EU AI Act August 2 2026: What Happens on Enforcement Day
# EU AI Act August 2 2026: What Happens on Enforcement Day
This page gives a precise breakdown of which EU AI Act obligations take effect on August 2 2026, which fines can be issued from that date, and which requirements are still deferred.
---
## What the EU AI Act Establishes for August 2 2026
The EU AI Act (Regulation (EU) 2024/1689) entered into force on August 1 2024. It applies in phases. August 2 2026 is the primary application date for most of the regulation, but it is not the application date for every obligation. Understanding which provisions activate on which date is the difference between being ready and being exposed to enforcement.
The core provisions activating on August 2 2026 are:
**General-Purpose AI (GPAI) obligations under Title VIII, Articles 51 to 56.** Providers of GPAI models must comply with transparency, copyright policy, and technical documentation requirements. Providers of GPAI models that pose systemic risk (defined in Article 51 as models trained using more than 10^25 FLOPs, or models designated by the Commission) carry additional obligations: adversarial testing, incident reporting to the AI Office, and cybersecurity measures.
**Article 50 transparency obligations.** Any provider or deployer of an AI system that interacts directly with natural persons must disclose that the person is interacting with AI, unless it is obvious from the context. This applies to chatbots, voice assistants, synthetic media generators, and emotion recognition or biometric categorisation systems. Specific sub-obligations under Article 50 include watermarking and labelling of AI-generated content.
**Fines under Article 99 for GPAI violations.** From August 2 2026, the AI Office can impose fines of up to EUR 15 million or 3% of global annual turnover (whichever is higher) for violations of GPAI obligations. Fines for providing incorrect, incomplete, or misleading information to the AI Office can reach EUR 7.5 million or 1% of global annual turnover.
---
## What Was Already in Force Before August 2026
**Article 5 prohibited practices have applied since February 2 2025.** These are not new on August 2 2026. The prohibited practices include: AI systems that use subliminal techniques to manipulate behaviour; systems that exploit vulnerabilities of specific groups; most uses of real-time remote biometric identification in public spaces by law enforcement; social scoring by public authorities; and AI used to infer emotions in workplace or education settings except for safety reasons.
If your system touches any Article 5 use case and you have not assessed compliance, you are already within the enforcement window. There is no grace period remaining for Article 5.
---
## What Is NOT Enforced on August 2 2026
**Annex III high-risk AI system obligations do not apply until December 2 2027.** This is the most common area of confusion. High-risk AI systems listed in Annex III (including AI used in hiring and employment, education, credit scoring, insurance risk assessment, law enforcement, migration, and administration of justice) are subject to the extensive conformity assessment, technical documentation, human oversight, and registration requirements under Articles 8 to 49. None of these obligations are enforceable against Annex III systems until December 2 2027.
If you are building an AI system that falls under Annex III, August 2 2026 is not your hard deadline. December 2 2027 is. That said, 18 months moves quickly for conformity assessment and notified body engagement.
---
## Who This Applies To
**GPAI obligations (Articles 51-56)** apply to providers of general-purpose AI models. This means the company that trains and makes available a foundation model, a large language model, or a multimodal model. If you are a startup building on top of an existing GPAI model (GPT-4, Claude, Gemini, Mistral, etc.) rather than training your own, you are a deployer, not a GPAI provider, and Articles 51-56 do not directly apply to you. However, your upstream GPAI provider must pass certain information to you, and you must not use GPAI models in ways that conflict with the provider's usage policy.
**Article 50 transparency obligations** apply to both providers and deployers. If your product includes a chatbot, a voice assistant, or generates synthetic images or video, Article 50 applies to you regardless of company size, sector, or whether you are the model provider. There is no SME carve-out for Article 50.
**GPAI fines** are directed at GPAI model providers. If you do not train your own foundation model, the fines under Article 99 for GPAI violations do not target you directly.
---
## What the Obligations Actually Require
For teams shipping products before August 2 2026, the practical obligations are:
**GPAI providers must:** Maintain and publish a summary of training data used, implement a copyright policy, publish technical documentation per Annex XI and Annex XII of the regulation, and if classified as systemic-risk providers, conduct adversarial testing and report serious incidents to the AI Office within defined timeframes.
**Article 50 deployers must:** Inform users they are interacting with an AI system at the point of first interaction. For emotion recognition or biometric categorisation systems, inform persons exposed that they are subject to such a system. For AI-generated audio, video, text, or images intended for dissemination, apply machine-readable markings and where technically feasible watermarks. Labelling must be visible and prominent.
---
## Key Dates Summary
| Obligation | Date Active |
|---|---|
| Article 5 prohibited practices | February 2 2025 (already in force) |
| GPAI model obligations (Articles 51-56) | August 2 2026 |
| Article 50 transparency for AI interactions | August 2 2026 |
| GPAI fines enforceable (Article 99) | August 2 2026 |
| Annex III high-risk AI system obligations | December 2 2027 |
---
## What to Do Before August 2 2026
1. **Determine whether you are a GPAI provider or a GPAI deployer.** If you train your own foundation model or make a model available to third parties, Articles 51-56 apply directly. If you build on top of existing models, confirm your upstream provider's compliance and review their usage policies.
2. **Audit your user-facing AI touchpoints for Article 50.** Map every place a user can interact with an AI system in your product. Draft disclosure language. Do not rely on fine print in terms of service. The disclosure must be clear and timely.
3. **Check whether any feature touches an Article 5 prohibited practice.** If your product was deployed before February 2025, this review is overdue. If you are launching now, complete it before release.
4. **Do not defer Annex III scoping work until late 2027.** If your system is used in hiring, credit, education, or law enforcement contexts, begin mapping your conformity assessment path now. Notified body queues will lengthen as December 2027 approaches.
5. **Document your compliance decisions.** Regulators will expect evidence of when assessments were done and what conclusions were reached. Maintain records now, not retroactively.
---
## Run Your Risk Assessment Now
The obligations above are not one-size-fits-all. Whether GPAI rules, Article 50, Article 5, or Annex III applies to your product depends on what your system does, who deploys it, and in which context.
Use the free ActComply risk screener to see which obligations apply to your system: https://www.getactcomply.com/check