Understanding Roles and Key Dates in the EU AI Act

What is the EU AI Act?

At its core, the AI Act defines AI as:

“A machine-based system designed to operate with varying levels of autonomy, capable of adapting after deployment, and, based on its inputs, generating outputs like predictions, content, recommendations, or decisions that can impact both physical and virtual environments.”

To stay compliant, organisations need to understand the roles outlined in the Act and what each one entails:

• Provider: A person or entity (whether a natural or legal one) that develops or markets an AI system or general-purpose AI model, whether free or for payment. If based outside the EU, the provider must appoint an authorised representative within the EU to take on their obligations.
• Deployer: An entity using an AI system under its authority, excluding personal or non-professional use.
  Look here for more information on Providers and Deployers under the EU AI Act.
• Importer: An EU-based entity bringing an AI system developed outside the EU onto the EU market.
• Distributor: An intermediary in the supply chain making AI systems available in the EU market.
• Operator: A general term that refers to anyone in the above roles.

Key Dates for Compliance

The Act will generally apply from 2 August 2026, but there are some important deadlines in 2025 that will require earlier action, especially for providers of general-purpose AI and deployers using high-risk systems.

Here are the key dates to watch out for:

2 February 2025

• Ban on Certain AI Systems: The Act bans high-risk AI systems, including those that:
  • Exploit individual vulnerabilities.
  • Use subliminal techniques to manipulate behaviour.
  • Scrape facial images indiscriminately to create databases.
• AI Literacy Requirements Start: Providers and deployers will need to ensure their staff are adequately trained in AI literacy, particularly those managing or operating AI systems.

2 May 2025

• Publication of Codes of Practice: The EU AI Office will release guidelines to help providers and deployers meet their obligations under the Act.

2 August 2025

• Obligations for General-Purpose AI Models: Providers of general-purpose AI models must meet the requirements outlined in the Act.
• Extended Compliance Period Deadline: Providers with AI systems already on the market by this date will have until 2 August 2027 to ensure compliance.
• Enforcement Begins: EU member states will start enforcing penalties for non-compliance and will report their national enforcement actions to the European Commission.
• Annual Review of AI Risks: The European Commission will conduct its first review of prohibited and high-risk AI systems.
• Guidance on Reporting Serious Incidents: The EU will provide guidelines on how to report incidents involving significant harm to individuals, infrastructure, or the environment.

What Should Organisations Do Now?

Organisations should first identify their role under the AI Act and assess whether their AI systems fall into regulated categories. Taking action now ensures they meet obligations and deadlines, avoiding penalties while promoting trust and innovation.

By aligning with the EU AI Act’s framework, businesses can use AI responsibly, stay compliant, and boost their competitive edge in the European market. Check out our next post, where we’ll dive deeper into AI categories and specific obligations