EU AI Act Art.109: Entry into Force — When the AI Act Became Law Developer Guide (2026)
There is a date that most EU AI Act compliance timelines skip past without comment: August 1, 2024. That is the day the regulation formally entered into force — the day it became part of EU law. It is not the date when prohibited AI practices became illegal (February 2, 2025), nor when GPAI obligations began (August 2, 2025), nor when most high-risk AI requirements apply (August 2026). But it is the date that anchors everything else.
Article 109 establishes this date. Its text is brief — as final provisions on entry into force typically are in EU legislation — but its legal and practical consequences reach into every other article of the regulation. The entry-into-force date determines whether Art.108 transitional provisions apply to a given system. It defines the moment of legal certainty from which compliance planning obligations begin. It establishes when contracts signed, systems designed, and data collected must be evaluated against AI Act requirements. And it sets the reference point for the preparation periods that gave industry two years to implement what August 2024 made mandatory in principle.
What Art.109 Establishes
Article 109 of the EU AI Act states that the regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. The regulation was published in the Official Journal on 12 July 2024 as OJ L 2024/1689. Adding twenty days to that publication date gives the entry-into-force date of 1 August 2024.
This single sentence — standard across EU regulations — does several things simultaneously:
It fixes the authoritative text. Once published in the Official Journal and entered into force, the regulation's text is definitive. The years of trilogue negotiations, draft amendments, and Council positions are resolved. For compliance purposes, the text published in OJ L 2024/1689 is the governing document.
It creates an obligation of awareness. From August 1, 2024, every organization operating in the EU that develops, deploys, or uses AI systems is legally expected to know this regulation exists and what it requires. The "I didn't know" defense — already difficult given the three years of legislative debate preceding adoption — became unavailable from this date.
It starts the application timeline. All the application dates specified in Art.113 are measured from or relative to the entry-into-force date. Six months after EIF brings the first applications (February 2, 2025). Twenty-four months after EIF brings the main high-risk AI application date (August 2, 2026). The entire compliance calendar cascades from August 1, 2024.
The OJ L 2024/1689 Citation
For legal documentation purposes, the authoritative citation for the EU AI Act is:
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts, OJ L 2024/1689, 12 July 2024.
This citation should appear in:
- Technical documentation under Art.11
- Declarations of conformity under Art.47
- Registration entries in the EU database under Art.71
- Compliance management system policies that reference the AI Act
- Vendor contracts and procurement requirements adopted after August 2024
The citation structure breaks down as: Regulation number (EU 2024/1689) + adoption date by Parliament and Council (13 June 2024) + short title (AI Act) + Official Journal reference (OJ L 2024/1689) + publication date (12 July 2024). The distinction between adoption date (June 13), publication date (July 12), and entry-into-force date (August 1) reflects the standard EU legislative sequence and all three dates may appear in different legal contexts.
Monitoring for corrigenda: After a regulation enters into force, it may be subject to corrigenda — corrections of typographical or clerical errors published in subsequent Official Journal issues. Corrigenda do not change the substance of the regulation but may affect the precise wording of specific provisions. Compliance teams should monitor the EUR-Lex page for OJ L 2024/1689 for any published corrigenda. Subscribe to EUR-Lex document alerts for the regulation number to receive automatic notification. As of the date of this guide, check EUR-Lex directly for the current corrigenda status.
Entry into Force Versus Application: The Critical Distinction
The most practically important concept associated with Art.109 is the distinction between entry into force and application. These terms are often conflated in informal discussions of the AI Act, and that conflation creates compliance errors.
Entry into force (Art.109): The regulation becomes part of EU law. Its text is authoritative. Legal certainty about what will be required is established. But the regulation does not yet impose binding obligations on providers, deployers, or importers of AI systems. It is "law" in the technical sense but not yet "applicable" in the operational sense.
Application (Art.113): The dates from which specific obligations actually bind specific actors. The AI Act has a cascading application structure: prohibited practices apply from February 2, 2025; GPAI obligations apply from August 2, 2025; most high-risk AI provider and deployer obligations apply from August 2, 2026. These are the dates that drive compliance deadlines.
Why the gap exists: EU regulatory practice deliberately separates these milestones. The preparation period between entry into force and application allows:
- Market surveillance authorities in each member state to designate notified bodies and national authorities
- CEN-CENELEC and other standards bodies to develop harmonized standards under the Commission mandate
- The AI Office to become operational and issue guidance
- Industry to conduct internal assessments, redesign systems, implement quality management, and prepare technical documentation
- The Commission to adopt delegated and implementing acts (Art.97, Art.73, Art.74) that fill in operational details
From a developer perspective: the preparation period is a working period, not a grace period. Organizations that treated August 2024 to August 2026 as time to ignore the AI Act because "it doesn't apply yet" missed the opportunity to use that window for compliance work.
The Preparation Period Architecture
The twenty-four months between entry into force (August 1, 2024) and the main high-risk AI application date (August 2, 2026) was structured intentionally. Understanding that structure helps development teams allocate compliance effort appropriately.
Months 1–6 (August 2024 – February 2025): Institutional setup period. The Commission began establishing the AI Office. Member states began designating national competent authorities under Art.70. The first Commission guidance documents were issued. Industry began internal assessments. This period ended with the first application event: February 2, 2025, when Article 5 prohibited practices became binding.
Months 7–12 (February 2025 – August 2025): Prohibited practices fully applicable. Organizations deploying AI in categories covered by Art.5 — unacceptable risk systems — were already subject to enforcement. GPAI providers began intensive preparation for August 2025. Standards bodies published initial working drafts. This period ended with GPAI application on August 2, 2025.
Months 13–24 (August 2025 – August 2026): The most intensive preparation period. All GPAI obligations fully applicable. High-risk AI providers completing conformity assessment, technical documentation, quality management system implementation, and EU database registration in preparation for August 2, 2026. (Note: the Digital Omnibus package has adjusted some Annex III category application dates — see our Digital Omnibus coverage for current applicable dates.)
Months 25+ (August 2026 and beyond): Full high-risk AI Act application for Annex III systems. Annex I product AI systems follow their extended timeline (August 2027 or later, depending on product category).
What Entry into Force Created: Legal Implications from August 1, 2024
For development teams and compliance managers, August 1, 2024 is not just a calendar date — it is a boundary that separates two distinct legal environments.
Systems in Development Before August 2024
AI systems that were being developed, trained, or deployed before entry into force were designed in an environment without legal certainty about what the AI Act would specifically require. This is relevant for two reasons:
Art.108 transitional provision eligibility. The grace periods under Art.108 — which allow existing high-risk AI systems to continue operating without full compliance until 2028 — apply to systems placed on the market or put into service before the applicable dates. Entry into force (August 2024) predates the applicable dates (February 2025, August 2026) by design. A system placed on market before August 2026 may qualify for Art.108 protection. But a system placed on market after that date — even if development began before EIF — receives no transitional protection.
Design-era knowledge gap. Systems architected before August 2024 were designed without authoritative knowledge of specific AI Act requirements. This does not exempt them from compliance, but it does inform how compliance remediation should be scoped: existing systems may need retrofit work across Art.9 (risk management), Art.10 (data governance), Art.11 (technical documentation), Art.13 (transparency), and Art.14 (human oversight) that was not part of the original development specification.
Systems Started After August 1, 2024
AI systems where development commenced after entry into force face a different compliance posture:
No informational gap. The regulation was available in its authoritative form from day one of development. Architecture decisions, data collection strategies, training procedures, and deployment plans could all be designed with AI Act requirements in mind from the outset. Regulators and courts will apply this standard: a development team that started work in September 2024 had the complete text of OJ L 2024/1689 available and cannot claim they were designing before the obligations crystallized.
No transitional protection. Systems developed and placed on market after the applicable dates (post-August 2026 for most Annex III high-risk AI) receive no Art.108 transitional grace period. They must comply with all applicable requirements from the moment of placing on market or putting into service.
Full preparation window available. The positive side: a system started in late 2024 had the full preparation period (up to August 2026 for Annex III) to build compliance into the architecture rather than retrofitting it. This is the scenario where compliance-by-design is most achievable.
The Documentation Date-Stamping Imperative
For any AI system whose compliance status might depend on its timeline relative to EIF or application dates, documentation timestamps are not administrative formality — they are legal evidence.
What to timestamp:
- Initial project specification or design document (pre/post EIF?)
- First training data collection decisions
- First model architecture decisions
- Risk management system initiation under Art.9
- Placing on market or putting into service (the key date for Art.108)
- Substantial modification events (Art.3(23) — resets Art.108 grace period)
Format recommendation: Use ISO 8601 date format (YYYY-MM-DD) in all compliance documentation headers. Record not just "when" but "what was known at the time." A design decision document from September 2024 should note that it was drafted after EIF with access to the final AI Act text.
Contractual and Procurement Implications
Entry into force changed the commercial environment for AI systems in ways that development teams working on B2B or public-sector AI need to understand.
Pre-EIF contracts: AI supply agreements, data processing agreements, and deployment contracts signed before August 1, 2024 were negotiated without definitive AI Act text. They may lack AI Act-specific provisions for:
- Conformity assessment cooperation obligations
- Technical documentation access and sharing
- Post-market monitoring data sharing
- Substantial modification notification
- Compliance warranty representations
Post-EIF contracts: Any AI-related contract signed after August 1, 2024 should include AI Act provisions appropriate to the parties' roles. A contract signed in October 2024 between a provider and deployer should address, at minimum: which party is responsible for Art.11 technical documentation, how Art.72 post-market monitoring data is shared, whether the provider warrants compliance with applicable requirements by the application dates, and how Art.3(23) substantial modifications are defined and handled.
Procurement requirements: Public sector entities procuring AI systems after EIF can legitimately include AI Act compliance as a procurement criterion. A contracting authority issuing a tender in 2025 for an AI system to be deployed in 2026 should include AI Act compliance requirements in the tender specifications. The applicable application date may fall within the contract period, making compliance a delivery requirement rather than a future aspiration.
Liability allocation: The AI Act creates specific obligations and corresponding penalties for providers (Art.99) and deployers (different obligations under Art.26). Contracts that allocate liability based on role definitions from before the AI Act may not correctly reflect the post-EIF responsibility structure. Post-EIF contracts should explicitly map AI Act roles (provider, deployer, importer, distributor per Art.3) to contract parties and allocate obligations accordingly.
Standards and Governance Mandate: Counting from EIF
Entry into force started several concurrent processes that developers track indirectly through standardization updates and regulatory guidance:
CEN-CENELEC standardization mandate: The Commission issued a standardization mandate to CEN and CENELEC following entry into force, requesting development of harmonized standards that would create a presumption of conformity under the AI Act. Standards were requested covering: risk management systems (Art.9), data governance (Art.10), technical documentation (Art.11), transparency (Art.13), human oversight (Art.14), accuracy and robustness (Art.15), and cybersecurity. Harmonized standards, once published in the OJ, allow providers to rely on them for conformity assessment. Development teams building AI systems in 2024-2026 should track CEN-CENELEC EN working groups for AI Act-related standards.
AI Office establishment: The AI Office within the Commission became operational during the preparation period. Its primary initial focus was on GPAI model obligations (Art.52-55), including the development of the Code of Practice for GPAI model providers. The AI Office's publications, guidance documents, and Code of Practice text are available through the EU AI Office website and are not negotiated by the Commission but are authoritative guidance.
National authority designation: Each member state was required to designate national competent authorities (NCAs) responsible for market surveillance under Art.70. The designation process, timelines, and published guidance from national authorities vary by member state. Developers releasing products across multiple EU markets should monitor their target markets' NCA designations and any country-specific guidance published.
Delegated and implementing acts: Art.97 grants the Commission power to adopt delegated acts specifying technical details for various provisions. Art.73 and Art.74 provide for implementing acts. Many operational details of the AI Act — including the format of technical documentation, the list of high-risk AI systems, specific data governance requirements — may be further specified through these secondary instruments. All such acts are dated from after EIF; development teams should maintain a registry of AI Act-related delegated and implementing acts as they are adopted.
Python Tooling: Computing Compliance Timelines from EIF
The following Python module provides utilities for computing compliance timelines relative to the entry-into-force date and assessing a system's position in the preparation period architecture.
from datetime import date, timedelta
from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
class ApplicationStage(Enum):
PRE_ENTRY_INTO_FORCE = "PRE_ENTRY_INTO_FORCE"
PREPARATION_PERIOD_1 = "PREPARATION_PERIOD_1" # EIF → Feb 2025
PROHIBITED_PRACTICES_APPLICABLE = "PROHIBITED_PRACTICES_APPLICABLE" # Feb 2025 → Aug 2025
GPAI_APPLICABLE = "GPAI_APPLICABLE" # Aug 2025 → Aug 2026
HIGH_RISK_ANNEX_III_APPLICABLE = "HIGH_RISK_ANNEX_III_APPLICABLE" # Aug 2026+
HIGH_RISK_ANNEX_I_APPLICABLE = "HIGH_RISK_ANNEX_I_APPLICABLE" # Aug 2027+
class DevelopmentContext(Enum):
PRE_EIF_DEVELOPMENT = "PRE_EIF_DEVELOPMENT"
PREPARATION_PERIOD_DEVELOPMENT = "PREPARATION_PERIOD_DEVELOPMENT"
POST_APPLICATION_DEVELOPMENT = "POST_APPLICATION_DEVELOPMENT"
@dataclass
class Art109ComplianceTimeline:
"""
Compute EU AI Act compliance timelines relative to entry into force.
Reference: OJ L 2024/1689 (12 July 2024). Entry into force: 1 August 2024.
"""
# Core entry-into-force dates
PUBLICATION_DATE: date = field(default=date(2024, 7, 12))
ENTRY_INTO_FORCE: date = field(default=date(2024, 8, 1)) # Day 20 after publication
# Application dates (Art.113)
PROHIBITED_PRACTICES_DATE: date = field(default=date(2025, 2, 2)) # 6 months after EIF
GPAI_APPLICATION_DATE: date = field(default=date(2025, 8, 2)) # 12 months after EIF
HIGH_RISK_ANNEX_III_DATE: date = field(default=date(2026, 8, 2)) # 24 months after EIF
HIGH_RISK_ANNEX_I_DATE: date = field(default=date(2027, 8, 2)) # 36 months after EIF
# Digital Omnibus adjusted dates
ANNEX_III_EXTENDED_DATE: date = field(default=date(2027, 12, 2)) # Dec 2027 per Digital Omnibus
def get_current_stage(self, check_date: Optional[date] = None) -> ApplicationStage:
"""Return the current application stage as of check_date."""
d = check_date or date.today()
if d < self.ENTRY_INTO_FORCE:
return ApplicationStage.PRE_ENTRY_INTO_FORCE
elif d < self.PROHIBITED_PRACTICES_DATE:
return ApplicationStage.PREPARATION_PERIOD_1
elif d < self.GPAI_APPLICATION_DATE:
return ApplicationStage.PROHIBITED_PRACTICES_APPLICABLE
elif d < self.HIGH_RISK_ANNEX_III_DATE:
return ApplicationStage.GPAI_APPLICABLE
elif d < self.HIGH_RISK_ANNEX_I_DATE:
return ApplicationStage.HIGH_RISK_ANNEX_III_APPLICABLE
else:
return ApplicationStage.HIGH_RISK_ANNEX_I_APPLICABLE
def days_since_entry_into_force(self, check_date: Optional[date] = None) -> int:
"""Days elapsed since entry into force."""
d = check_date or date.today()
if d < self.ENTRY_INTO_FORCE:
return -(self.ENTRY_INTO_FORCE - d).days
return (d - self.ENTRY_INTO_FORCE).days
def days_until_application(self, target_date: date, check_date: Optional[date] = None) -> int:
"""Days until a specific application date."""
d = check_date or date.today()
return (target_date - d).days
def assess_development_start(self, dev_start_date: date) -> dict:
"""
Assess AI Act compliance implications based on when development started
relative to entry into force.
Returns context, grace period eligibility guidance, and documentation requirements.
"""
if dev_start_date < self.ENTRY_INTO_FORCE:
return {
"development_context": DevelopmentContext.PRE_EIF_DEVELOPMENT.value,
"days_before_eif": (self.ENTRY_INTO_FORCE - dev_start_date).days,
"grace_period_potentially_eligible": True,
"description": (
"Development began before entry into force (1 Aug 2024). "
"Art.108 transitional provisions may apply if the system was "
"placed on market before the applicable date."
),
"key_question": (
"Was the system placed on market or put into service before "
"the applicable date (Aug 2026 for Annex III, Aug 2027 for Annex I)? "
"If yes, Art.108 grace period applies — unless substantial modification occurred."
),
"documentation_priority": [
"Document placing-on-market date with commercial evidence",
"Establish intended-purpose baseline for substantial modification tracking",
"Record system version as of pre-application date",
],
}
elif dev_start_date < self.PROHIBITED_PRACTICES_DATE:
days_into_prep = (dev_start_date - self.ENTRY_INTO_FORCE).days
return {
"development_context": DevelopmentContext.PREPARATION_PERIOD_DEVELOPMENT.value,
"days_after_eif": days_into_prep,
"grace_period_potentially_eligible": False,
"description": (
f"Development began {days_into_prep} days after EIF, during the "
"preparation period. Full preparation time was available. "
"No Art.108 transitional protection for post-application-date deployment."
),
"key_question": (
"Was compliance-by-design incorporated from the start? "
"Development teams starting during this period had full OJ text available."
),
"documentation_priority": [
"Record compliance planning initiation date",
"Document that AI Act requirements were known from development start",
"Align architecture decisions with Art.9-15 requirements",
],
}
else:
days_after_eif = (dev_start_date - self.ENTRY_INTO_FORCE).days
days_until_annex_iii = max(0, (self.HIGH_RISK_ANNEX_III_DATE - dev_start_date).days)
return {
"development_context": DevelopmentContext.POST_APPLICATION_DEVELOPMENT.value,
"days_after_eif": days_after_eif,
"grace_period_potentially_eligible": False,
"description": (
f"Development began {days_after_eif} days after EIF. "
"AI Act obligations were already partially applicable. "
"No transitional provisions available for new systems."
),
"key_question": (
"Is prohibited practices compliance confirmed (Art.5, applicable from Feb 2025)? "
"GPAI obligations confirmed if applicable (applicable from Aug 2025)?"
),
"documentation_priority": [
"Immediate Art.5 prohibited practices assessment",
"Risk management system (Art.9) from project initiation",
"Data governance (Art.10) for all training data collection",
],
"days_until_annex_iii_application": days_until_annex_iii,
}
def generate_compliance_calendar(self, check_date: Optional[date] = None) -> list[dict]:
"""Generate a compliance calendar with days remaining to each milestone."""
d = check_date or date.today()
milestones = [
{
"date": self.ENTRY_INTO_FORCE,
"event": "Entry into Force (Art.109)",
"description": "OJ L 2024/1689 published July 12; EIF August 1, 2024",
"status": "PASSED" if d > self.ENTRY_INTO_FORCE else "UPCOMING",
},
{
"date": self.PROHIBITED_PRACTICES_DATE,
"event": "Prohibited Practices Applicable (Art.5)",
"description": "Chapter II prohibited AI systems: enforcement begins",
"status": "PASSED" if d > self.PROHIBITED_PRACTICES_DATE else "UPCOMING",
},
{
"date": self.GPAI_APPLICATION_DATE,
"event": "GPAI Obligations Applicable (Chapter V)",
"description": "Art.52-55 GPAI provider/systemic risk obligations",
"status": "PASSED" if d > self.GPAI_APPLICATION_DATE else "UPCOMING",
},
{
"date": self.HIGH_RISK_ANNEX_III_DATE,
"event": "High-Risk AI Applicable (Annex III)",
"description": "Art.9-15 technical requirements + Art.26 deployer obligations",
"status": "PASSED" if d > self.HIGH_RISK_ANNEX_III_DATE else "UPCOMING",
"days_remaining": max(0, (self.HIGH_RISK_ANNEX_III_DATE - d).days),
},
{
"date": self.ANNEX_III_EXTENDED_DATE,
"event": "Annex III Extended Date (Digital Omnibus)",
"description": "Extended Annex III date per Digital Omnibus package",
"status": "PASSED" if d > self.ANNEX_III_EXTENDED_DATE else "UPCOMING",
"days_remaining": max(0, (self.ANNEX_III_EXTENDED_DATE - d).days),
},
{
"date": self.HIGH_RISK_ANNEX_I_DATE,
"event": "High-Risk AI Annex I Products Applicable",
"description": "MDR, Machinery, RED, Vehicle Type-Approval AI systems",
"status": "PASSED" if d > self.HIGH_RISK_ANNEX_I_DATE else "UPCOMING",
"days_remaining": max(0, (self.HIGH_RISK_ANNEX_I_DATE - d).days),
},
]
return milestones
def check_eif_documentation_completeness(system: dict) -> dict:
"""
Validate that a system's compliance documentation includes
entry-into-force anchored timestamps and citations.
system: dict with keys:
- dev_start_date (date): When development began
- placing_on_market_date (Optional[date]): When placed on market
- has_oj_citation (bool): Whether OJ L 2024/1689 cited in docs
- has_eif_timestamp (bool): Whether documents are dated relative to EIF
- has_compliance_planning_start (bool): Whether compliance planning start is documented
"""
issues = []
timeline = Art109ComplianceTimeline()
if not system.get("has_oj_citation"):
issues.append({
"severity": "HIGH",
"issue": "Missing OJ L 2024/1689 citation in compliance documentation",
"remediation": "Add 'Regulation (EU) 2024/1689, OJ L 2024/1689, 12 July 2024' to doc headers",
})
if not system.get("has_eif_timestamp"):
issues.append({
"severity": "MEDIUM",
"issue": "Documents not timestamped relative to EIF (1 August 2024)",
"remediation": "Add ISO 8601 dates to all compliance documents; note whether authored pre/post EIF",
})
if not system.get("has_compliance_planning_start"):
dev_start = system.get("dev_start_date")
if dev_start and dev_start > timeline.ENTRY_INTO_FORCE:
issues.append({
"severity": "HIGH",
"issue": "No documented compliance planning start for post-EIF development",
"remediation": "Document when AI Act compliance assessment was initiated; this evidence matters if obligations are disputed",
})
return {
"completeness_score": max(0, 10 - len(issues) * 2),
"issues": issues,
"citation": "OJ L 2024/1689 — Regulation (EU) 2024/1689, 12 July 2024",
"eif_date": str(timeline.ENTRY_INTO_FORCE),
}
Art.109 Entry into Force — 30-Item Developer Checklist
Entry into Force Documentation (Items 1–7)
- Record OJ L 2024/1689 (12 July 2024) as the authoritative AI Act citation in all compliance documentation headers
- Record the entry-into-force date (1 August 2024) in your compliance registry and policy documents
- Verify you are working from the current OJ text — check EUR-Lex for any published corrigenda to OJ L 2024/1689
- Subscribe to EUR-Lex document alerts for Regulation (EU) 2024/1689 to receive automatic corrigenda notifications
- Include the full regulation citation in declarations of conformity, technical documentation cover pages, and registration submissions
- Document when your organization first became formally aware of the AI Act relative to EIF (legal audit trail)
- Establish ISO 8601 date-stamping practice for all compliance documents to support timeline evidence
Development Timeline Analysis (Items 8–14)
- Map each AI system's development start date against the entry-into-force date (before/after 1 August 2024)
- Identify systems started before EIF — assess Art.108 grace period eligibility based on placing-on-market date
- Identify systems started after EIF — confirm no grace period applies, full preparation window was available
- Document the "placing on market" or "putting into service" date for each AI system with commercial evidence
- For systems that span the EIF date: determine whether architecture or data decisions made post-EIF affect the compliance baseline
- Record training data collection decisions (Art.10) made after EIF — post-EIF data collection should meet Art.10 requirements
- Audit product design decisions made after August 2024 for alignment with AI Act requirements known at the time
Contractual and Procurement Implications (Items 15–21)
- Review all AI supply agreements signed after EIF for AI Act compliance provisions (conformity, documentation, post-market monitoring)
- Add AI Act role definitions (provider, deployer, importer per Art.3) to new vendor contracts
- Include AI Act compliance warranties in AI system procurement contracts for systems to be deployed during the application period
- Verify indemnification clauses address AI Act penalty exposure (Art.99 fines up to 7% global turnover for prohibited AI)
- Review data processing agreements for AI training data collected post-EIF — confirm Art.10 data governance basis
- Update AI service SLAs to address Art.72 post-market monitoring data sharing obligations
- Confirm that NDA/IP agreements do not restrict access to technical documentation required under Art.11
Application Date Monitoring (Items 22–26)
- Confirm Art.5 prohibited practices assessment is complete (applicable from 2 February 2025 — already past)
- Confirm GPAI compliance assessment is complete if applicable (applicable from 2 August 2025 — already past)
- Track Digital Omnibus developments for any further adjustments to Annex III application dates
- Monitor delegated acts under Art.7 that may adjust the Annex III high-risk list
- Maintain a dated log of AI Act implementing/delegated act publications that affect your systems
Standards and Governance Monitoring (Items 27–30)
- Monitor CEN-CENELEC EN working groups for AI Act harmonized standards drafts and publication timelines
- Track AI Office publications: Code of Practice for GPAI, guidance on prohibited practices, Art.9 risk management guidance
- Monitor your target member states' national competent authority (NCA) designations and published guidance
- Register for notifications from your country's NCA once designated — national enforcement guidance may supplement the regulation text
Article 109 resolves the question of when the EU AI Act became law: 1 August 2024, the twentieth day after publication in OJ L 2024/1689. That date anchors the entire compliance calendar — setting the start of the preparation period, determining Art.108 grace period eligibility for systems already deployed, and establishing the point of legal certainty from which all organizations developing AI systems in the EU are held to knowledge of the regulation's requirements. Building a compliance program around this anchor date, rather than only around the application dates, produces more defensible evidence of diligence and more complete alignment between development choices and regulatory expectations.