What is the EU AI Act?
The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. Adopted in 2024, it establishes rules for AI systems based on their risk level and applies to any organization deploying AI systems that affect EU citizens—regardless of where the organization is based.
Key dates: The act entered into force August 2024, with provisions phasing in through 2027.
Risk-Based Classification
The EU AI Act categorizes AI systems into four risk levels, each with different requirements:
🚫 Unacceptable Risk (Prohibited)
AI systems that pose a clear threat to safety, livelihoods, or rights are banned entirely:
- Social scoring by governments
- Real-time biometric identification in public spaces (with limited exceptions)
- AI that exploits vulnerabilities (age, disability, economic situation)
- Subliminal manipulation causing harm
Effective: February 2025
⚠️ High Risk (Strictly Regulated)
AI systems that significantly impact people's lives must meet stringent requirements:
- Critical infrastructure management
- Education and vocational training
- Employment, worker management, access to self-employment
- Access to essential services (credit, healthcare, insurance)
- Law enforcement, migration, asylum, border control
- Administration of justice
Requirements: Risk management, data governance, documentation, transparency, human oversight, accuracy, robustness, cybersecurity.
Effective: August 2026
📋 Limited Risk (Transparency Required)
AI systems with specific transparency obligations:
- Chatbots and virtual assistants (must disclose AI interaction)
- Emotion recognition systems
- Biometric categorization systems
- AI-generated content (deepfakes must be labeled)
Effective: August 2025
✅ Minimal Risk (No Specific Requirements)
Most AI systems fall here and face no specific obligations:
- AI-enabled video games
- Spam filters
- Inventory management systems
However, voluntary codes of conduct are encouraged.
High-Risk AI Requirements
Organizations deploying high-risk AI must implement:
| Requirement | Description |
|---|---|
| Risk Management | Continuous risk identification, analysis, and mitigation throughout AI lifecycle |
| Data Governance | Training data must be relevant, representative, and free of errors |
| Technical Documentation | Detailed documentation enabling compliance assessment |
| Record-Keeping | Automatic logging of AI system operation |
| Transparency | Clear information about AI capabilities and limitations |
| Human Oversight | Mechanisms enabling human intervention and override |
| Accuracy & Robustness | Appropriate levels of accuracy, resilience to errors/attacks |
| Cybersecurity | Protection against attempts to alter use or performance |
General-Purpose AI (GPAI) Requirements
The Act includes specific provisions for foundation models and general-purpose AI:
- Technical documentation requirements
- Compliance with EU copyright law
- Detailed summary of training data
- Additional requirements for "systemic risk" GPAI models
💰 Penalties
Non-compliance carries significant fines:
- Prohibited AI: Up to €35 million or 7% of global annual turnover
- High-risk violations: Up to €15 million or 3% of global annual turnover
- Incorrect information: Up to €7.5 million or 1.5% of global annual turnover
Reduced caps apply to SMEs and startups.
Compliance Timeline
| Date | What Takes Effect |
|---|---|
| August 2024 | EU AI Act enters into force |
| February 2025 | Prohibited AI practices ban takes effect |
| August 2025 | GPAI obligations, governance rules, penalties apply |
| August 2026 | High-risk AI requirements fully applicable |
| August 2027 | Requirements for high-risk AI that is also a regulated product |
Who Does It Apply To?
The EU AI Act applies to:
- Providers (developers) of AI systems placed on EU market
- Deployers (users) of AI systems within the EU
- Providers and deployers outside EU if output is used in EU
- Importers and distributors of AI systems
Important: If your AI affects EU citizens, the Act likely applies to you regardless of where you're headquartered.