The EU AI Act is not a single switch that flips on one date. Its obligations have been rolling into force in distinct waves since the regulation entered into force in August 2024. Two of those waves have already arrived. The third — and arguably the most operationally demanding for deployers — lands in August 2026.
If your organisation develops or deploys AI systems in the EU, the time to prepare for that third wave is now.
What is already in force?
The prohibited practices ban (Article 5 / Chapter II) — since 2 February 2025
Chapter II's prohibition list has been enforceable since 2 February 2025 (Article 113(a)). Any AI system that crosses these lines is unlawful today:
- Subliminal or manipulative techniques (Art. 5(1)(a)): AI that exploits subconscious mechanisms to distort behaviour in a way that causes significant harm.
- Exploiting vulnerabilities (Art. 5(1)(b)): Systems that target age, disability, or socioeconomic disadvantage to manipulate behaviour.
- Social scoring (Art. 5(1)(c)): Evaluating or classifying natural persons based on social behaviour in unrelated contexts, or in ways disproportionate to actual conduct.
- Predictive criminal-risk profiling (Art. 5(1)(d)): Risk assessments based solely on profiling or personality traits, without objective verifiable facts.
- Untargeted facial-image scraping (Art. 5(1)(e)): Building or expanding facial recognition databases by scraping the internet or CCTV footage.
- Emotion inference in workplaces and schools (Art. 5(1)(f)): Inferring emotional states (with narrow medical/safety exceptions).
- Biometric categorisation for protected characteristics (Art. 5(1)(g)): Categorising individuals by race, political opinion, trade union membership, religion, or sexual orientation.
- Real-time remote biometric identification in public spaces for law enforcement (Art. 5(1)(h)): Except in the narrowly defined situations requiring prior authorisation.
If you operate AI systems touching any of these categories, enforcement exposure exists right now. The supervisory infrastructure is live; member-state authorities and the AI Office can act.
GPAI model obligations (Articles 51–55 / Chapter V) — since 2 August 2025
Chapter V, covering general-purpose AI models, has applied since 2 August 2025 (Article 113(b)). If your organisation develops or fine-tunes a GPAI model — or integrates one into a downstream AI system — the following obligations are already binding.
Who triggers systemic-risk designation? Article 51(2) sets the threshold at 10²⁵ floating-point operations (FLOPs) of cumulative training compute. Models above this level are presumed to have high-impact capabilities and are classified as GPAI models with systemic risk. The Commission can also designate models below that threshold if they have equivalent impact (Art. 51(1)(b)).
Two-week notification (Article 52). Once a model meets or is expected to meet the systemic-risk threshold, the provider must notify the Commission without delay and in any event within two weeks (Art. 52(1)).
Baseline obligations for all GPAI providers (Article 53(1)). Every provider — regardless of systemic-risk status — must:
- (a) Draw up and keep current technical documentation covering training, testing, and evaluation (Annex XI), available to the AI Office and national authorities on request.
- (b) Make available to downstream AI-system providers information enabling them to understand capabilities, limitations, and meet their own obligations (Annex XII).
- (c) Implement a copyright-compliance policy, including mechanisms to respect rights-reservation expressions under Art. 4(3) of Directive (EU) 2019/790.
- (d) Publish a sufficiently detailed summary of training-data content, using the AI Office's template.
Open-source carve-out (Article 53(2)). Obligations (a) and (b) do not apply to models released under a free and open-source licence that makes parameters, weights, architecture, and usage information publicly available — unless the model carries systemic-risk designation.
Additional obligations for systemic-risk GPAI models (Article 55). If your model crosses the threshold, four further obligations apply: (a) model evaluation including adversarial testing; (b) ongoing assessment and mitigation of systemic risks at Union level; (c) tracking, documenting, and reporting serious incidents to the AI Office without undue delay; (d) adequate cybersecurity protection for the model and its physical infrastructure.
EU authorised representative (Article 54). Third-country GPAI providers must appoint, by written mandate, an EU-established authorised representative before placing the model on the market (Art. 54(1)). That representative must keep the Annex XI technical documentation available to authorities for ten years after the model is placed on the market (Art. 54(3)(b)).
What comes next — and why you should start preparing now
Article 50 transparency obligations apply from 2 August 2026 — not yet in force
This is the point that trips up many compliance summaries: the Article 50 transparency rules are not yet in force. They fall under Chapter IV, which is not among Article 113's early-application carve-outs. Under Article 113's default rule, they apply from 2 August 2026 — about fourteen months away. Organisations that wait until July 2026 will be late.
What will Article 50 require when it takes effect?
AI-interaction disclosure — Art. 50(1). Providers must design AI systems that interact directly with natural persons so that users are informed they are interacting with an AI system, clearly and at or before the first interaction — unless it is obvious to a reasonably well-informed, observant person.
Synthetic-content marking — Art. 50(2). Providers of AI systems (including GPAI) that generate synthetic audio, image, video, or text must ensure outputs are marked in a machine-readable format and detectable as artificially generated or manipulated; solutions must be effective, interoperable, robust, and reliable as far as technically feasible.
Emotion recognition and biometric categorisation notice — Art. 50(3). Deployers must inform exposed persons that the system is operating, and process personal data in line with GDPR and the Law Enforcement Directive.
Deepfake and public-interest-text disclosure — Art. 50(4). Deployers using AI to generate or manipulate image, audio, or video constituting a deepfake must disclose it. For AI-generated/manipulated text published to inform the public on matters of public interest, disclosure is also required — unless it has undergone human review or editorial control with a person holding editorial responsibility. Artistic/satirical/fictional works disclose in a way that does not hamper enjoyment of the work.
Timing, manner, accessibility — Art. 50(5). All disclosures must be clear and distinguishable, at the latest at the time of first interaction or exposure, and conform to accessibility requirements.
What should you build before August 2026?
- System inventory — map every AI system that interacts with people, generates synthetic content, or performs emotion/biometric inference. This drives all disclosure design.
- Provider obligations — if you build or fine-tune models, implement machine-readable output marking (watermarking/metadata). This is an architecture decision; retroactive bolt-ons are harder and less reliable.
- Deployer playbook — draft disclosure templates for deepfakes, emotion/biometric notices, and AI-interaction banners; map each to the relevant Art. 50 paragraph and test delivery against the first-interaction timing rule.
FAQ
Are the GPAI obligations actually being enforced today? Yes. Chapter V has applied since 2 August 2025; the AI Office and member-state authorities have legal basis to act. Providers above the 10²⁵ FLOP threshold should already have notified.
Are the Article 50 transparency obligations in force? No. Article 50 (Chapter IV) is not carved out for early application under Article 113; it applies from 2 August 2026. Planning should be underway now, but enforcement exposure does not yet exist.
Does the open-source carve-out cover everything? No. It exempts the Art. 53(1)(a)/(b) documentation and downstream-information duties for qualifying open-source models — but not if the model is a systemic-risk GPAI, and Article 55 still applies above the threshold.
We use a third-party GPAI model rather than developing our own. What applies? As an integrator, Art. 53(1)(b) entitles you to capability/limitation information from the upstream provider. When Chapter IV takes effect in August 2026, you as deployer will also carry the Art. 50(3)/(4) notification duties for systems you operate.
Where can I track our posture across all three waves? Aigis GRC maps obligations across all three application dates and flags what is in force, what is upcoming, and what gaps your profile exposes. Visit agrc.ai to get started.


