For most of the last decade, a European company that wanted to use software just used it. You picked a tool, you signed a contract, and the hard questions about where data lived and who could be held responsible stayed mostly with the lawyers.
That era is over for anything touching AI.
In the space of three years the European Union passed seven separate regulations that, between them, govern how you build AI, how you buy it, where it runs, what it is allowed to decide, and what you have to be able to show when someone asks. They were not designed as one law. They arrived from different directorates, aimed at different problems, on different timelines. But they have stacked. If you run AI that touches a European user, you are now inside all of them at once.
Here is the whole picture on one timeline.
Read it left to right and a pattern shows up. The early entries are about data and resilience. The middle is the AI Act phasing in. The right edge, late 2026 into 2027, is where the enforcement teeth land. By the end of 2027 the question stops being "are you compliant" and becomes "can you prove it." Those are different questions, and the second one is the one that catches teams out.
Let me take the seven in turn, in plain language, with the dates that matter.
GDPR: the foundation everything else assumes
The General Data Protection Regulation has applied since 25 May 2018, and it is easy to treat it as old news. It is not. Every regulation that followed assumes GDPR is already handled, and AI has a way of quietly breaking that assumption.
The core duties have not changed. You need a lawful basis to process personal data, you can only use it for the purpose you collected it for, and you have to minimize what you keep. The part that bites for AI sits in Article 22, which gives people the right not to be subject to a decision based solely on automated processing where that decision has a legal or similarly significant effect. A model that screens job applicants or scores loan applications walks straight into that article.
The fines set the tone for the whole stack. The most serious GDPR breaches carry penalties of up to 20 million euros or 4% of total worldwide annual turnover, whichever is higher. Every regulation that came after borrowed this turnover based model, and most of them raised the ceiling.
The practical lesson is that GDPR is not a layer you finish and move past. It is the floor the other six are built on, and an AI system that mishandles personal data fails GDPR before it ever gets to the AI Act.
NIS2: cybersecurity as a legal duty
The NIS2 Directive is the EU's second pass at network and information security, and it widened the net considerably. Member States were required to transpose it into national law by 17 October 2024, so it is already live in the countries that hit the deadline and being chased in the ones that did not.
NIS2 covers operators of essential and important services across sectors like energy, transport, banking, health, digital infrastructure, and public administration. If you fall in scope, you owe a set of risk management measures and, importantly, fast incident reporting. A significant incident triggers an early warning within 24 hours and a fuller notification soon after.
For AI teams the relevance is indirect but real. If your AI sits inside a service that NIS2 covers, the model and the pipeline around it are part of the attack surface you have to secure and the incident chain you have to report on. A prompt injection that leaks data or a compromised model endpoint is a security incident under this regime, not just an engineering bug.
DORA: resilience for finance
The Digital Operational Resilience Act applies from 17 January 2025 and targets the financial sector specifically: banks, insurers, investment firms, and the technology providers they depend on.
DORA's idea is that a bank is only as resilient as its weakest critical supplier, so it pulls third party technology providers into scope and demands that financial entities map their dependencies, test their resilience, and manage the risk of the vendors they rely on. For a bank deploying AI, that means the model provider and any routing or infrastructure layer in front of it are part of the resilience picture the regulator expects you to have mapped and managed.
If you sell AI tooling into European finance, DORA is the reason your customers will ask hard questions about your uptime, your failover, and your own supply chain. If you are the financial entity, those questions are now your legal obligation to answer.
The AI Act: the centerpiece, phasing in across three years
The EU AI Act is the big one, and it does not switch on all at once. It entered into force on 1 August 2024 and applies in stages, which is why it shows up three separate times on the timeline.
2 February 2025 brought the first wave: the prohibited practices and the AI literacy duty. A short list of uses is simply banned, including social scoring, certain biometric categorization, and manipulative systems that exploit vulnerabilities. Alongside the bans, organizations have to ensure staff who deal with AI systems have a sufficient level of AI literacy. That literacy requirement is easy to overlook and applies broadly.
2 August 2025 turned on the rules for general purpose AI models, the governance structure, the notified bodies, and the penalty provisions. If you build or fine tune a foundation model, this is the date your transparency and documentation duties started. Models already on the market before that date get until 2 August 2027 to come into line.
2 August 2026 is the date most enterprises should circle. This is when the obligations for high risk systems in Annex III start to apply: AI used in areas like employment, education, essential services, credit scoring, and critical infrastructure. High risk does not mean banned, it means heavily governed. Providers and deployers need a risk management system, data governance for training and input data, technical documentation, automatic record keeping, transparency to users, human oversight, and post market monitoring. The remaining classification rule in Article 6(1) follows on 2 August 2027, which is the point of full application.
The penalties are the sharpest in the whole stack. Breaching the prohibitions can cost up to 35 million euros or 7% of total worldwide annual turnover, whichever is higher. Other violations carry lower but still substantial caps. And like GDPR, the Act reaches outside the EU: if the output of your system is used in the EU, you are in scope no matter where you are incorporated.
The thread running through every high risk obligation is documentation. Risk management you cannot evidence, oversight you cannot show, and records you did not keep all read the same way to an auditor as having none at all.
The Data Act: your data, and the right to leave
The Data Act became applicable on 12 September 2025, and it is the one teams tend to miss because it is not framed as an AI law. It is about who controls data generated by connected products and services, and about breaking down lock in.
Two parts matter most for AI infrastructure. First, the Act gives users the right to access and port the data their use generates. Second, and more pointed, it requires cloud and data processing providers to let customers switch to another provider without unfair obstacles, and it phases out the egress fees that have long made leaving expensive. The intent is an open market where you are not trapped with one vendor because moving is too painful.
For anyone choosing where to run AI, this reframes vendor choice as a compliance relevant decision. A stack you cannot exit is now a stack that sits awkwardly against a regulation built to guarantee you can leave. Portability stopped being a procurement preference and became a legal expectation, which is part of why edge based routers without a clear exit path are a poor fit for European teams.
The Cyber Resilience Act: security built into the product
The Cyber Resilience Act entered into force on 10 December 2024 and sets cybersecurity requirements for products with digital elements, which covers a vast range of hardware and software sold in the EU.
It works on a phased timeline like the AI Act. The vulnerability and incident reporting obligations begin on 11 September 2026: from that date manufacturers have to report actively exploited vulnerabilities and serious incidents to the authorities within tight windows. The main body of obligations, covering secure design, vulnerability handling across the product lifecycle, and conformity assessment, applies fully from 11 December 2027.
If you ship software that includes AI, the CRA says security is not a feature you add later. It has to be designed in, maintained across the life of the product, and backed by a process for handling vulnerabilities when they surface. A model integrated into a product you sell is part of what you are now certifying as secure.
The European Health Data Space: the long horizon
The European Health Data Space regulation entered into force on 26 March 2025, and it governs both the use of health data for direct care and its reuse for research and policy.
A note on timing, because the timeline graphic compresses it. While the regulation is already in force, its main operational provisions phase in over several years, with the bulk of obligations landing from 2029 onward and further milestones after that. So EHDS is less an immediate deadline and more a direction of travel: health data is getting its own dedicated regime with strict rules on access, consent, and secondary use. If you build AI in or near healthcare, this is the framework that will define what you can train on and how you can use patient data, and it rewards getting your data governance house in order early.
What the seven add up to
Step back from the individual laws and they converge on a single demand. Different regulators, different sectors, different dates, but the same three things asked of anyone running AI in Europe.
| What the regulations demand | What it means in practice |
|---|---|
| Governance | Documented policies, human oversight, risk management, and a named owner. The AI Act, DORA, and NIS2 all want to see that someone is in control and can show how. |
| Auditability | Records of what your AI did, when, on what data, and with what result. High risk AI Act systems require automatic logging. CRA and NIS2 require incident trails. GDPR requires you to show your processing was lawful. |
| Data residency | Proof that personal and regulated data stayed within the borders the law requires. GDPR governs transfers, EHDS governs health data, and the Data Act governs your ability to move between providers at all. |
The line at the bottom of the timeline says it cleanly. By December 2027, any company using AI in Europe must prove governance, auditability, and data residency. Not claim it. Prove it, with evidence a supervisory authority can ask you to hand over.
That word, prove, is the whole shift. For years compliance was a posture. You wrote a policy, you trusted your vendors, and you hoped no one looked too closely. The 2026 and 2027 deadlines turn it into a documentation problem. The teams that struggle will not be the ones with bad intentions. They will be the ones who did the right things but kept no record of having done them.
Where this lands for your AI stack
The hardest of the three to retrofit is usually auditability, because it has to be captured at the moment a request runs, not reconstructed afterward. You cannot log what already happened. And in a modern AI stack, the requests are scattered: one model here, a fallback provider there, a caching layer, an agent calling tools. If each of those is logged differently, or not at all, the audit trail a regulator wants does not exist as a single thing.
This is the case for putting a gateway in front of your models. A gateway is the one point every request passes through, which makes it the right place to handle all three demands at once. One audit log across every provider rather than a dozen partial ones, which is what usage analytics across every model and provider is built to give you. A model library where you approve only EU hosted models, so inference cannot silently leave the region. Guardrails and content policy applied in a single place instead of copied into every service. Role based access control so there is always a named owner and a clear record of who can do what. Routing and logging that stay inside EU borders by design.
That is the role Requesty is built for. Requesty runs a dedicated EU endpoint hosted in Frankfurt on AWS eu central 1, so request routing, logging, caching, and analytics all stay within EU borders. You can restrict inference to approved EU hosted models, you get a per request log that shows exactly what ran and where, and the platform is SOC 2 Type II certified with a DPA available, which is the same security and compliance baseline a serious gateway should meet. The governance, auditability, and residency the seven regulations converge on get handled at the routing layer, once, instead of being rebuilt in every application you ship. You can wire it in with $10 of free credit and see the audit trail for yourself.
Seven regulations in three years is a lot to absorb, and more is coming. But the demand underneath them is stable and worth internalizing now, well before the 2027 deadlines arrive. Build so that at any moment you can show what your AI did, prove where the data lived, and point to who was in control. Do that and the next regulation, whatever it is, becomes a question you can already answer.
This article is a plain reading of public regulatory timelines and is not legal advice. Confirm how each regulation applies to your specific situation with qualified counsel.
Frequently asked questions
- Which EU regulations apply to a company using AI in 2026?
- Seven overlapping regulations now govern enterprise AI in the EU. GDPR (in force since 2018) covers personal data. NIS2 (national transposition due October 2024) sets cybersecurity baselines for critical sectors. DORA (applies 17 January 2025) covers operational resilience in finance. The AI Act phases in from February 2025 through August 2027. The Data Act (applies 12 September 2025) mandates cloud switching and data portability. The Cyber Resilience Act sets security duties for products with digital elements, with reporting from 11 September 2026 and full application 11 December 2027. The European Health Data Space governs health data, with its main provisions phasing in from 2029.
- What is the EU AI Act August 2026 deadline?
- On 2 August 2026 the bulk of the EU AI Act starts to apply, including the obligations for high risk systems listed in Annex III. Providers and deployers of high risk AI must have risk management, data governance, technical documentation, record keeping, transparency, human oversight, and post market monitoring in place. The classification rule in Article 6(1) and its related obligations follow on 2 August 2027. Penalties for the most serious breaches reach 35 million euros or 7% of total worldwide annual turnover, whichever is higher.
- Does the EU AI Act apply to companies outside the EU?
- Yes. The AI Act applies to providers and deployers established outside the EU if the output of their AI system is used in the EU. A US company whose model serves European users falls in scope. This mirrors how GDPR reaches any organization processing the personal data of people in the EU, regardless of where the organization sits.
- What are the GDPR fines for AI systems?
- GDPR fines reach up to 20 million euros or 4% of total worldwide annual turnover, whichever is higher, for the most serious infringements. An AI system that processes the personal data of EU residents has to satisfy GDPR on lawful basis, purpose limitation, data minimization, and the rules on automated decision making in Article 22. The AI Act sits on top of GDPR rather than replacing it, so both apply at once.
- What does an enterprise have to prove by December 2027?
- By 11 December 2027 the AI Act is fully applicable and the Cyber Resilience Act main obligations are in force. Taken together with GDPR, the Data Act, and the rest, a company running AI in Europe has to demonstrate three things on demand: governance (documented policies, human oversight, risk management), auditability (per request logs showing what ran, when, and on what data), and data residency (proof that personal and regulated data stayed where the law requires). These are no longer nice to have. They are evidence a regulator can ask you to produce.
- How does an LLM gateway help with EU AI compliance?
- An LLM gateway is the single point every model request passes through, which makes it the natural place to enforce and record compliance. A gateway gives you one audit log across every provider, lets you restrict inference to approved EU hosted models, applies guardrails and content policy in one place, and keeps routing and logging inside EU borders. Requesty runs a dedicated EU endpoint in Frankfurt on AWS eu-central-1, is SOC 2 Type II certified, and offers a DPA, so the governance, auditability, and residency the regulations demand are handled at the routing layer instead of reimplemented in every application.
- MAY '26
EU Compliant AI Routing: Why Your LLM Gateway Needs to Be GDPR and EU AI Act Ready
The EU AI Act's high risk provisions take full effect on August 2, 2026. Edge based routers like OpenRouter on Cloudflare give you no audit trail of where your data went. Here is why Requesty's EU infrastructure in Frankfurt is the compliant choice for AI routing in Europe.
- JUL '25
Security & Compliance Checklist: SOC 2, HIPAA, GDPR for LLM Gateways
- MAR '25
Why Enterprise Companies use Requesty for AI Access
- APR '26
Guardrails for LLM traffic: what gets masked, and why it's org-wide
Requesty Guardrails scan every request and every response for PII, credentials, and financial data — masking matches before the model sees them and before the response returns. One admin toggle, zero application code, no bypass.