← Back to all briefings

AI · Credibility 82/100 · · 6 min read

EU AI Act Enforcement Timeline — July 12, 2024

The EU AI Act was published in the Official Journal on July 12, 2024, triggering the countdown to the August 1 in-force date and the staged deadlines for prohibited systems, general-purpose AI, and high-risk use cases.

Executive briefing: On July 12, 2024, the European Union published the Artificial Intelligence Act (Regulation (EU) 2024/1680) in the Official Journal, setting August 1, 2024 as the entry-into-force date. Zeph Tech is guiding AI governance leads through the staggered prohibitions, general-purpose AI safeguards, and high-risk conformity assessments now that the timelines are fixed.

Key enforcement milestones

  • August 1, 2024 — Regulation enters into force. Twenty days after publication the AI Act becomes law, empowering the new EU AI Office to coordinate oversight with national competent authorities.
  • February 2025 — Prohibited AI systems must cease. Article 5 bans systems such as indiscriminate biometric scraping and untargeted social scoring six months after entry into force.
  • May 2025 — Codes of practice expected. The Commission and the AI Office will finalise voluntary codes within nine months to help providers operationalise Articles 52a and 52b for general-purpose AI.
  • August 2025 — General-purpose AI duties apply. Model providers must implement risk management, incident reporting, and technical documentation obligations twelve months after entry into force.
  • August 2026 — High-risk systems compliance. Annex III providers and deployers have twenty-four months to meet risk management, quality management, logging, and human oversight requirements, including conformity assessments and CE marking.
  • Through August 2027 — Transitional relief for existing deployments. High-risk systems already legally placed on the market may continue operating while providers complete post-market monitoring and align with updated harmonised standards.

Control alignment

  • ISO/IEC 42001 AI management systems. Map Article 17 quality management obligations to 42001 governance clauses covering leadership, competence, and lifecycle risk controls.
  • NIST AI RMF 1.0. Use the Govern, Map, Measure, and Manage functions to evidence compliance with Article 9 risk management, Article 12 data governance, and Article 61 incident reporting expectations.
  • GDPR and EU fundamental rights impact. Integrate Article 29 human oversight and Article 10 data governance requirements with existing DPIA workflows so controllers can demonstrate necessity, proportionality, and safeguards.

Enablement moves

  • Stand up an AI Act programme office that tracks delegated acts, harmonised standards, and sectoral guidance from the EU AI Office and national authorities.
  • Inventory current and planned AI systems, tagging Annex III use cases and general-purpose model integrations so roadmap owners can phase compliance deliverables across the 2025–2027 deadlines.
  • Develop transparency and logging packages — including model cards, dataset provenance, and post-deployment monitoring metrics — to satisfy Articles 52 through 56 disclosures.

Sources

Zeph Tech’s AI governance desk is sequencing programme delivery plans that bind ISO/IEC 42001 controls, the NIST AI RMF, and AI Act conformity tasks into auditable roadmaps for 2025 through 2027.

  • EU AI Act
  • AI governance
  • General-purpose AI risk management
  • ISO/IEC 42001 alignment
Back to curated briefings