EU AI Act Timeline Germany: 2 August 2026, 2027 and 2028
Short answer
The EU AI Act timeline for German businesses is now split across three key dates. 2 August 2026 still matters for Article 50 transparency and the broader framework, but stand-alone Annex III high-risk AI systems move to 2 December 2027 and product-embedded high-risk AI systems move to 2 August 2028.
- 2 August 2026 still matters for transparency and framework obligations.
- 2 December 2027 matters for stand-alone Annex III high-risk AI.
- 2 August 2028 matters for high-risk AI embedded in regulated products.
The EU AI Act timeline Germany should now be read as three dates, not one. For German businesses, 2 August 2026 still matters for the broad framework and Article 50 transparency obligations, but stand-alone Annex III high-risk AI systems move to 2 December 2027 and product-embedded high-risk AI systems move to 2 August 2028. That is the more accurate answer for procurement, compliance, and founder teams asking what the “August 2026 deadline” really means.
Timeline Table: 2025, 2026, 2027, 2028
| Date | What applies | Typical German-business relevance |
|---|---|---|
| 2 February 2025 | Prohibited AI practices and AI literacy duties | Ban review, internal governance, training |
| 2 August 2025 | Governance rules and GPAI obligations | Model-layer and provider-side analysis |
| 2 August 2026 | Broad application date, including Article 50 transparency | Customer-facing AI, disclosure, procurement readiness |
| 2 December 2027 | Stand-alone Annex III high-risk AI systems | HR, biometrics, education, scoring, essential services |
| 2 August 2028 | Product-embedded high-risk AI systems | Product-linked and CE-framework scenarios |
The European Commission’s AI Act overview now uses this split timeline, and the Council of the EU’s March 13, 2026 press release uses the same delayed high-risk dates.
What Still Applies on 2 August 2026?
The 2 August 2026 date remains important because it is still the right answer for some obligations. Most visibly, it is the date for Article 50 transparency and disclosure obligations that matter when users interact with AI systems or when AI-generated content triggers labelling requirements.
It is also the date many German companies should use for internal readiness on:
- governance documentation,
- workflow mapping,
- customer-facing AI disclosures,
- vendor evidence collection,
- and role allocation between provider and deployer.
If your organisation uses chatbots, AI assistants, or other user-facing automation, this date is not optional.
Which High-Risk AI Systems Move to 2 December 2027?
The 2 December 2027 date matters for the stand-alone high-risk AI systems that dominate many commercial legal queries. In practice, this covers the Annex III categories most often seen in enterprise procurement:
- employment and worker management,
- biometrics,
- education,
- critical infrastructure,
- access to essential services such as credit scoring,
- and other classic stand-alone high-risk areas.
This is why a German company buying an AI recruitment tool or biometric verification system should no longer be told simply that “high-risk AI is due in August 2026.” The more useful answer is that the stand-alone high-risk date now points to 2 December 2027, while procurement work should start earlier.
Which Systems Move to 2 August 2028?
The 2 August 2028 date applies to high-risk AI embedded in regulated products. That is different from a stand-alone software tool used by HR, sales, legal, or procurement. The product branch is mainly relevant for companies operating inside product-safety and CE-marking frameworks.
For general software procurement in Germany, the 2028 date is usually less important than 2026 and 2027. For regulated-product businesses, it can be the central date.
What Procurement Teams Should Do Now
Even with the split timeline, legal and procurement teams should act now:
- Sort systems by date. Divide your AI estate into 2026, 2027, and 2028 buckets.
- Fix transparency first. Customer-facing AI often creates the clearest 2026 workstream.
- Negotiate the evidence trail early. Ask for technical documentation, logging support, oversight instructions, incident clauses, and update notifications before signature.
- Run AI Act and GDPR review together. Most German procurement projects need both.
For the buyer-side workflow, see our AI Act procurement requirements for German enterprises, GDPR AI procurement guide, and AI vendor due diligence in Germany.
FAQ
What does 2 August 2026 mean under the EU AI Act?
It remains the broad framework date and the key date for Article 50 transparency obligations. It should not be used as a blanket answer for every high-risk AI obligation.
Which high-risk AI systems move to 2 December 2027?
Stand-alone Annex III high-risk AI systems move to 2 December 2027 under the current official timeline framing. For German businesses, that is especially relevant in HR, biometrics, education, and scoring use cases.
Which AI systems move to 2 August 2028?
High-risk AI systems embedded in regulated products move to 2 August 2028. This is the product-linked branch of the timeline.
This page is general information only and not legal advice. Specific AI Act timing depends on the concrete AI system, its role in the value chain, the sector involved, and the official guidance available at the time of deployment.
