EU AI Act News
Follow EU AI Act obligations, guidance updates, and timelines relevant to product and legal teams.
Understanding the EU AI Act
The EU AI Act is the first comprehensive legal framework for artificial intelligence, establishing binding rules for AI systems placed on the European market or whose outputs affect people within the EU. Its risk-based approach categorizes AI systems into tiers with escalating requirements, from minimal-risk systems that face no regulation to prohibited practices that are banned outright.
Risk Classification and Prohibited Practices
The Act defines four risk tiers: unacceptable, high, limited, and minimal. Unacceptable-risk AI, including social scoring systems and certain forms of real-time biometric surveillance, is prohibited with narrow exceptions. High-risk systems, such as AI used in hiring, credit scoring, critical infrastructure, and law enforcement, face the most extensive compliance obligations including conformity assessment, ongoing monitoring, and registration in an EU database. Limited-risk systems require transparency measures like disclosure that users are interacting with AI. General-purpose AI models have separate obligations focused on technical documentation and copyright compliance.
Compliance Timelines and Enforcement
The Act's obligations take effect in phases. Prohibitions on unacceptable-risk practices apply first, followed by requirements for general-purpose AI models, and then the full high-risk system obligations. National competent authorities in each EU member state are responsible for enforcement, while a new European AI Office coordinates cross-border oversight and handles general-purpose AI model compliance. Penalties for non-compliance scale with company revenue, with maximum fines reaching tens of millions of euros.
Practical Implications for AI Providers and Deployers
For organizations building or using AI, the EU AI Act requires concrete steps: classifying your AI systems against the risk tiers, implementing quality management systems, conducting conformity assessments, and maintaining post-market monitoring. Even companies headquartered outside Europe must comply if their AI systems are used in the EU. We track implementation guidance, delegated acts, harmonized standards, and enforcement developments to help compliance teams prepare for each phase of the Act's rollout.