🔴Illinois HB 3773IN EFFECTUp to ~$70K/violation|🔴Texas TRAIGA (HB 149)IN EFFECTAG-enforced|🔴Utah AI Policy ActIN EFFECT$2,500/violation|⚠️Colorado AI Act (SB 205)Jan 1, 2027AG-enforced|⚠️California SB 942Aug 2, 2026$5K/day|⚠️EU AI Act Art. 50Aug 2, 2026€35M or 7% revenue|⚠️New York RAISE ActJan 1, 2027AG civil penalties|🔴Illinois HB 3773IN EFFECTUp to ~$70K/violation|🔴Texas TRAIGA (HB 149)IN EFFECTAG-enforced|🔴Utah AI Policy ActIN EFFECT$2,500/violation|⚠️Colorado AI Act (SB 205)Jan 1, 2027AG-enforced|⚠️California SB 942Aug 2, 2026$5K/day|⚠️EU AI Act Art. 50Aug 2, 2026€35M or 7% revenue|⚠️New York RAISE ActJan 1, 2027AG civil penalties|
EU AI Act

EU AI Act compliance by country

The world's first horizontal AI statute — high-risk obligations land August 2, 2026. Country-by-country enforcement notes for every member state.

15
Member states
Aug 2, 2026
High-risk deadline
€35M / 7%
Max penalty
By · Founder
Published Reviewed

EU AI Act high-risk rules take effect August 2, 2026, with full effect by August 2, 2027. Penalties reach €35 million or 7% of global annual turnover.

⚠️ EU AI Act high-risk deadline: August 2, 2026 — penalties up to €35M or 7% turnover

The EU AI Act enters into force on August 2, 2026, creating a unified regulatory framework for artificial intelligence across all 27 EU member states and the European Economic Area. Unlike the patchwork of US state laws, the EU AI Act is a single directive with direct applicability — companies serving EU customers cannot negotiate compliance state-by-state. The regulatory environment is layered: existing data-protection obligations under GDPR remain in force and interact with new AI-specific requirements. The EU AI Act imposes transparency, documentation, and risk-assessment obligations regardless of where the company is incorporated, making it effectively extra-territorial for any business with EU users, customers, or employees.

The EU AI Act uses a risk-based compliance framework that escalates with system impact. The framework identifies four risk tiers: prohibited AI systems (facial recognition in law enforcement, social credit scoring, subliminal manipulation); high-risk systems (hiring, benefits determination, law enforcement, biometric identification, facial emotion recognition); limited-risk systems (chatbots and transparent AI); and minimal-risk systems (game AI, spam filters). High-risk systems require pre-deployment impact assessments, bias and fairness testing, documented risk mitigation, human oversight mechanisms, and transparency to end users. Limited-risk systems require transparency disclosures. The tiered approach means compliance effort scales with AI risk — but almost any business AI system will land in the high-risk or limited-risk category, triggering active obligations.

Penalties for non-compliance are severe: up to €35 million or 7% of global annual turnover, whichever is higher. Fines accumulate per violation, and per-decision violations (e.g., a non-compliant AI system used in 1,000 hiring decisions) can multiply exposure. Unlike US state laws where compliance is sector-specific, the EU AI Act applies uniformly across all industries — healthcare, finance, government, retail, recruitment, all face the same framework. Some member states have enacted opt-out rights for citizens, allowing individuals to request human-only decisions in high-risk contexts. The financial and operational stakes make EU AI Act compliance a separate, high-priority workstream from US state-law compliance.

Compliance with the EU AI Act is not a forward-looking exercise — August 2, 2026 is the enforcement start date. Businesses should treat this deadline the same way they treated GDPR's May 25, 2018 enforcement date: as a hard cutoff after which non-compliance creates daily exposure. National data-protection authorities and AI-specific regulators (newly established in many member states) will begin accepting complaints and conducting audits immediately upon enforcement. The most effective compliance strategy is to conduct an immediate AI inventory, prioritize high-risk systems for pre-deployment assessment, complete bias and fairness testing, and establish documentation and human-review processes before August 2. Attempting remediation after enforcement has begun creates longer periods of documented non-compliance and higher penalty exposure.

Live · EUR-Lex

EU AI & digital regulations

Updated July 12, 2026

The Union-level Regulations and Directives that govern AI, pulled automatically from the official EU law database (EUR-Lex). Each links to the authoritative text, with its CELEX reference and current in-force status.

Cyber Resilience Act (CRA)RegulationCELEX 32024R2847

Cybersecurity requirements for products with digital elements, including AI-enabled software and connected devices.

Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (Text with EEA relevance)

EUR-Lex· In force·
Product Liability Directive (revised)DirectiveCELEX 32024L2853

Extends EU product-liability rules to software and AI systems, easing the burden of proof for harm caused by AI.

Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products and repealing Council Directive 85/374/EEC (Text with EEA relevance)

EUR-Lex· In force·
EU AI ActRegulationCELEX 32024R1689

The world’s first comprehensive AI law. Risk-based rules for AI systems; high-risk obligations phase in through 2026–2027. Fines up to €35M or 7% of global turnover.

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Text with EEA relevance)

EUR-Lex· In force·
Data ActRegulationCELEX 32023R2854

Rules on access to and sharing of IoT and machine-generated data — the raw material for training and running AI systems.

Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)

EUR-Lex· In force·
Digital Services Act (DSA)RegulationCELEX 32022R2065

Obliges very large platforms to assess and mitigate systemic risks from their recommender and content-moderation AI, with algorithmic transparency duties.

Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance)

EUR-Lex· In force·
Digital Markets Act (DMA)RegulationCELEX 32022R1925

Constrains how gatekeeper platforms rank, self-preference and combine data in their AI-driven services.

Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (Text with EEA relevance)

EUR-Lex· In force·
Data Governance Act (DGA)RegulationCELEX 32022R0868

Framework for trusted data sharing and data intermediaries, enabling lawful data reuse for AI development.

Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (Text with EEA relevance)

EUR-Lex· In force·
Platform-to-Business (P2B) RegulationRegulationCELEX 32019R1150

Transparency duties for the ranking algorithms online intermediaries use against business users.

Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services (Text with EEA relevance)

EUR-Lex· In force·
GDPRRegulationCELEX 32016R0679

Governs automated decision-making and profiling (Art. 22) and any AI that processes personal data — the baseline every AI system in the EU must meet.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

EUR-Lex· In force·
● Live

EU AI law news

Updated July 12, 2026

Recent coverage of the EU AI Act and EU-wide AI regulation. Aggregated automatically; follow each link for the full story.

AI Law News
The National Law Review
July 10, 2026
AI-Generated Content in the European Union: What the Adherence to Code of Practice Means for Article 50 Compliance—Special Focus on Luxembourg's Financial Sector

Coverage from The National Law Review on AI legislation and regulation relevant to the European Union.

The National Law Review·
AI Law News
Hunton Andrews Kurth LLP
July 10, 2026
European Commission Unveils Cybersecurity and AI Action Plan

Coverage from Hunton Andrews Kurth LLP on AI legislation and regulation relevant to the European Union.

Hunton Andrews Kurth LLP·
AI Law News
Tech Times
July 10, 2026
EU AI Act Enforcement Is Here: Chatbot Rules Live, High-Risk AI Delay Now Binding Law

Coverage from Tech Times on AI legislation and regulation relevant to the European Union.

Tech Times·
AI Law News
Digital Watch Observatory
July 10, 2026
Greece begins parliamentary debate on EU AI Act implementation

Coverage from Digital Watch Observatory on AI legislation and regulation relevant to the European Union.

Digital Watch Observatory·
AI Law News
Foley & Lardner LLP
July 8, 2026
Compliance and Enforcement in Global AI Regulation: EU AI Act Risks and International Regulatory Challenges

Coverage from Foley & Lardner LLP on AI legislation and regulation relevant to the European Union.

Foley & Lardner LLP·

Compliance by EU member state

Germany (EU)
EU AI Act, GDPR, German AI Strategy
Up to €35M or 7% global turnover
France (EU)
EU AI Act, GDPR, Loi SREN
Up to €35M or 7% global turnover
Netherlands (EU)
EU AI Act, GDPR, Dutch AI Regulation
Up to €35M or 7% global turnover
Spain (EU)
EU AI Act, GDPR, Spanish AI Authority (AESIA)
Up to €35M or 7% global turnover
Italy (EU)
EU AI Act, GDPR, Italian AI Strategy
Up to €35M or 7% global turnover
Sweden (EU)
EU AI Act, GDPR, Swedish AI Standards
Up to €35M or 7% global turnover
Poland (EU)
EU AI Act, GDPR, Polish AI Framework
Up to €35M or 7% global turnover
Belgium (EU)
EU AI Act, GDPR, Belgian AI Strategy
Up to €35M or 7% global turnover
Austria (EU)
EU AI Act, GDPR, Austrian Data Protection Law
Up to €35M or 7% global turnover
Denmark (EU)
EU AI Act, GDPR, Danish AI Strategy
Up to €35M or 7% global turnover
Portugal (EU)
EU AI Act, GDPR, Portuguese National AI Strategy
Up to €35M or 7% global turnover
Czech Republic (EU)
EU AI Act, GDPR, Czech Digital Agency
Up to €35M or 7% global turnover
Romania (EU)
EU AI Act, GDPR, Romanian AI Framework
Up to €35M or 7% global turnover
Hungary (EU)
EU AI Act, GDPR, Hungarian Government AI Strategy
Up to €35M or 7% global turnover
Ireland (EU)
EU AI Act, GDPR, Irish Data Protection Act
Up to €35M or 7% global turnover