Observatory

AI Regulatory Deadlines

A free, continuously-updated calendar of AI-law deadlines, milestones, and enforcement dates — EU AI Act, GDPR, US state laws, ISO/NIST — the same catalog that powers the Workbench's Regulatory Horizon tool, published for anyone to check.

Deadline 2026-08-02 · Imminent (25d)

EU AI Act — Art. 50 transparency obligations apply

EU AI Act · EU

Chatbots must disclose they are AI; synthetic content needs machine-readable marking; deepfakes and emotion-recognition/biometric-categorisation uses must be disclosed. The full penalty machinery (incl. Art. 101 GPAI fines) also becomes applicable.

Action: Ship AI disclosure in the product UI and machine-readable marking of generated content before 2 Aug 2026.

Deadline 2026-12-02 · Upcoming (147d)

EU AI Act — NCII/CSAM ban + end of marking grace period

EU AI Act (Digital Omnibus) · EU

The Digital Omnibus adds a prohibition on AI systems for non-consensual intimate imagery/CSAM and ends the synthetic-content marking grace period for pre-existing systems.

Action: Confirm generation guardrails block NCII/CSAM and that legacy systems mark synthetic content.

Deadline 2027-01-01 · Upcoming (177d)

Colorado AI Act (SB 26-189 / ADMT) effective

Colorado · US

Duties around consequential automated decisions — transparency, notice, and risk management.

Action: Map consequential-decision systems and prepare consumer notices.

Deadline 2027-04-01 · Upcoming (267d)

California ADMT — opt-out & pre-use notice phase

CPPA (California) · US

Consumers gain opt-out and pre-use notice rights for covered automated decisions.

Action: Build opt-out handling and pre-use notices into the product.

Deadline 2027-12-02 · Upcoming (512d)

EU AI Act — serious-incident reporting (Art. 73)

EU AI Act · EU

Providers of high-risk systems must report serious incidents to authorities within 15 days (10 days on a death; 2 days for widespread infringement or critical-infrastructure disruption).

Action: Stand up an incident-detection, triage and reporting playbook with those clocks.

Deadline 2027-12-02 · Upcoming (512d)

EU AI Act — Annex III high-risk obligations apply

EU AI Act · EU

Full high-risk regime (risk management, data governance, logging, human oversight, accuracy, conformity assessment, registration). Moved from Aug 2026 to 2 Dec 2027 by the Digital Omnibus (adopted June 2026).

Action: Start the Annex IV technical file, risk-management system, and conformity plan now.

Deadline 2028-08-02 · Upcoming (756d)

EU AI Act — Annex I embedded high-risk obligations apply

EU AI Act · EU

High-risk AI embedded in regulated products (machinery, medical devices, vehicles) must comply. Moved from Aug 2027 to 2 Aug 2028 by the Digital Omnibus.

Action: If your AI is a safety component of a regulated product, fold it into the sectoral conformity procedure.

Deadline 2026-01-22 · Recently in force

South Korea AI Basic Act in force

South Korea (MSIT) · KR

High-impact AI needs pre-deployment determination, explanations, human oversight and impact assessment; GenAI output must be labelled; large foreign providers need a domestic representative.

Action: Check Korean exposure: high-impact determination, labelling, and local-representative thresholds.

Deadline 2026-01-01 · In force

California CPRA — ADMT risk assessments effective

CPPA (California) · US

Risk assessments required for automated decision-making technology that processes personal data.

Action: Document an ADMT risk assessment for in-scope automated decisions.

Deadline 2026-01-01 · In force

California AB 2013 — training-data transparency

California · US

Generative-AI developers must publish documentation about the datasets used to train the system.

Action: Prepare a public training-data summary for any GenAI you develop.

Deadline 2026-01-01 · In force

Texas TRAIGA — Responsible AI Governance Act effective

Texas · US

Bans intentionally harmful AI uses and adds duties for consequential decisions and government deployments.

Action: Review consequential-decision use cases for Texas exposure.

Deadline 2026-01-01 · In force

Illinois HB 3773 — AI in employment decisions

Illinois · US

Employers may not use AI that discriminates in employment decisions (including via zip-code proxies) and must notify employees when AI is used.

Action: Test employment AI for disparate impact and add employee notices.

Deadline 2026-01-01 · In force

California SB 53 — frontier AI transparency & incidents

California · US

Large frontier-model developers must publish a safety framework and transparency reports and report critical incidents to Cal OES within 15 days (24 hours if imminent risk).

Action: If you train frontier-scale models, stand up the safety framework and incident-report channel.

Deadline 2025-08-02 · In force

EU AI Act — general-purpose AI (GPAI) obligations apply

EU AI Act · EU

GPAI providers owe transparency, technical documentation, copyright policy, and systemic-risk duties for capable models.

Action: Inventory GPAI/foundation models you build or rely on and keep model documentation.

Enforcement 2025-08-02 · In force

EU AI Act — governance bodies & penalties live

EU AI Act · EU

National competent authorities and fines (up to 7% of global turnover for prohibited use) become enforceable.

Action: Confirm your EU market roles (provider/deployer) and an accountable owner.

Guidance 2025-07-10 · In force

EU AI Act — GPAI Code of Practice published

EU AI Act · EU

The final GPAI Code of Practice (Transparency, Copyright, Safety & Security chapters) gives providers a voluntary route to demonstrate compliance ahead of harmonised standards.

Action: Track and consider adhering to the GPAI code of practice; use its Model Documentation Form.

Deadline 2025-02-02 · In force

EU AI Act — prohibited practices in force

EU AI Act · EU

Eight unacceptable-risk practices (social scoring, manipulative AI, untargeted face-scraping, most real-time biometric ID) are banned.

Action: Confirm none of your use cases fall under a prohibited practice.

Guidance 2024-07-26 · In force

NIST AI RMF — Generative AI Profile published

NIST · GLOBAL

Companion profile mapping GenAI-specific risks to the Govern/Map/Measure/Manage functions.

Action: Map your GenAI risks against the profile’s suggested actions.

Milestone 2023-12-18 · In force

ISO/IEC 42001 — AI Management System certifiable

ISO/IEC · GLOBAL

The first certifiable AI management-system standard — an auditable backbone for an AI governance program.

Action: Consider an AIMS (policy, impact assessment, controls, monitoring) toward certification.

Enforcement 2023-07-05 · In force

NYC Local Law 144 — bias audits enforced (AEDT)

NYC · US

Automated employment decision tools require an annual independent bias audit and candidate notice.

Action: Commission an annual third-party bias audit and post the results.

Enforcement 2018-05-25 · In force

GDPR Art. 22 — safeguards for automated decisions

EU GDPR · EU

Solely-automated decisions with legal/significant effect require safeguards incl. human review.

Action: Provide a meaningful human-review and contest path; run a DPIA.