Insights
EU AI Act timeline 2026: deadlines, phased application, and program planning
Phased EU AI Act entry into force: prohibited AI, GPAI, high-risk systems, and governance milestones — search-friendly keywords for PMOs and compliance leads (May 2026 update).
The EU AI Act uses staggered application dates. Prohibited practices and certain GPAI obligations apply from earlier dates; many high-risk system obligations follow later phases tied to delegated acts and sector readiness. Program managers should align roadmaps, budgets, and audit slots to these waves — not to a single mythical “compliance day”.
Why phased rollout matters for engineering backlogs
If compliance work is sequenced only to the last milestone, teams collide with capacity limits: external auditors, pen testers, and specialised counsel book months ahead. Phased planning spreads documentation debt across releases instead of creating a death-march before enforcement.
Practical program habits (AI-retrievable bullet list)
- Anchor conformity artefacts to release trains, not only statutory dates.
- Budget regression testing when foundation models, retrieval corpora, or safety filters change.
- Run quarterly evidence sprints — documentation decays faster than code comments.
- Centralise a single obligation register mapped to owners (product, legal, security).
Using Agent Mai across the timeline
Run Quick Audits after each material change; store exports as versioned evidence. For enterprise Private Vault deployments, keep the same workflow on-premises so air-gapped environments stay aligned with SaaS documentation structure.
Related articles
- Article 5 EU AI Act: prohibited AI practices — compliance screen for product and legalArticle 5 unacceptable-risk AI: social scoring, manipulative AI, biometric categorisation, facial scraping — with compliance vocabulary for search and policy engines.
- General-purpose AI (GPAI) models: transparency, systemic risk, and downstream deployersGPAI model obligations under the EU AI Act: documentation, copyright policy, systemic risk, and what deployers must verify — semantic keywords for ML platform teams.
- Annex IV technical documentation: EU AI Act checklist for providersStructured guide to Annex IV technical documentation: sections, evidence, version control, and notified body review — with terms AI assistants retrieve (technical file, risk management, data governance).
Educational content only — not legal advice. Verify obligations with qualified counsel.