Regulatory reference

EU Regulatory Timeline 2024–2030

Exact application dates, enforcement phases, and transposition deadlines for the 10 most relevant European regulations for products and services. Each date verified against EUR-Lex.

Last updated: May 2026 · Source: EUR-Lex (Official Journal of the EU)

Ten European regulations are reshaping the obligations of manufacturers, importers, distributors, and service providers between 2024 and 2030. This timeline consolidates the exact dates for each application phase, verified article by article against the consolidated version published in EUR-Lex.

Application timeline

EUR-Lex verified chronology
Already in force Pending Phased

2023

June 12, 2023
GPSR Entry into force
Reg. (EU) 2023/988 on General Product Safety enters into force. 18-month transitional period until full application.
June 6, 2023
PAY TRANSPARENCY Entry into force
Dir. (EU) 2023/970 on pay transparency enters into force. Member States have 3 years to transpose it (Art. 34).
June 29, 2023
EUDR Entry into force
Reg. (EU) 2023/1115 on deforestation-free products enters into force. Original application date set for Dec 30, 2024, postponed twice.

2024

January 11, 2024
DATA ACT Entry into force
Reg. (EU) 2023/2854 on fair access to data enters into force (Art. 50). General application after 20 months.
August 1, 2024
AI ACT Entry into force
Reg. (EU) 2024/1689 on Artificial Intelligence enters into force. Phased application in 4 stages through August 2027 (Art. 113).
December 10, 2024
CRA Entry into force
Reg. (EU) 2024/2847 on Cyber Resilience enters into force (Art. 71). Phased application in 3 stages through December 2027.
December 13, 2024
GPSR Full application
The GPSR is fully applicable (Art. 52). It repeals Directive 2001/95/EC and Directive 87/357/EEC.
⚠ Non-compliance: product withdrawal, penalties per national legislation of each Member State (Art. 44).

2025

February 2, 2025
AI ACT Phase 1 — Prohibitions and AI literacy
Unacceptable-risk AI practices prohibited (Art. 5). AI literacy obligation (Art. 4). Chapters I and II applicable (Art. 113(a)).
⚠ Fines up to €35M or 7% of annual global turnover (Art. 99(3)).
June 28, 2025
EAA Full application
Dir. (EU) 2019/882 on Accessibility fully applicable (Art. 31). Transposition: Ley 11/2023 in Spain, RD 193/2023. Products and services must meet accessibility requirements EN 301 549.
⚠ Penalties defined by each Member State (Art. 30). Spain: fines up to €100,000 per infringement.
August 1, 2025
RED DA Cybersecurity requirements applicable
Delegated Reg. (EU) 2022/30 activates Art. 3.3(d)(e)(f) of RED Dir. 2014/53/EU. Internet-connected radio equipment must meet cybersecurity requirements. Harmonized standards: EN 18031-1/-2/-3:2024.
⚠ CE marking and marketing prohibition for non-compliant equipment.
Note: Delegated Reg. 2022/30 will be repealed on Dec 11, 2027 when the CRA becomes fully applicable (Commission's proposed repealing Delegated Regulation published June 2025).
August 2, 2025
AI ACT Phase 2 — General-purpose AI (GPAI)
Obligations for general-purpose AI models (Chapter V), governance (Ch. VII, XII), penalties (Ch. III Sec. 4), and Art. 78 applicable (Art. 113(b)). Exception: Art. 101.
⚠ Fines up to €15M or 3% of turnover for GPAI providers (Art. 99(4)).
September 12, 2025
DATA ACT General application
The Data Act is fully applicable (Art. 50): access to connected product data, portability, cloud provider switching, interoperability.
⚠ Penalties defined by each Member State (Art. 40). For personal data infringements: via GDPR Art. 83 — up to €20M or 4%.

2026

January 1, 2026
TOY SAFETY Entry into force
Reg. (EU) 2025/2509 on Toy Safety enters into force. Art. 28–44 (notified bodies) and Art. 49–55 (delegations and comitology) applicable from this date. Full application on August 1, 2030.
June 7, 2026
PAY TRANSPARENCY Transposition deadline
Deadline for the 27 Member States to transpose Dir. (EU) 2023/970 (Art. 34). Clear and unconditional provisions have direct effect even without national transposition (CJEU case law).
⚠ Mandatory: publish salary ranges in job postings; prohibited to ask about pay history; employee right to information on average pay by gender (Art. 5–7).
June 11, 2026
CRA Phase 1 — Notified bodies
Member States must notify conformity assessment bodies (Ch. IV, Art. 35–51). 18 months after entry into force (Art. 71).
August 2, 2026
AI ACT Fase 3 — General application
General application of the AI Act (Art. 113): high-risk systems (Annex III), transparency (Art. 50), regulatory sandboxes (Art. 57). Exception: Art. 6(1) applies from August 2, 2027 (Art. 113(c)).
⚠ Fines: €35M / 7% (prohibitions), €15M / 3% (obligations), €7.5M / 1% (false information). SMEs: the lower figure applies (Art. 99(6)).
September 11, 2026
CRA Phase 2 — Vulnerability notification
Manufacturers must notify ENISA of actively exploited vulnerabilities and serious incidents within 24 hours (Art. 14). 21 months after entry into force (Art. 71).
⚠ Fines up to €10M or 2% of global turnover (Art. 64(3)).
September 12, 2026
DATA ACT Phase 2 — Access by design
Connected products marketed from this date must be designed to allow data access by default — "data access by design" (Art. 3(1)).
⚠ Non-compliant products may not be marketed in the EU.
December 30, 2026
EUDR Application — Large and medium-sized enterprises
Due diligence obligations under Reg. (EU) 2023/1115 applicable to large and medium-sized enterprises (Art. 38(2), amended by Reg. (EU) 2025/2650, published Dec 23, 2025). Second postponement from the original date (Dec 30, 2024).
⚠ Prohibition of marketing/export of non-compliant products. Minimum fine 4% of EU turnover (Art. 25).

2027

June 2027
PAY TRANSPARENCY First report — companies ≥ 150 employees
Companies with 150 or more employees must submit their first gender pay gap report, covering the year 2026 (Art. 9).
⚠ If the gap exceeds 5% without objective justification: mandatory joint pay assessment with employee representatives (Art. 10).
June 30, 2027
EUDR Application — Micro and small enterprises
Micro and small enterprises must comply with the EUDR under a simplified declaration regime (Art. 38(3), amended by Reg. (EU) 2025/2650).
⚠ Same consequences as large operators: prohibition of marketing non-compliant products.
July 1, 2026
RoHS Transposition of renewed exemptions
Member States must transpose the delegated directives adopted in September 2025 renewing key Annex III exemptions (6(a), 6(b), 6(c), 7(a), 7(c)) of Dir. 2011/65/EU. New expiration dates: June 30, 2027 and December 31, 2027 depending on the exemption.
Note: renewal applications for exemptions expiring on June 30, 2027 had to be submitted before December 31, 2025 (Art. 5(5)).
August 2, 2027
AI ACT Phase 4 — High risk Art. 6(1)
Application of Art. 6(1) and corresponding obligations for high-risk AI systems integrated into products regulated by EU harmonization legislation, Annex I (Art. 113(c)).
⚠ Prohibition of marketing products with non-compliant high-risk AI.
September 12, 2027
DATA ACT Phase 3 — Pre-existing contracts
The unfair contractual terms regime (Ch. IV, Art. 13) extends to indefinite-term or expiring contracts concluded before Sep 12, 2025 (Art. 50).
December 11, 2027
CRA Full application
Full application del CRA (Art. 71). Todo producto con elementos digitales comercializado en la UE debe cumplir los requisitos esenciales de ciberseguridad del Anexo I. El Reg. Delegado 2022/30 (RED DA cybersecurity) queda derogado en esta fecha.
⚠ Fines up to €15M or 2.5% of global turnover (Art. 64(2)). Market withdrawal. Mandatory recall (Art. 54).

2030

June 28, 2030
EAA End of transitional period for pre-existing products
The 5-year transitional period expires for products used in the provision of services that were marketed before June 28, 2025 (Art. 32). From this date, all products in service must comply with the EAA.
August 1, 2030
TOY SAFETY Full application
Reg. (EU) 2025/2509 fully applicable. Dir. 2009/48/EC on Toy Safety is repealed. Mandatory: digital product passport (DPP), new chemical requirements (PFAS, bisphenols, endocrine disruptors), cybersecurity requirements for connected toys.
⚠ Penalties defined by each Member State. Prohibition of marketing non-compliant toys.

Types of dates: what each one means

Not all dates have the same legal effect. Confusion between "entry into force," "date of application," and "transposition deadline" can lead a company to prepare too early (unnecessary cost) or too late (non-compliance). This section clarifies the difference.

Entry into force

The regulation legally exists but does not create obligations for businesses. Typically 20 days after publication in the OJEU. It marks the beginning of the transitional period. Applies to: regulations and directives.

Date of application

The day obligations become enforceable. From this date, non-compliance can be sanctioned. For regulations, it applies directly in all 27 Member States. This is the critical date for manufacturers, importers, and distributors.

Transposition deadline

Directives only. Deadline for each Member State to adopt national legislation. If a State fails to transpose on time, certain clear provisions may have direct effect (CJEU case law: Van Duyn, C-41/74; Francovich, C-6/90).

Note — Phased application: Several regulations (AI Act, CRA, Data Act, EUDR) apply their obligations in phases. The "general" application date does not equal the application date of all obligations. Always check the dates article of each regulation (indicated in the summary table) to verify which specific obligations apply at each date.

Summary table: the 10 regulations and their key dates

Verified against EUR-Lex — May 2026
Regulation Type Dates article Entry into force Main application Full application Current status
CRA
Reg. (UE) 2024/2847		 Regulation Art. 71 Dec 10, 2024 Sep 11, 2026
vulnerability notification		 Dec 11, 2027 PHASED
AI Act
Reg. (UE) 2024/1689		 Regulation Art. 113 Aug 1, 2024 Aug 2, 2026
general application		 Aug 2, 2027
high risk Art. 6(1)		 PHASED
EUDR
Reg. (UE) 2023/1115
mod. Reg. 2025/2650		 Regulation Art. 38 Jun 29, 2023 Dec 30, 2026
large/medium enterprises		 Jun 30, 2027
micro/small		 PENDING
GPSR
Reg. (UE) 2023/988		 Regulation Art. 52 Jun 12, 2023 Dec 13, 2024 Dec 13, 2024 IN FORCE
EAA
Dir. (UE) 2019/882		 Directive Art. 31 Jun 27, 2019 Jun 28, 2025
transposition: June 28, 2022		 Jun 28, 2030
product transitional end		 IN FORCE
Pay Transparency
Dir. (UE) 2023/970		 Directive Art. 34 Jun 6, 2023 7 jun 2026
transposition		 Jun 2031
report 100-149 employees		 PENDING
Data Act
Reg. (UE) 2023/2854		 Regulation Art. 50 Jan 11, 2024 Sep 12, 2025 Sep 12, 2027
pre-existing contracts		 IN FORCE
RED + DA ciberseg.
Dir. 2014/53/UE
Reg. Del. 2022/30		 Directive +
Delegated Reg.		 Art. 3.3(d)(e)(f)
DA Art. 2		 12 jun 2014
DA: Jan 2022		 Aug 1, 2025
DA cybersecurity		 Dec 11, 2027
DA repeal → CRA		 IN FORCE
RoHS
Dir. 2011/65/UE		 Directive Art. 4–5 Jul 21, 2011 Jan 2, 2013
RoHS 2 applicable		 Ongoing
exemptions 2027		 IN FORCE
Toy Safety
Reg. (UE) 2025/2509		 Regulation Art. 79–80 1 ene 2026 Aug 1, 2030
full application + DPP		 Aug 1, 2030 PHASED

About the EUDR — second postponement confirmed: Reg. (EU) 2025/2650 was published in the OJEU on Dec 23, 2025 and entered into force three days later. It postpones the application date by an additional year: Dec 30, 2026 for large/medium enterprises, Jun 30, 2027 for micro/small. The first postponement (Reg. 2024/3234, Dec 2024) had delayed from Dec 2024 to Dec 2025.

About RoHS — key exemptions renewed: In September 2025, the Commission adopted delegated directives renewing exemptions 6(a), 6(b), 6(c), 7(a), and 7(c) of Annex III (lead in steel, aluminum, copper alloys, and solders). OJEU publication: Nov 21, 2025. New expiration dates: between June 30, 2027 and December 31, 2027 depending on the exemption. Renewal applications for exemptions expiring on June 30, 2027 had to be submitted before December 31, 2025 (Art. 5(5) Dir. 2011/65/EU).

Verified official sources

All data on this page has been extracted from and verified against the following official sources. Last verified: May 2026.

CRA — EUR-Lex 2024/2847 AI Act — EUR-Lex 2024/1689 EUDR — EUR-Lex 2023/1115 EUDR mod. — EUR-Lex 2025/2650 GPSR — EUR-Lex 2023/988 EAA — EUR-Lex 2019/882 Pay Transp. — EUR-Lex 2023/970 Data Act — EUR-Lex 2023/2854 RED — EUR-Lex 2014/53 RED DA — EUR-Lex 2022/30 RoHS — EUR-Lex 2011/65 Toy Safety — EUR-Lex 2025/2509 European Commission — CRA Summary AI Act Service Desk — Art. 113
Version 1.0 — Reviewed May 2026. Our analysts periodically verify this information against EUR-Lex.
This page is for informational purposes only and does not constitute legal advice. Based on legislation published in EUR-Lex. Consult each regulation individually for your specific case.

Check if your product is affected at solidwaretools.com