← Back to reports library

Source extracts — Regulation (EU) 2024/1680 Artificial Intelligence Act (July 2024)

Article 99(1)-(3) fixes the entry-into-force for 1 August 2024 (20 days after Official Journal publication) and staggers enforcement: Article 5 prohibitions apply from 2 February 2025; Title VIII general-purpose AI duties take…

AI Program · Published July 12, 2024 · Coverage focus 2024 · Updated November 14, 2025

  • Article 99(1)-(3) fixes the entry-into-force for 1 August 2024 (20 days after Official Journal publication) and staggers enforcement: Article 5 prohibitions apply from 2 February 2025; Title VIII general-purpose AI duties take effect 12 months after entry (2 August 2025); and Title III high-risk obligations apply after 24 months (2 August 2026) with transitional relief for already-placed systems through August 2027. Programme plans should backwards-schedule audits, supplier attestations, and harmonised standard adoption against those milestones.
  • Chapter 2 (Articles 9-15) requires providers of high-risk systems to document a risk-management system, post-deployment monitoring, technical documentation, record-keeping, and logging. CISOs should align ISO/IEC 42001, ISO/IEC 27001 Annex A, and model inventory tooling so each Annex III use case has traceable risk controls and change history before conformity assessments.
  • Articles 52a-52d impose transparency, policy, and incident-reporting duties on general-purpose AI model providers, including publishing detailed summaries of training data, maintaining technical documentation, and notifying the EU AI Office of serious incidents within 15 days. AI platform teams must integrate supplier SLAs and telemetry exports into existing security incident and DPIA workflows.
  • Articles 56 and 60 tie CE marking and conformity assessments to harmonised standards and common specifications. Product leads should budget for engaging notified bodies, compiling Annex IV technical files, and executing post-market monitoring plans to maintain the CE mark across iterative model updates.

Source extracts — European Commission AI Act implementation portal (July 2024)

  • The Commission’s implementation portal publishes the AI Act timeline, delegated-act calendar, and emerging guidance from the EU AI Office. Compliance leaders should track the portal for updates on harmonised standards, sandbox invitations, and code-of-practice drafts to confirm when voluntary frameworks become mandatory baselines.
  • Implementation guidance highlights the EU AI Office’s coordination role across notified bodies and national competent authorities. Organisations should nominate a regulatory liaison to engage with the Office on monitoring requests, share incident data, and coordinate conformity reassessments when systems undergo substantial modifications.
  • The portal’s readiness checklists emphasise inventories of AI systems, governance assignments, human oversight playbooks, and documentation bundles mapped to Annex IV. Programme offices should align these artefacts with GDPR DPIAs and cybersecurity incident registers to avoid duplicate evidence collection.