REGULATION (EU) 2024/1689 · CELEX:32024R1689

EU AI Act compliance,
by article.

Eight articles that matter. Four open-source tools that produce the artefacts your auditor opens — verbatim regulation, enforcement dates, penalty bands, in one searchable surface.

Browse 8 articlesSee timeline
Article 6 · Annex III · the Act’s risk model
Unacceptable risk
Banned · Art. 5 · enforced 02 Feb 2025
Art 5
High risk
Annex III · full obligations · Aug 2026 / 2027
Art 9Art 10Art 11Art 13Art 15Art 19
Limited risk
Transparency only · Art. 50 · Aug 2026
Art 50
Minimal risk
No obligations · voluntary codes
— no indexed articles —
+ GPAI overlay · Art 51–568 / 113 indexed
Articles indexed
8/ 113
Penalty bands
4tiers
Highest fine
€35Mor 7%
Tools shipped
4open-source
Article browser

Pick an article. See exactly what it asks of you.

Verbatim regulation, enforcement date, penalty band, and the open-source tool that produces the named regulatory artefact — all in one click.

Source: Regulation (EU) 2024/1689 · Official Journal of the European Union

Articles 99 + 101

Four bands. One CFO conversation.

Tier 1 lands at €35M or 7% of global turnover for Article 5 prohibitions. The bars are drawn to scale.

TIER 1
€35M · 7% of global turnover
Article 5 prohibitions — absolute, no opt-out
Article 99(3)
TIER 2
€15M · 3% turnover
High-risk operator + conformity failures (Art. 8–27)
Article 99(4)
TIER 3
€7.5M · 1% turnover
Misleading information to authorities
Article 99(5)
TIER 4
€15M · 3% turnover · GPAI
GPAI providers — Commission-imposed via AI Office
Article 101(1)
Article 99(6) — SME proportionality. For SMEs and start-ups, the penalty is whichever is lower of the percentage of turnover or the absolute euro cap (the inverse of the rule for established firms).
Article 113 — staggered application

Two enforcement dates already passed. Two ahead.

Each dot is a wall of obligations switching on. Hover for what enforces.

2025-02-02
ENFORCED
Articles 1–5
2025-08-02
ENFORCED
GPAI + governance
2026-08-02
UPCOMING
High-risk wave
2027-08-02
UPCOMING
Sectoral high-risk
2025-02-02
Articles 1–5
Including Article 4 (AI literacy) and Article 5 (prohibited practices). Tier-1 fines active.
2025-08-02
GPAI + governance
Article 53 GPAI obligations, governance provisions, penalties (Articles 99 and 101) all enforce.
2026-08-02
High-risk wave
Most remaining provisions including Articles 6–15 — risk management, data governance, technical documentation, accuracy.
2027-08-02
Sectoral high-risk
Article 6(1) and Annex I — high-risk products covered by sector-specific Union harmonisation legislation.
Cross-cutting explainers

Two scope regimes. Different rulebooks.

ARTICLE 6 + ANNEX III

What counts as high-risk

Eight Annex III categories trigger the full obligations stack — risk management, data governance, technical documentation, accuracy. Article 6(3) carves a narrow exemption pathway; profiling automatically keeps a system in scope.

  • 1Biometricscategorisation and emotion inference outside the Article 5 prohibitions
  • 2Critical infrastructuresafety components in road, water, gas, electricity
  • 3Educationadmission, evaluation, monitoring of prohibited behaviours
  • 4Employmentrecruitment, promotion, performance evaluation
  • 5Essential servicescredit scoring, insurance, public benefit eligibility
  • 6Law enforcementrisk assessment, evidence reliability, profiling
  • 7Migration & bordersvisa, asylum, identity verification
  • 8Justice & democracyjudicial decision support, election influence
See applicable articles →
ARTICLES 51 — 56

GPAI providers

General-purpose AI obligations sit on a separate enforcement chain — the European Commission, via the AI Office, not Member State authorities. A systemic-risk overlay activates above the 10²⁵ FLOPs threshold (Art. 51(2)).

  • 53Baseline obligationsAnnex XI technical documentation, downstream-provider information, copyright policy, training-data summary (Art. 53(1)(a)–(d))
  • 51Systemic-risk threshold10²⁵ FLOPs cumulative training compute (Art. 51(2)); LCC also flags 65B+ parameter models per Art. 53(2)
  • 55Systemic-risk obligationsmodel evaluation, adversarial testing, incident reporting
  • 56Codes of practicevoluntary mechanism for demonstrating compliance until standards published
  • 101Sanctionsup to €15M or 3%, imposed directly by the Commission
Article 53 detail →
When the findings land on a governance desk

Tools surface problems. Programmes solve them.

The articles above translate into evidence packs an engineering team can ship — risk files, training-data manifests, accuracy benchmarks. The next step (programme design, board narrative, regulator engagement) is the work AskAjay covers, the advisory arm of AI Exponent LLC.

Explore advisory at AskAjay.ai →