In short: AI regulation is not one deadline, it's dozens, staggered across jurisdictions from the EU to US states to sector regulators. This calendar consolidates every enforcement date, application date, and compliance window that matters to small and mid-size teams in 2026 and 2027. Updated monthly.
Updated monthly as laws pass and deadlines shift. Last updated: May 22, 2026.
Already in force (2025)
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Feb 2, 2025 | EU | EU AI Act, prohibited AI practices (Article 5) | All organizations placing AI in EU market |
| Feb 2, 2025 | EU | EU AI Act, GPAI governance (Chapter V partial) | GPAI model providers |
| Jan 1, 2025 | Illinois | AEDT annual audit requirement continues | Employers using AI in hiring in Illinois |
| Jan 1, 2025 | California | CalAI amendments (SB 1047 provisions) | AI developers, deployers in CA |
| Mar 2025 | US Federal | FTC Operation AI Comply (second wave) | AI tools making claims to consumers |
2026 deadlines
Q1 2026 (January-March)
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Feb 1, 2026 | Colorado | Colorado AI Act (SB 205), high-risk AI in consequential decisions | Deployers making decisions on credit, housing, employment, healthcare, education |
| Feb 1, 2026 | Colorado | Consumer notification requirement | Any system using AI in a covered high-risk decision must notify affected individuals |
| Ongoing | US Federal | FTC AI enforcement, ongoing investigations under Section 5 | AI vendors making unsubstantiated capability claims |
Colorado SB 205: High-risk AI means any system making consequential decisions for a Colorado resident, employment, credit, housing, insurance, healthcare, or education. Deployers must run a bias audit, document the impact assessment, and notify affected consumers.
Q2 2026 (April-June)
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Ongoing | US Federal | SEC AI governance examination priorities | Registered investment advisers using AI for client recommendations |
| Ongoing | US Federal | CFPB adverse action notice requirement | Any lender using AI model in credit decision must provide specific adverse action notice |
| Ongoing | EU | EU AI Act enforcement by national authorities | Violations of prohibited AI practices now subject to fines up to €35M or 7% of global revenue |
| Jun 2026 | Washington | Washington AI Likeness Protection Act, enforcement provisions | Commercial use of AI-generated likeness without consent |
Q3 2026 (July-September)
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Aug 2, 2026 | EU | EU AI Act, GPAI provider obligations (Chapter V, Article 53) | Any organization that trained, fine-tuned, or makes available a general-purpose AI model to EU users |
| Aug 2, 2026 | EU | GPAI systemic risk obligations (Article 55 + Annex XIII) | GPAI providers above 10²⁵ FLOPs training compute |
| Aug 2, 2026 | EU | EU AI Office enforcement jurisdiction | EU AI Office may investigate GPAI providers from this date |
August 2 GPAI obligations:
- Technical documentation (Article 53(1)(a))
- Information for downstream operators (Article 53(1)(b))
- Copyright compliance policy (Article 53(1)(c))
- Training data summary, publicly available (Article 53(1)(d))
- For systemic risk: red-team results, incident reporting, cybersecurity documentation
Q4 2026 (October-December)
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Oct 1, 2026 | Connecticut | SB 5, AI in consequential employment decisions | Any employer using AI in hiring, promotion, termination, or compensation decisions affecting CT employees |
| Oct 1, 2026 | Connecticut | AEDT disclosure notices required | Notice before using AI in consequential employment decision |
| Oct 1, 2026 | Connecticut | Bias audit requirement | Annual bias audit for covered AEDT tools |
| Oct 1, 2026 | Connecticut | Whistleblower protection, anti-retaliation | Employees who report AEDT violations |
| Late 2026 | Maryland | Algorithmic pricing law, effective date TBD pending rulemaking | Businesses using algorithmic pricing in consumer-facing markets |
| Dec 2026 | Texas | AI Liability Act, potential effective date | Pending as of May 2026; covers AI-caused harm in high-stakes sectors |
Connecticut SB 5 covered decisions: Any employment decision affecting hiring, promotion, termination, or compensation. Employers must: disclose AI use in writing, allow opt-out, conduct annual bias audits, maintain records for 4 years.
2027 deadlines
| Date | Jurisdiction | What applies | Who it covers |
|---|---|---|---|
| Dec 2, 2027 | EU | EU AI Act, high-risk AI system obligations (Annex III) | Deployers of AI in hiring, healthcare, credit scoring, critical infrastructure, law enforcement, education |
| Dec 2, 2027 | EU | Conformity assessment required | High-risk AI systems must have conformity documentation before deployment |
| Dec 2, 2027 | EU | EU AI database registration | Deployers of standalone high-risk AI must register in EU public database |
| Dec 2, 2027 | EU | Human oversight mechanism required | High-risk AI deployers must implement documented human oversight |
| Aug 2, 2027 | EU | EU AI Act, full application including all transitional provisions | All remaining transitional categories |
| Jan 1, 2027 | Illinois | AEDT update, broader AI system coverage expected | Employers using any AI system in hiring in Illinois |
| 2027 TBD | US Federal | FTC AI rulemaking (proposed rule) | Pending; expected to cover automated decision-making in consumer contexts |
Sector-specific ongoing obligations
These are not one-time deadlines but continuous obligations already in force:
| Sector | Regulator | Obligation | In force since |
|---|---|---|---|
| Healthcare | HHS / OCR | HIPAA BAA required for any AI tool processing PHI | Ongoing |
| Healthcare | FDA | AI/ML-based SaMD (software as a medical device) clearance | Ongoing |
| Financial services | CFPB | Adverse action notice for AI credit decisions | Ongoing |
| Financial services | SEC | Investment adviser AI disclosure to clients | 2024 |
| Employment | EEOC | Disparate impact standard applies to AI hiring tools | Ongoing |
| Employment | OFCCP | Federal contractors, AI in selection procedures | Ongoing |
| Consumer products | FTC | Section 5 unfair/deceptive acts, AI capability claims | Ongoing |
| Children's data | FTC | COPPA, AI tools used with children under 13 | Ongoing |
Deadlines that shifted in 2026
These dates were originally set differently and have been updated:
| Original deadline | New deadline | What changed | Source |
|---|---|---|---|
| Aug 2, 2026 (EU high-risk) | Dec 2, 2027 | EU Digital Omnibus extended Annex III high-risk deadline by 16 months | EU Digital Omnibus provisional agreement, May 7, 2026 |
| Aug 2026 (GPAI) | Not extended | GPAI Chapter V deadline was NOT extended by EU Digital Omnibus | EU AI Office confirmed, May 2026 |
How to use this calendar
For small teams: Focus on three questions:
- Do you provide a GPAI model to EU users? → August 2, 2026 is your deadline.
- Do you use AI in consequential employment decisions affecting Connecticut employees? → October 1, 2026.
- Do you deploy AI in high-risk EU AI Act categories (hiring, healthcare, credit)? → December 2, 2027, start documentation now.
For compliance teams: Use the AI governance checklist to map each deadline to the specific documents and controls required.
For legal teams: Each row above represents a separate compliance regime with distinct penalty structures, enforcement mechanisms, and documentation requirements. Cross-jurisdictional AI deployments (e.g., a US employer using AI in hiring decisions affecting both Connecticut employees and EU employees) trigger simultaneous obligations under SB 5 and the EU AI Act.
Penalties: What enforcement looks like in practice
Understanding the deadline is only half the picture. Each jurisdiction has distinct penalty structures that affect how urgently to prioritize compliance.
| Jurisdiction | Maximum penalty | Enforcement body | First enforcement action expected |
|---|---|---|---|
| EU AI Act (prohibited practices) | €35 million or 7% of global annual revenue | National market surveillance authorities; EU AI Office for GPAI | Ongoing, prohibited practices in force since Feb 2025 |
| EU AI Act (GPAI violations, Aug 2026) | €15 million or 3% of global annual revenue | EU AI Office | Post-August 2026 |
| Colorado SB 205 | Civil enforcement by Colorado AG; private right of action | Colorado Attorney General | After Feb 1, 2026 |
| Connecticut SB 5 | Civil enforcement; penalty per violation TBD in rulemaking | Connecticut AG | After Oct 1, 2026 |
| NYC Local Law 144 (AEDT) | Up to $500 per violation per day | NYC Department of Consumer and Worker Protection | Already active |
| FTC Section 5 (AI) | Up to $53,088 per violation per day | Federal Trade Commission | Ongoing |
For most small teams, the practical near-term risk is not a multi-million-dollar EU fine, it is FTC enforcement for misleading AI claims, or a New York City Local Law 144 finding for using an unaudited AI hiring tool. The EU deadlines matter for organizations with EU market presence, but the state and federal US obligations are already in force.
Note that penalties often compound: a single AI hiring tool that lacks a bias audit may simultaneously trigger NYC Local Law 144 penalties, an Illinois AEDT violation, and a Colorado SB 205 finding if the employer operates across those jurisdictions. Cross-jurisdictional compliance mapping is not optional for organizations with employees or customers in multiple covered states.
Sources and verification
Dates in this calendar are sourced from official legislative text, regulatory guidance, and official announcements. Where a date is subject to change (marked TBD), the status reflects the situation as of May 2026.
- EU AI Act (Regulation 2024/1689): eur-lex.europa.eu
- EU Digital Omnibus provisional agreement: European Parliament, May 7, 2026
- Connecticut SB 5: Connecticut General Assembly, enacted 2025
- Colorado SB 205: Colorado General Assembly, enacted 2024
- Illinois AEDT: 820 ILCS 42
For questions about specific obligations, see the individual compliance guides linked in the sidebar.
