When a NYC compliance lead asks "where do I look for authoritative guidance on the EU AI Act", the answer matters. A lot of secondary sources — law firm blogs, vendor pages, opinion pieces — are published with framing calibrated to specific audiences or service offerings. The definitive sources are maintained by the European Commission, the AI Office, and the European AI Board. This note catalogues them, explains what each is, and identifies which resource to consult for which question.

Written for compliance teams and general counsel who want to cite primary material rather than secondary summaries — and who need to know which tools are actually official.

The AI Act Single Information Platform and Service Desk

In 2025, the European Commission launched the AI Act Service Desk and the Single Information Platform at ai-act-service-desk.ec.europa.eu. The platform is foreseen in the AI Act itself — Article 62(3)(d) — and is maintained by the Directorate-General for Communications Networks, Content and Technology (DG CNECT) of the European Commission.

The Single Information Platform is the central hub for AI Act information. It brings together:

AI Act Explorer — an online tool to browse through chapters, annexes, and recitals of the AI Act in a structured format. It is the authoritative presentation of the consolidated text.

Compliance Checker — an interactive tool that evaluates whether an AI system or general-purpose AI model falls within the AI Act's scope and what obligations apply. This is the official equivalent of third-party compliance checkers; its results reflect the Commission's interpretation of the Regulation.

Service Desk — a contact point where stakeholders can submit questions to a team of experts working with the AI Office and receive answers in their own language (available at launch in six languages; expanded to all 24 EU official languages during 2026).

Timeline — official implementation timeline, updated as the regulatory situation evolves.

FAQ — frequently asked questions compiled from AI Pact webinars and stakeholder submissions. This is a useful first stop for common interpretive questions.

National resources — links to national competent authorities, national implementation plans, and national regulatory sandboxes as Member States designate and publish them.

Commission and AI Office guidance already published

Formal guidance issued by the European Commission to date includes:

Guidelines on Prohibited Artificial Intelligence Practices (4 February 2025). Interprets each of the eight categories under Article 5. Not legally binding as secondary legislation but represents the Commission's articulated position that will inform market surveillance authority enforcement. See our Article 5 deep dive.

Guidelines on the scope of obligations for providers of general-purpose AI models under the AI Act (2025). Clarifies when an entity qualifies as a GPAI model provider and what the Chapter V obligations cover. Referenced in the Commission's AI Act Service Desk materials.

General-Purpose AI Code of Practice (effective 2 August 2025). A voluntary code drafted by 200+ independent experts appointed by the AI Office and approved by the Commission. Providers of GPAI models who adhere to an adequate Code of Practice benefit from focused AI Office enforcement activities (see the Commission's published guidance on enforcement). See our GPAI deployer note for the deployer-side implications.

Commission guidelines announced for 2026

The Commission has announced in its Explanatory Memorandum to COM(2025) 836 that additional guidelines will be published during 2026:

Guidelines on the practical application of the high-risk classification — expected to clarify Article 6 and Annex III application questions that remain ambiguous.

Guidelines on the practical application of the transparency requirements under Article 50 — essential for chatbots, synthetic content generation, and emotion recognition systems.

Guidance on the reporting of serious incidents by providers of high-risk AI systems — Article 73 incident reporting operationalized.

Guidelines on the practical application of the high-risk requirements (Articles 9–15) and of obligations for providers and deployers of high-risk AI systems (Articles 16, 26).

Guidelines with a template for the fundamental rights impact assessment (FRIA) under Article 27.

Guidelines on the practical application of rules for responsibilities along the AI value chain.

Guidelines on the practical application of the provisions related to substantial modification.

Guidelines on the post-market monitoring of high-risk AI systems (Article 72).

Guidelines on the elements of the quality management system which SMEs and SMCs may comply with in a simplified manner.

Guidelines on the AI Act's interplay with other Union legislation — explicitly including joint Commission and European Data Protection Board guidelines on GDPR-AI Act interplay (see our GDPR interplay note), guidelines on the AI Act and Cyber Resilience Act interplay, and guidelines on the AI Act and the Machinery Regulation.

Guidelines on the competences and designation procedure for conformity assessment bodies.

Code of Practice on marking and labelling of AI-generated content — expected Q2 2026, in support of Article 50(2) transparency obligations.

The AI Office

The European AI Office operates within DG CNECT of the European Commission. It was established by Commission Decision C(2024) 1459 and began operations on 16 June 2024. It is not a separate agency — it is a unit of the Commission, but one with specific functions under the AI Act.

The AI Office's responsibilities under the AI Act include: monitoring compliance of GPAI model providers with Chapter V obligations (Article 89), enforcement of those obligations with powers to request information (Article 91), conduct evaluations (Article 92), request measures (Article 93), and impose fines (Article 101). The AI Office chairs the AI Board and supports the Scientific Panel. With the Digital Omnibus, the AI Office would also receive expanded supervisory competence over AI systems built on GPAI models (see our Digital Omnibus note).

The AI Office's institutional website is at digital-strategy.ec.europa.eu/en/policies/ai-office. This is the source for AI Office press releases, policy announcements, and events.

The European Artificial Intelligence Board (AI Board)

The AI Board is established under Article 65 of the AI Act. It is composed of one representative from each Member State and chaired by the Commission. Its role is advisory — it assists the Commission and Member States in coordinating AI Act implementation, and it contributes opinions on recommendations, implementing acts, and Code of Practice approvals.

The AI Board's work is published on the DG CNECT website and in specific Commission communications. It is not a direct enforcement authority — the enforcement competence sits with national market surveillance authorities and the AI Office.

The Scientific Panel of Independent Experts

The Scientific Panel is established under Article 68 of the AI Act. It advises the AI Office and the Member States on systemic risks posed by GPAI models, on scientific and technical matters, and on developments in AI technology that may affect AI Act application. Panel members are independent experts selected by the Commission.

The Scientific Panel has specific enforcement-adjacent powers under Article 90 — it can issue "qualified alerts" to the AI Office where there is suspicion that a GPAI model poses concrete identifiable risk or qualifies as a GPAI model with systemic risk. On receipt of a qualified alert, the AI Office must decide within two weeks whether to exercise its powers under Articles 91–93.

EUR-Lex — the authoritative text

The consolidated text of the AI Act — Regulation (EU) 2024/1689 — is published on EUR-Lex (CELEX:32024R1689). This is the legally authoritative source. Any citation to specific Articles or Recitals should ultimately track to the EUR-Lex text in the relevant language version.

The Commission's Digital Omnibus proposal is available on EUR-Lex as CELEX:52025PC0836. Secondary legislation — implementing regulations, delegated acts — is also published on EUR-Lex with individual CELEX identifiers.

European Parliament legislative tracking

For ongoing legislative developments — notably the Digital Omnibus on AI and future amendments — the European Parliament's Legislative Train at europarl.europa.eu/legislative-train tracks the formal status of each procedure. The Digital Omnibus on AI is procedure 2025/0359(COD) and is tracked under the Digital Package carriage.

The European Parliamentary Research Service (EPRS) publishes Briefings that provide substantive analysis of pending files. These are not legally binding but represent well-sourced Parliament-produced analysis.

Council and Member State sources

The Council of the EU publishes press releases and negotiating mandates at consilium.europa.eu. For the Digital Omnibus on AI, the Council's negotiating mandate was published on 13 March 2026 (press release 189/26).

National competent authorities — the market surveillance authorities designated by each Member State to enforce the AI Act — publish their own guidance. As of April 2026, designation is uneven: some Member States have designated; others are in process. The AI Act Service Desk National Resources page tracks the current state of designation.

EDPB and the GDPR-AI Act interplay

The European Data Protection Board (EDPB) publishes guidance relevant to the GDPR-AI Act interplay on edpb.europa.eu. The EDPB and Commission have announced joint guidance on GDPR-AI Act interplay expected in 2026.

National data protection authorities — CNIL (France), AEPD (Spain), Dutch DPA, among the most active — publish their own AI-related guidance. These may become binding for their respective territories when implemented, and are persuasive elsewhere.

What to cite and when

For a compliance memo or client advisory, the citation hierarchy is:

First, the Regulation itself (EUR-Lex CELEX:32024R1689) for legal obligations. Cite by Article and Recital numbers.

Second, published Commission Guidelines (e.g., Guidelines on Prohibited AI Practices) for interpretive positions. Cite by title and publication date.

Third, the AI Act Service Desk FAQ and Compliance Checker for common interpretive questions and scope determinations. Useful starting points.

Fourth, national authority guidance where the system is deployed in that Member State. The specific national guidance may bind that jurisdiction.

Fifth, Commission-Parliament-Council legislative documents for pending changes — Digital Omnibus, forthcoming amendments.

Sixth, EDPB, EDPS, and national DPA guidance for GDPR interplay questions.

Avoid citing secondary sources (law firm blogs, vendor pages, commercial compliance platforms) in formal memos. They are useful for orientation but are not authoritative for legal conclusions. The Commission's published position is the position that will be applied in enforcement.

What NYC companies should bookmark

For ongoing compliance awareness, these five URLs are the highest-ROI:

AI Act Service Desk and Single Information Platform: ai-act-service-desk.ec.europa.eu

DG CNECT AI policy hub: digital-strategy.ec.europa.eu/en/policies/ai-office

EUR-Lex AI Act consolidated text: eur-lex.europa.eu (CELEX:32024R1689)

European Parliament Legislative Train (for Digital Omnibus tracking): europarl.europa.eu/legislative-train

EDPB: edpb.europa.eu

Subscribing to the AI Act Service Desk email updates and the Commission's Digital Strategy news feed gives systematic awareness of new guidance as it publishes. This matters because the rate of new guidance publication in 2026 is high — the Commission has announced approximately a dozen distinct guidelines.

Primary sources referenced. European Commission AI Act Service Desk (ai-act-service-desk.ec.europa.eu). Commission Communication "Shaping Europe's digital future" and AI Act pages on digital-strategy.ec.europa.eu. Regulation (EU) 2024/1689: Article 62(3)(d) (Single Information Platform), Article 64 (AI Office), Article 65 (AI Board), Article 68 (Scientific Panel). Commission Decision C(2024) 1459 (establishment of AI Office). European Commission, Guidelines on Prohibited Artificial Intelligence Practices (4 February 2025). European Commission, Explanatory Memorandum to COM(2025) 836 (Digital Omnibus on AI), 19 November 2025. Commission Recommendation 2003/361/EC (SME definition). Commission Recommendation (EU) 2025/1099 (SMC definition).