The European Union’s Artificial Intelligence (AI) Act was the first comprehensive regulation of AI technologies. The AI Act came into force on August 1, 2024, but full implementation of its provisions will be staggered over three years. 

Important milestones have already been completed, such as prohibiting AI practices deemed manipulative, exploitative, or contrary to European values. Additionally, the Commission has finalized codes of practice for AI providers and deployers, which are now ready to take effect.

We focus here on the aspects of the Act coming into play from 2 August 2025 and explore what legal and compliance professionals need to know or act on.

August 2nd and beyond!

August 2, 2025, marked a significant step in the roll-out of the EU AI Act. Several core rules will come into effect, and by this date, businesses should have completed an initial phase of AI risk assessment and compliance preparation.

A key aspect is the start of regulations concerning notified bodies (Chapter III, Section 4). These are independent, third-party organizations which member states designate as responsible for assessing the conformity of high-risk AI systems. Additionally, provisions concerning Governance (Chapter VII), Confidentiality (Article 78), and Penalties (Articles 99 and 100) will also start to apply.

These provisions will directly impact the way AI systems are regulated, ensuring that systems adhere to transparency, fairness, and accountability requirements. Specifically, penalties for non-compliance will be enforceable, creating a strong incentive for businesses to be fully compliant ahead of the deadline.

General Purpose AI (GPAI) refers to AI models which have been trained on very large volumes of data and have broad capabilities. For GPAI models that were placed on the market (i.e. put into service) before 2 August 2025, the Act allows providers an additional two years to reach full compliance. Their models must be compliant by 2 August 2027, meaning providers have a limited time to adjust their systems and the supporting documentation to meet the regulations. 

For Member States, several important deadlines will occur on 2 August 2025. The first is the requirement to report to the European Commission on the status of the financial and human resources available to national competent authorities. These bodies are tasked with overseeing the implementation and enforcement of the AI Act. The report on resourcing must be resubmitted every two years thereafter. Moreover, Member States will also need to designate and notify the European Commission of their national competent authorities—including both notifying authorities and market surveillance authorities— and ensure their contact details are made publicly available.

Another key deadline for Member States is the requirement to lay down rules for penalties and fines, which must be communicated to the Commission and implemented effectively by 2 August 2025. This provision aims to ensure that penalties for non-compliance are standardized across the EU and enforced consistently.

The GPAI rules apply from 2 August 2025, requiring all models launched by providers after that date to comply immediately. The Commission’s enforcement powers, including information requests, model access, or recalls, will not be exercised for 1 year until 2 August 2026, giving providers time to align with the AI Office. 

The European Commission is tasked with reviewing and amending the prohibitions on certain AI systems annually, with the first review deadline on 2 August 2025. This review process ensures that the AI Act remains flexible and adaptable to technological advancements, allowing it to address new risks as AI evolves.

The milestones of August 2, 2025, represent a significant juncture in the regulatory landscape. As this latest stage of the AI Act rolls out, companies operating within the AI space must prioritize compliance with these new elements of the regulations. Failing to comply in time could lead to significant legal and financial consequences. 

Scanning the horizon; Key future dates in the AI Act Timeline

Late 2025 – Official Implementation and Supervision: By the end of 2025, the AI Act will enter its formal implementation phase. At this point, competent national authorities will be fully operational, and businesses must be prepared for oversight and enforcement actions. This includes the development of AI-specific risk management frameworks and documentation for high-risk AI systems.

2026 – Full Enforcement: By 2026, full enforcement of the AI Act will be in place. At this point, businesses providing or deploying Ai could face audits and enforcement actions from regulators.

What’s at Stake for Businesses?

The AI Act is more than just another regulatory framework; it is a transformative piece of legislation that will significantly influence AI development, deployment, and governance across the European Union. Non-compliance with the Act carries serious risks, including:

  • Substantial Fines: As outlined in the AI Act, penalties for non-compliance can be severe, with fines reaching up to 6% of a company’s global annual turnover. Such financial repercussions underscore the importance of adherence to the Act’s provisions.
  • Reputational Damage: Failure to comply with the AI Act would also risk serious damage to a company’s reputation. In a market that increasingly values ethical AI practices, businesses sanctioned for non-compliance may be perceived as irresponsible or negligent, eroding consumer and stakeholder confidence.

On the other hand, the AI Act also offers substantial opportunities for businesses that take proactive steps toward compliance:

  • Building Consumer Trust: By demonstrating compliance with the AI Act’s provisions on fairness, accountability, and transparency, businesses can strengthen consumer trust in their use of AI systems. This trust can be a significant differentiator, especially as customers become more discerning about the ethical implications of AI.
  • Long-Term Market Positioning: Companies that embrace responsible AI governance and adhere to the regulatory standards set by the AI Act are better positioned for long-term success. In a regulated and competitive market, such businesses will be more resilient, sustainable, and capable of adapting to future regulatory changes.

Conclusion

The August 2nd milestones of the AI Act represent an important moment for businesses that provide or deploy AI technologies. As the regulatory landscape solidifies, companies must adapt to a framework that will shape the future of AI in the finance sector. Staying ahead of deadlines and fully understanding the AI Act’s requirements will be essential for businesses seeking to harness AI’s potential while avoiding regulatory pitfalls.

Posted: 2 Oct 2025

Want to comment or have questions? You can contact the AI team at Flawless via:

Disclaimer: The information provided in this blog post is for general informational purposes only and does not constitute advice, legal or otherwise.