit with you when your use case is high-risk. The API boundary does not transfer responsibility.
Does GDPR still apply on top of this? Yes. The AI Act sits alongside the GDPR, not instead of it. Data protection, automated-decision rules, and the AI Act's requirements overlap, particularly around logging and transparency.
Where Promptention fits
Our platform is built in the EU with EU data residency, and our threat coverage is mapped to the OWASP Top 10 for LLM Applications and MITRE ATLAS, with governance aligned to the NIST AI Risk Management Framework. In practical terms, the detection, prevention, logging, and red-teaming the Act expects from a high-risk LLM system are the things we provide as a product. Compliance teams get evidence; security teams get controls.
Promptention is GDPR compliant with EU data residency, designed to support documentation and monitoring obligations for LLM systems under the EU AI Act.
Further reading: European Commission, "Regulatory framework for AI" and the Digital Omnibus proposal; EU AI Act, Articles 50 and 99.
