Five things land on the founder's calendar between now and August 2, and each one has exactly one action attached. No context-setting — here is the list.

July 15 — China's persona law takes effect, and two giants go dark#

China's Interim Measures for the Administration of Anthropomorphic AI Interaction Services take effect July 15. Ahead of the deadline, ByteDance's Doubao and Alibaba's Qwen are switching off their consumer AI agent and companion features rather than retrofit compliance. Users keep read-only access to saved agent configs and chat history until October 15, after which the data is deleted.

Do this: If you build companion, character, or persistent-persona products — or depend on Doubao/Qwen agent features — export anything you need before October 15 and run the classification test that's now load-bearing: is your product a tool or a companion? The full breakdown of what the law regulates and why both giants chose the off switch is here.

~July 17 — Gemini 3.5 Pro, reportedly#

Multiple outlets peg Gemini 3.5 Pro for general availability around July 17, after Google scrapped the original base model and restarted pretraining. Treat the date as a rumor with a good track record, not a commitment: as of mid-July there's no model card, no pricing page, and no gemini-3.5-pro listing in the public API.

Do this: Nothing that assumes it ships. Keep your model router abstracted so that adding a new frontier tier — whenever it actually lands — is a config change, not a rewrite.

Now — Meta's paid API is in public preview#

Meta shipped Muse Spark 1.1 and, for the first time ever, a paid Meta Model API (US public preview, opened July 9). The founder-relevant part is the packaging: it speaks both the OpenAI (Chat Completions/Responses) and Anthropic Messages formats, lists at $1.25 in / $4.25 out per million tokens — roughly a quarter of comparable frontier rates — with a 1M-token context window and $20 in free credits.

Do this: Because it's format-compatible, testing it is a base-URL-and-key change, not a migration. Point a non-critical agent loop at it and measure whether it actually lowers your bill on your own traffic before committing.

Now — patch your self-hosted agent builder#

This one isn't a scheduled deadline; it's an active exploit. JadePuffer, the first documented end-to-end AI-agent ransomware, is getting in through CVE-2025-3248 — a year-old unauthenticated RCE in Langflow that's been on CISA's Known Exploited Vulnerabilities list since May 2025. The bug was patched in Langflow 1.3.0; the victims simply never updated.

Do this: If you self-host Langflow, Flowise, n8n, or Dify, patch now and run the 6-step hardening pass: off the public internet, patched, least-privilege database creds, secrets vaulted, egress-locked, monitored.

August 2 — the EU AI Act clock most builders are ignoring#

The Digital Omnibus pushed the EU AI Act's scary high-risk (Annex III) obligations out to December 2027 — and a lot of builders read that as a full reprieve. It isn't. Article 50 transparency duties take effect August 2, 2026 exactly as written: any AI system that interacts with people must disclose that it's an AI, and AI-generated synthetic content (audio, image, video, text) must be machine-readable-marked. It applies to any system on the EU market, at any company size. Generative systems already on the market get until December 2, 2026 for the marking rule specifically.

Do this: Add a plain "you're talking to an AI" disclosure to any EU-facing chatbot and start marking AI-generated media. The deadline that actually catches a typical agent never moved at all.


That's the calendar: one law live tomorrow, one model maybe-imminent, one cheap API worth an afternoon, one patch that can't wait, and one compliance clock running out in under three weeks. The two with real urgency are the two happening now — the Langflow patch and, if you're on Doubao or Qwen, the data export. Everything else you can plan. Plan it.