EU AI Act + DORA: regulatory timeline for AI agent builders in EU

Methodology note: all cases described are composite patterns from real audits, modified to protect client confidentiality. No case identifies a single specific client. This article does not replace formal legal advice: for tenders, contracts, and specific risks, validate every interpretation with your legal team.

May 2026, legal office of an Italian regional bank, headquartered in Padua, assets under management around six billion euros. The Chief Compliance Officer is doing a preliminary intake review with me for a document automation project we should start in July. (I am the ICT third-party that DORA rules require her to audit.) The conversation runs forty minutes and reaches the point where she asks: does your LLM provider have a business continuity plan certified per articles 11 and 12 of DORA, or not?

Pause. I don't know, I say. Then let's go look together.

We open the provider's DPA, twenty-three pages, in none of the twenty-three does the word "DORA" appear. We can build the legal model together, says the CCO. The tender doesn't start if we don't solve this.

From that point forward, my DORA checklist changed.

EU AI Act in three dates that matter

The EU AI Act entered into force in staggered phases, and the confusion I see in Italian SMBs comes from the fact that "AI Act becomes effective" is a meaningless phrase: which part of the AI Act, and for whom.

The three dates that actually matter, per the Article 113 entry into force, are these.

February 2, 2025. Chapters I and II take effect: general definitions, scope of application, and (the part that got media coverage) Article 5 prohibitions on unacceptable-risk systems (subliminal manipulation, social scoring, certain biometric system types). For the vast majority of Italian SMBs this date is irrelevant. If your agent doesn't do social scoring you're outside the perimeter.

August 2, 2026. The transparency-obligations date. Article 50 transparency obligations for providers and deployers become applicable, Commission enforcement powers kick in (including fines on GPAI models), and the penalty articles (99 and 101) apply. A clarification that causes confusion: the obligations on General-Purpose AI Models (GPAI) were already applicable from August 2, 2025, what arrives in August 2026 is the Commission's enforcement power, not the obligation itself. If your AI agent interacts with natural persons or generates content, from August 2026 you are required to inform users clearly that they are interacting with AI and to label synthetic content in a machine-readable way (for systems already on the market the Article 50(2) marking has a transitional period until December 2, 2026).

August 2, 2027. The final deadline for GPAI model providers that were on the market before August 2, 2025. They had two years of transition; by 2027 they must be fully compliant. If you use via API a model that was already live in 2024, this date concerns your provider, not you directly, but the contractual clauses of the DPA should reflect their compliance roadmap.

There's a fourth date worth noting: October 2026. The Italian Government is expected to adopt implementing decrees of Italian Law No. 132/2025, the first national AI law in EU, which entered into force on October 10, 2025, to define sanctioning powers of national authorities. Article 20 of the law designates AgID (Agenzia per l'Italia Digitale) as notifying authority (responsible for AI promotion plus assessment, accreditation and monitoring of conformity bodies), and ACN (Agenzia per la Cybersicurezza Nazionale) as market surveillance authority plus single point of contact with EU institutions. Banca d'Italia, Consob and IVASS remain confirmed as market surveillance authorities for their respective sectors, within the limits allowed by the AI Act. From October 2026 onwards, Italian enforcement is no longer hypothetical.

June 2026 update: the Digital Omnibus shifts the high-risk dates

The timeline above changed while we were applying it. On May 7, 2026 the EU Council and Parliament reached a political agreement on the Digital Omnibus, the simplification package that defers the AI Act's heaviest obligations. The date for stand-alone high-risk Annex III systems (recruitment, credit scoring, education scoring, law enforcement) moves from August 2, 2026 to December 2, 2027. High-risk systems embedded in regulated products under Annex I (medical devices, machinery, vehicles) slip to August 2, 2028.

Three points that matter so you don't misread the news. First: the agreement is political, it takes legal effect only on formal adoption and publication in the Official Journal, expected before August 2, 2026. Second: the Article 50 transparency obligations stay at August 2, 2026, the deferral concerns high-risk, not transparency. For systems already on the market only the synthetic-content marking of Article 50(2) has a transitional period until December 2, 2026. Third: the direction is deferral, not cancellation. The obligation arrives, you have more time to get there ready, and enterprise clients will keep asking for the same evidence in RFPs well before the legal deadline.

DORA: who's inside the perimeter, who thinks they're not but they are

DORA (Regulation EU 2022/2554) has been applied since January 17, 2025 to the EU finance sector. Banks, insurance, fintech, fund managers, pension entities. The part Italian SMBs discover too late is that Article 28 on ICT third-party risks drags into the perimeter anyone providing ICT services to an EU regulated financial entity.

You sell an AI agent to an Italian regional bank? You are an ICT third-party provider. The bank MUST keep a Register of Information of its ICT contracts, where you are listed, and is subject to oversight on how it manages you. Plus, Article 28(3) requires the register accessible at entity-level, sub-consolidated, consolidated.

You sell a SaaS service to an insurance company? Same, you're ICT third-party. You sell an API integration to a fund management company? Same.

The practical consequence: if your clients include even one EU finance entity, you have to answer DORA questions during every contract renewal, every RFP, every annual audit. And your sub-suppliers (including the LLM provider you use) are in the perimeter indirectly, because DORA extends due diligence along the supply chain.

The three DORA questions that kill Italian tenders

These are the questions I see arriving to SMB clients mid-procurement, and which, if no ready answer is available, derail the negotiation for two-three months.

Question one. What's your incident response policy, and how is it aligned with DORA Article 11 on ICT-related incident management? Acceptable answer: versioned policy document, written runbook, documented reporting times (DORA requires notification within specific timeframes), evidence of at least annual simulation. If you only have "we'll talk if it happens", the negotiation stops.

Question two. How do you monitor the AI model supply chain you use? Acceptable answer: you have a DPA with your LLM provider that includes data residency, training opt-out, retention period, model change notification, his security certifications, business continuity plan in case he goes down. If the answer is "dunno, we use OpenAI via API", the negotiation stops.

Question three. Do you have an exit strategy for ICT services supporting critical or important functions of our business? Question that directly cites DORA Article 28 on mandatory exit strategy. Acceptable answer: documented transition plan, identified alternative providers, procedure to extract data and models and bring them elsewhere or in-house, tested contingency measures. If the answer is "let's hope it's not needed", the negotiation stops.

The three questions always come together, never separately. It's a standardized checklist all compliance officers learned to use in 2025.

What you should already have documented

The five minimum artifacts that allow you to answer the three questions above without panic.

Prompt registry with versioning. The agent's system prompt lives in a versioned system, every change has author + timestamp + reason + signed-off, there's a log of who modified what when. Protects from accusations of "the AI did something strange and no one knows why".

IAM policy documented for agent service account. Capability-based, scoped, with audit log of tool calls. Answers the question "what power does this agent exactly have". Deepened in the cluster article on least authority for AI agents.

OWASP-style threat model mapped to your case. The ten ASI01-ASI10 of the Top 10 Agentic 2026 (see OWASP Top 10 for Agentic Applications mapped to Italian SMBs) applied to your deployment, with assessment of likelihood + impact + mitigation in place. Three pages, updated quarterly.

Log policy declaring what you log and for how long. GDPR Article 5 minimization vs DORA traceability tradeoff documented explicitly. Deepened in the cluster on audit-ready agents logging.

Incident response runbook. Three concrete steps (contain, document, post-mortem), assigned responsibilities, internal escalation path + toward enterprise clients, integration with DORA Article 17 reporting requirements.

Five documents, three days of work the first time, half an hour of monthly update. They're the prerequisite for being production-ready in any sale to EU finance entities from 2025 onwards.

Plus Article 50: GPAI transparency from August 2026

A technical note often ignored. AI Act Article 50, becoming applicable on August 2, 2026 (a date confirmed even after the Digital Omnibus), requires providers and deployers to clearly inform users when interacting with an AI system, when content is generated or manipulated artificially (including deepfakes and public-interest text), when emotion recognition or biometric categorisation systems are used. Synthetic content labelling must be machine-readable and detectable where technically feasible. The only timing exception: for systems already on the market before August 2, 2026, the Article 50(2) marking obligation has a transitional period until December 2, 2026.

In practical terms for an Italian SMB: the AI customer support agent must declare at conversation start that it's an AI. Auto-generated emails should contain a marker. AI-generated documents should be labellable via metadata. These are simple things to implement if you think about them before deploy, costly to retrofit afterward.

It's not optional, and not sanction theater: Article 99 provides for penalties up to 15 million euros or 3% of global annual turnover (whichever is higher) for violations of transparency obligations.

Discipline beats hope

There's a common trajectory in Italian SMBs working with AI: they deploy something that works, sell to an enthusiastic first client, then with the second client come the DORA questions or AI Act clauses, and they realize they have nothing in writing. The typical answer is "let's get it done while we go". The problem is that the three months needed to produce the five minimum documents are exactly the three months when the enterprise negotiation dies.

OWASP Top 10 and EU regulation are the same problem seen from two angles. Technical discipline produces the documents the regulatory legal team asks for. Those who have already done the work win the tenders; those hoping the tenders won't come, lose them when they come.

Want a DORA-ready audit on your production agent? My calendar is public, book an appointment and let's talk. Thirty minutes free, then if it makes sense we build it together. Danilo Lapegna · DL Solutions