The EU AI Act is the first comprehensive regulatory framework for artificial intelligence in the European Union, designed to ensure AI systems are safe, ethical, and respect fundamental rights. This regulation, which came into effect in 2024, establishes harmonized rules for the development, deployment, and use of AI systems within the EU. The EU AI Act applies to AI providers and deployers when AI systems are placed on the EU market or put into service in the EU, regardless of where the provider is established. It takes a risk-based approach, imposing different obligations depending on the level of risk posed by AI systems.

EU AI Act was created to:

• Ensure AI systems placed on the EU market are safe and respect fundamental rights.
• Provide legal certainty and harmonized rules across all EU member states.
• Foster innovation while maintaining high standards of protection.
• Address risks posed by AI systems through a risk-based regulatory approach.

EU AI Act defines AI systems as machine-based systems that can generate outputs such as predictions, recommendations, or decisions for a given set of objectives. Examples of AI systems include:

• Machine learning algorithms and deep learning models
• Natural language processing systems (chatbots, language models)
• Computer vision systems (facial recognition, object detection)
• Biometric identification systems (fingerprint, voice recognition)
• Recommendation systems
• Automated decision-making systems (credit scoring, recruitment tools)

Any organization must comply with EU AI Act rules when they are:

• Placing AI systems on the EU market (providers).
• Putting AI systems into service in the EU (deployers).

This includes but is not limited to:

• AI developers and providers within the EU
• Non-EU companies whose AI systems are used in the EU
• Organizations deploying high-risk AI systems
• Cloud service providers offering AI services
• Companies using AI for recruitment, credit scoring, or healthcare

EU AI Act categorizes AI systems based on risk levels:

• Prohibited AI Systems – AI practices that are banned entirely (e.g., social scoring, subliminal manipulation).
• High-Risk AI Systems – Subject to strict obligations before being placed on the market.
• Foundation Models – General-purpose AI models with systemic risk implications.
• Limited Risk AI Systems – Subject to transparency obligations (e.g., chatbots must inform users they are interacting with AI).
• Minimal Risk AI Systems – Subject to voluntary codes of conduct and self-regulation.

Organizations breaching EU AI Act face severe penalties – including fines of:

• Up to €35,000,000
• Or
• 7% of total annual global turnover

Whichever is higher for prohibited AI practices. For other violations:

• Up to €15,000,000 or 3% of annual global turnover for non-compliance with high-risk AI obligations.
• Up to €7,500,000 or 1.5% of annual global turnover for other violations.

To comply with EU AI Act, organizations with high-risk AI systems must:

• Establish a risk management system throughout the AI system lifecycle.
• Ensure high quality of training, validation and testing datasets.
• Maintain comprehensive technical documentation.
• Keep detailed logs automatically recorded by the AI system.
• Ensure transparency and provide clear information to users.
• Enable effective human oversight.
• Ensure appropriate level of accuracy, robustness and cybersecurity.
• Implement post-market monitoring systems.