A free, continuously-updated calendar of AI-law deadlines, milestones, and enforcement dates — EU AI Act, GDPR, US state laws, ISO/NIST — the same catalog that powers the Workbench's Regulatory Horizon tool, published for anyone to check.
Deadline
2026-08-02 · Imminent (25d)
EU AI Act — Art. 50 transparency obligations apply
EU AI Act · EU
Chatbots must disclose they are AI; synthetic content needs machine-readable marking; deepfakes and emotion-recognition/biometric-categorisation uses must be disclosed. The full penalty machinery (incl. Art. 101 GPAI fines) also becomes applicable.
Action: Ship AI disclosure in the product UI and machine-readable marking of generated content before 2 Aug 2026.
Deadline
2026-12-02 · Upcoming (147d)
EU AI Act — NCII/CSAM ban + end of marking grace period
EU AI Act (Digital Omnibus) · EU
The Digital Omnibus adds a prohibition on AI systems for non-consensual intimate imagery/CSAM and ends the synthetic-content marking grace period for pre-existing systems.
Action: Confirm generation guardrails block NCII/CSAM and that legacy systems mark synthetic content.
Deadline
2027-01-01 · Upcoming (177d)
Colorado AI Act (SB 26-189 / ADMT) effective
Colorado · US
Duties around consequential automated decisions — transparency, notice, and risk management.
Action: Map consequential-decision systems and prepare consumer notices.
Deadline
2027-04-01 · Upcoming (267d)
California ADMT — opt-out & pre-use notice phase
CPPA (California) · US
Consumers gain opt-out and pre-use notice rights for covered automated decisions.
Action: Build opt-out handling and pre-use notices into the product.
Deadline
2027-12-02 · Upcoming (512d)
EU AI Act — serious-incident reporting (Art. 73)
EU AI Act · EU
Providers of high-risk systems must report serious incidents to authorities within 15 days (10 days on a death; 2 days for widespread infringement or critical-infrastructure disruption).
Action: Stand up an incident-detection, triage and reporting playbook with those clocks.
Deadline
2027-12-02 · Upcoming (512d)
EU AI Act — Annex III high-risk obligations apply
EU AI Act · EU
Full high-risk regime (risk management, data governance, logging, human oversight, accuracy, conformity assessment, registration). Moved from Aug 2026 to 2 Dec 2027 by the Digital Omnibus (adopted June 2026).
Action: Start the Annex IV technical file, risk-management system, and conformity plan now.
Deadline
2028-08-02 · Upcoming (756d)
EU AI Act — Annex I embedded high-risk obligations apply
EU AI Act · EU
High-risk AI embedded in regulated products (machinery, medical devices, vehicles) must comply. Moved from Aug 2027 to 2 Aug 2028 by the Digital Omnibus.
Action: If your AI is a safety component of a regulated product, fold it into the sectoral conformity procedure.
Deadline
2026-01-22 · Recently in force
South Korea AI Basic Act in force
South Korea (MSIT) · KR
High-impact AI needs pre-deployment determination, explanations, human oversight and impact assessment; GenAI output must be labelled; large foreign providers need a domestic representative.
Action: Check Korean exposure: high-impact determination, labelling, and local-representative thresholds.
Deadline
2026-01-01 · In force
California CPRA — ADMT risk assessments effective
CPPA (California) · US
Risk assessments required for automated decision-making technology that processes personal data.
Action: Document an ADMT risk assessment for in-scope automated decisions.
Deadline
2026-01-01 · In force
California AB 2013 — training-data transparency
California · US
Generative-AI developers must publish documentation about the datasets used to train the system.
Action: Prepare a public training-data summary for any GenAI you develop.
Deadline
2026-01-01 · In force
Texas TRAIGA — Responsible AI Governance Act effective
Texas · US
Bans intentionally harmful AI uses and adds duties for consequential decisions and government deployments.
Action: Review consequential-decision use cases for Texas exposure.
Deadline
2026-01-01 · In force
Illinois HB 3773 — AI in employment decisions
Illinois · US
Employers may not use AI that discriminates in employment decisions (including via zip-code proxies) and must notify employees when AI is used.
Action: Test employment AI for disparate impact and add employee notices.
Deadline
2026-01-01 · In force
California SB 53 — frontier AI transparency & incidents
California · US
Large frontier-model developers must publish a safety framework and transparency reports and report critical incidents to Cal OES within 15 days (24 hours if imminent risk).
Action: If you train frontier-scale models, stand up the safety framework and incident-report channel.
Deadline
2025-08-02 · In force
EU AI Act — general-purpose AI (GPAI) obligations apply
EU AI Act · EU
GPAI providers owe transparency, technical documentation, copyright policy, and systemic-risk duties for capable models.
Action: Inventory GPAI/foundation models you build or rely on and keep model documentation.
Enforcement
2025-08-02 · In force
EU AI Act — governance bodies & penalties live
EU AI Act · EU
National competent authorities and fines (up to 7% of global turnover for prohibited use) become enforceable.
Action: Confirm your EU market roles (provider/deployer) and an accountable owner.
Guidance
2025-07-10 · In force
EU AI Act — GPAI Code of Practice published
EU AI Act · EU
The final GPAI Code of Practice (Transparency, Copyright, Safety & Security chapters) gives providers a voluntary route to demonstrate compliance ahead of harmonised standards.
Action: Track and consider adhering to the GPAI code of practice; use its Model Documentation Form.
Deadline
2025-02-02 · In force
EU AI Act — prohibited practices in force
EU AI Act · EU
Eight unacceptable-risk practices (social scoring, manipulative AI, untargeted face-scraping, most real-time biometric ID) are banned.
Action: Confirm none of your use cases fall under a prohibited practice.
Guidance
2024-07-26 · In force
NIST AI RMF — Generative AI Profile published
NIST · GLOBAL
Companion profile mapping GenAI-specific risks to the Govern/Map/Measure/Manage functions.
Action: Map your GenAI risks against the profile’s suggested actions.
Milestone
2023-12-18 · In force
ISO/IEC 42001 — AI Management System certifiable
ISO/IEC · GLOBAL
The first certifiable AI management-system standard — an auditable backbone for an AI governance program.
Action: Consider an AIMS (policy, impact assessment, controls, monitoring) toward certification.
Enforcement
2023-07-05 · In force
NYC Local Law 144 — bias audits enforced (AEDT)
NYC · US
Automated employment decision tools require an annual independent bias audit and candidate notice.
Action: Commission an annual third-party bias audit and post the results.
Enforcement
2018-05-25 · In force
GDPR Art. 22 — safeguards for automated decisions
EU GDPR · EU
Solely-automated decisions with legal/significant effect require safeguards incl. human review.
Action: Provide a meaningful human-review and contest path; run a DPIA.