AI Deadline | Thursday 11 June 2026
For founders and operators in AI | USA · UK · EU
🔴 Act now
🇬🇧 UK | 8 days to have a data protection complaints process
The Data (Use and Access) Act 2025 added Section 103: a statutory requirement for all data controllers to maintain a formal complaints handling procedure for data protection grievances. That obligation starts June 19.
The ICO’s guidance is blunt: no exemptions. What you need is a documented process for receiving data protection complaints, acknowledging them within 30 days, and responding within three months. The process has to be easy to find, with a clear link from your privacy notice.
For most small AI companies, this exposes a gap. A privacy policy and a general contact email don’t constitute a complaints procedure. The ICO can open an investigation based on how a single complaint is handled, and from June 19, the absence of a visible process is itself a compliance failure.
It matters specifically for AI because the same Section 103 framework covers complaints about automated decision-making. If your product makes decisions that affect users, those users now have a right to a formal process. The ICO’s ADM consultation closed May 29, and final guidance will follow this summer. But the underlying complaints right starts next week, guidance or no guidance.
The fix is not hard. Write a short data protection complaints policy. Publish it. Link to it from your privacy notice. Nominate who receives and tracks complaints. Set out your timescales. Make it findable before June 19.
Action: Publish a data protection complaints procedure before June 19. One page is enough.
🟡 Heads up
🇪🇺 EU | High-risk classification consultation closes June 23
You have 12 days to respond to the Commission’s draft guidelines on which AI systems qualify as “high-risk” under Annex III of the AI Act. The document is 148 pages, but the sections on how the Commission interprets categories like employment, credit, education, and healthcare AI are what you actually need to read. The Omnibus has pushed Annex III compliance to December 2027, so you have time to prepare. What you can’t do is prepare without knowing whether you’re in scope. The guidelines won’t be finalised without industry input, and first drafts tend to stick. If your product makes consequential decisions in any of those sectors for EU users, read the draft and submit a response. The consultation form is on the Commission’s digital strategy site.
🇪🇺 EU | Omnibus still needs the Official Journal
The Parliament’s IMCO and LIBE committees voted on June 2 to approve the Omnibus agreement. The full Parliament plenary vote is expected this month, followed by Council formal adoption and then Official Journal publication. That entire sequence has to be completed before August 2 for the Annex III deadline extension to take effect. Until the OJ publishes, August 2 is the legal Annex III compliance date. GPAI obligations under Articles 51-55 are not moving regardless of when the OJ publishes. If you’re a GPAI provider and haven’t signed the Code of Practice, August 2 is your date. That part of the Act wasn’t touched by the Omnibus.
In focus
🇺🇸 | Connecticut AIRTA: four waves, four dates, one law that catches more people than they think
Connecticut’s AI Responsibility and Transparency Act was signed on May 27. The brief has tracked it since May. What it hasn’t done is break down what the law actually requires, because the structure isn’t obvious from the headline.
There are four distinct obligation tiers, each with a different effective date, and they catch very different kinds of operators.
The first tier arrives on October 1. Connecticut employers covered by the federal WARN Act (100 or more employees) must disclose, when filing a WARN Act notice for a mass layoff, whether the reduction relates to AI use. This is an employer obligation. Any business using AI in workforce planning that has 100 or more Connecticut employees is in scope. You don’t have to be an AI company. A fintech, a healthcare provider, a retailer with a Connecticut warehouse: if AI shaped the RIF decision, that has to appear in the WARN filing from October 1.
Also October 1, deployers of AI in “consequential decision” contexts must give individuals advance notice before a significant AI-assisted decision is made about them, a post-decision explanation, and a right to appeal. Consequential decisions include employment, education, financial services, and healthcare. If your product makes or materially influences decisions in those categories for Connecticut users, you’re a deployer in scope. The Attorney General has said enforcement in the October 2026 to December 2027 window will come with a notice-and-cure period, so aggressive early enforcement is unlikely. But the legal obligation starts October 1. Cure periods don’t last forever, and they disappear after 2027.
The third tier is January 1, 2027: companion chatbot obligations. If your product functions as an AI companion (builds ongoing emotional or social connection with users, positions itself as a friend, therapist, or confidant), you’ll need age verification, prohibitions on manipulative design patterns, and specific safety controls for users under 18. The Act’s definition is broad. A product positioned as a general productivity tool is probably fine. A product that markets itself around emotional support, relationship building, or mental health companionship is almost certainly in scope.
The fourth tier, also on January 1, 2027, covers frontier model developers. If you’re training or deploying models above a defined compute threshold, the Act requires internal whistleblower processes and prohibits retaliation against employees who report safety concerns. For most companies building applications on top of existing models rather than training foundation models from scratch, this tier doesn’t apply.
The practical question for most founders is the October 1 deployer obligation. Map whether you have Connecticut users and whether your product makes consequential decisions about them. The cure period buys you room on enforcement, but the clock starts on October 1.
🟢 On the radar
🇺🇸 USA | Bartz v. Anthropic distributions begin today. The settlement administrator completed distribution calculations on June 11. The ~$3,100 per registered work benchmark is now in effect for an estimated 120,000 claimants. This is the largest AI copyright settlement to date, and the per-work figure is already being cited in active litigation against other AI labs.
🇺🇸 USA | Colorado’s June 30 date is dead. The original 2024 Colorado AI Act had a June 30 effective date. That law has been superseded by SB189. Nothing happens on June 30. The replacement framework, focused on ADMT transparency and consequential decision disclosures, takes effect January 1, 2027.
🇬🇧 UK | FCA Mills Review report due this summer. The Financial Conduct Authority’s review into AI in retail financial services, led by Sheldon Mills, will publish recommendations before the end of the summer. If you’re building in fintech, the report will shape how the FCA supervises AI use in the sector. The FCA has consistently signalled it intends to use existing frameworks rather than create AI-specific rules, so the Mills report will tell you which existing rules get reinterpreted.
🇬🇧 UK | ICO ADM final guidance expected this summer. Consultation closed May 29. Final ICO guidance on automated decision-making under the Data (Use and Access) Act will follow. The draft set out risk-tiered requirements for documentation and transparency. Worth watching if you use AI in decisions about UK users.
🇪🇺 EU | Article 50 final transparency guidelines still pending. The Commission consultation closed June 3. The final guidelines will clarify what disclosure is required when your product uses AI in an interface with EU users, or generates synthetic content. Enforcement powers activate on August 2, whether the guidelines are published by then or not.
The one thing to do this week
Publish a data protection complaints procedure and link it from your privacy notice. You have eight days.
Deadline tracker
UK | Data (Use and Access) Act s.103 complaints procedure | 19 June 2026 | 8 days; mandatory for all data controllers; no exemptions
EU | High-risk AI classification guidelines consultation | 23 June 2026 | 12 days; Commission draft under Article 6; respond via EC digital strategy portal
EU | Digital Omnibus Official Journal publication | Estimated June/July 2026 | IMCO/LIBE voted 2 June; full Parliament plenary vote expected this month; must publish before 2 August for Annex III relief
EU | GPAI enforcement and Article 50 transparency obligations go live | 2 August 2026 | 52 days; GPAI obligations unchanged by Omnibus; Article 50 enforcement powers activate
EU | Article 50 final transparency guidelines | Pending | Consultation closed 3 June; enforcement starts 2 August regardless
EU | AI-generated content watermarking and labeling (Article 50) | 2 December 2026 | Moved by Omnibus from August 2
EU | Nudification app ban | 2 December 2026 | Omnibus prohibition; non-consensual intimate AI imagery
EU | Annex III high-risk AI systems (employment, credit, biometrics, education) | 2 December 2027 | Contingent on Omnibus OJ publication before 2 August; legally August 2, 2026, until then
EU | High-risk AI embedded in regulated products (Annex I) | 2 August 2028 | Moved by Omnibus
USA | Connecticut AIRTA: deployer disclosures + WARN Act AI disclosure | 1 October 2026 | Signed 27 May; consequential decision disclosures and WARN Act AI notification in scope
USA | Connecticut AIRTA: companion chatbots + frontier model whistleblowers | 1 January 2027 | Age verification, manipulative design prohibitions, safety controls, whistleblower processes
USA | Colorado SB189 (replacement AI disclosure framework) | 1 January 2027 | Signed; original Colorado AI Act repealed; ADMT transparency and consequential decision disclosures
USA | Texas TRAIGA high-risk AI obligations | 1 January 2026 | In force
USA | Bartz v. Anthropic copyright settlement | Distributions from 11 June 2026 | ~$3,100/book; 120,000 claimants; distributions processing
UK | ICO Code of Practice on ADM | Late 2026 (estimated) | SI 2026/425 in force; drafting underway
UK | ICO ADM final guidance | Summer 2026 | Consultation closed 29 May; publication expected
UK | FCA Mills Review report | Summer 2026 | AI in financial services; recommendations imminent.
NOT ADVICE