DeadlinesAI Act 2027 high-risk evidence timeline

AI Act 2027 high-risk evidence timeline

High-risk timelines are shifting; evidence architecture should still be built before systems scale.

Last reviewed: 2026-06-03Official source links includedRobots: index,followQuality gate: approved
Relevant evidence visual for AI Act 2027 high-risk evidence timeline

What this page covers

High-risk timelines are shifting; evidence architecture should still be built before systems scale.

Evidence question

AI Act 2027 high-risk evidence timeline answers a concrete audit question: what must be retained so a third party can verify the relevant event chain later?

  • Which event happened and which system produced it.
  • Which policy, model, supplier or human approval was active.
  • Which hash, signature, Merkle root and verifier receipt prove integrity.

Attesto proof layer

Attesto complements GRC, SIEM, storage and workflow systems by sealing selected evidence records instead of replacing the operating system.

  • Raw data can remain encrypted or customer-controlled.
  • Proof material can be shared with auditors or customers.
  • A verifier can test whether a record still matches the anchored root.

Legal timing

The AI Act entered into force on 1 August 2024. The Commission describes 2 August 2026 as the general application date, while the AI Omnibus political agreement moves many high-risk areas to 2 December 2027 and product-integrated systems to 2 August 2028. The preparation work still has to start now because evidence cannot be rebuilt reliably after deployment.

This page is implementation guidance for evidence planning, not legal advice.

Evidence Attesto AI can preserve

canonical event hash

trusted timestamp

policy version

Merkle inclusion proof

auditor verification receipt

Example evidence records

canonical event hashtrusted timestampMerkle inclusion proofpublic anchor referenceauditor verification receipt

Example proof receipt

Example Attesto receipt

event_type

DEADLINE2027

timestamp

2026-06-04T10:21:00Z

leaf_hash

sha256:8f41...b19e

merkle_root

sha256:52ac...91d4

anchor_reference

attesto:anchor:2026-06-04:eu-001

verification_status

valid demo receipt, raw data not exposed

Where Attesto fits

Attesto turns this topic into verifiable evidence by connecting operational records to hashes, signatures, Merkle proofs and verifier receipts.

FAQ

How is this different from a normal log?

A normal log asks an auditor to trust the system that produced it. Attesto records hashes, signatures, Merkle proofs and verifier receipts so selected evidence can be checked independently.

Does Attesto need to expose raw sensitive data?

No. Raw records can remain encrypted or customer-controlled while proof material is shared for verification.

Where does AI Act 2027 high-risk evidence timeline fit in the compliance stack?

Attesto turns this topic into verifiable evidence by connecting operational records to hashes, signatures, Merkle proofs and verifier receipts.