The EU AI Act — World’s First Comprehensive AI Law
The European Union AI Act has entered into force, becoming the world’s first comprehensive legal framework for artificial intelligence. The regulation establishes a risk-based approach to AI governance that will affect every company deploying AI systems in the EU market, including major US tech companies.
Risk-Based Framework
The EU AI Act categorizes AI systems into four risk levels: unacceptable risk (prohibited), high risk (strictly regulated), limited risk (transparency requirements), and minimal risk (largely unregulated). The category an AI system falls into determines its compliance obligations and timeline.
Prohibited AI Practices
AI applications classified as unacceptable risk are banned immediately. These include social scoring systems by governments, real-time biometric surveillance in public spaces (with limited law enforcement exceptions), AI that manipulates human behavior through subliminal techniques, and systems that exploit vulnerabilities of specific groups.
High-Risk AI Systems
AI systems used in critical infrastructure, employment decisions, credit scoring, education assessment, and law enforcement are classified as high-risk. These systems must undergo conformity assessments, maintain detailed technical documentation, implement human oversight mechanisms, and register in an EU database before deployment.
General Purpose AI Models
The Act includes specific provisions for general-purpose AI models like GPT-4, Claude, and Gemini. Providers must publish training data summaries, implement copyright policies, and report serious incidents. Models deemed to pose systemic risk — those trained on more than 10^25 FLOPs — face additional requirements including adversarial testing.
Compliance Timeline and Penalties
Prohibited practices must end within 6 months. GPAI model requirements apply within 12 months. High-risk system requirements apply within 24-36 months depending on sector. Non-compliance penalties reach €35 million or 7% of global annual turnover for the most serious violations — the highest fines of any technology regulation globally.