The European Union’s Artificial Intelligence Act, formally Regulation (EU) 2024/1689, entered into force on 1 August 2024 and is being phased in through 2027. It is the first comprehensive AI regulation in any major jurisdiction, the most-cited reference for AI governance globally, and the source of meaningful operational obligations for any organisation deploying AI systems that touch the EU market.
The Act is long, technically detailed, and frequently misrepresented in summaries. Pulling apart what it actually requires, who it applies to, and what changes in practice is the prerequisite to any honest discussion of AI compliance.
The full regulation is at eur-lex.europa.eu/eli/reg/2024/1689/oj. The European Commission’s compliance hub at digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai provides ongoing guidance.
The risk-based architecture
The AI Act categorises AI systems into four risk tiers:
Unacceptable risk (prohibited). Specific use cases banned outright: social scoring by governments, real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions), emotion recognition in workplaces and schools, predictive-policing systems based solely on profiling, untargeted scraping of facial images for facial recognition databases. Article 5 of the Act enumerates the prohibited practices. These prohibitions took effect on 2 February 2025.
High risk. Systems that pose significant risks to health, safety, or fundamental rights. Annex III enumerates the categories: biometric identification, critical-infrastructure management, educational selection, employment decisions, access to public services, law enforcement, migration and border control, justice and democratic processes. Most of the Act’s substantive obligations fall on this category. High-risk obligations apply from 2 August 2026 for most systems and 2 August 2027 for systems already on the market that are part of regulated products under Annex II.
Limited risk. Systems that interact with humans (chatbots) or generate synthetic content (deepfakes, AI-generated text). Disclosure obligations apply.
Minimal risk. Spam filters, AI in video games, basic recommendation engines. No substantive obligations beyond voluntary codes.
Foundation models / General-Purpose AI (GPAI). A separate regime for general-purpose models with extensive transparency, training-data documentation, and incident-reporting requirements. Tiered obligations based on whether the model is "systemic-risk" (large frontier models) or not. Phased in from 2 August 2025.
What high-risk systems must do
The substantive obligations on high-risk AI systems are the heart of the Act:
Risk management system. A continuous process throughout the lifecycle of the system to identify, evaluate, and mitigate risks. Article 9 specifies the requirements.
Data governance. Training, validation, and testing data must be relevant, representative, and free of errors to the extent possible; provenance must be documented. Article 10.
Technical documentation. Detailed records covering system design, intended purpose, training methodology, evaluation results, and instructions for use. Annex IV specifies required content. The documentation must be sufficient for authorities to assess conformity.
Record-keeping (logging). Automatic logging of system events for the duration the system is in use. Article 12.
Transparency to deployers. Users (in the Act’s terminology, "deployers") must receive information sufficient to understand the system’s capabilities and limitations.
Human oversight. Effective oversight by humans during the period the system is in use. Article 14.
Accuracy, robustness, and cybersecurity. Article 15 requires "appropriate level" of accuracy, robustness, and cybersecurity, including resilience to errors, adversarial attacks, and system manipulation. This is the article that explicitly contemplates adversarial-ML attacks.
Conformity assessment. Either internal assessment or third-party assessment depending on the system category. Mark the system with the CE mark if it conforms.
Registration. High-risk systems must be registered in an EU-wide database before being placed on the market.
Post-market monitoring and incident reporting. Ongoing monitoring of system performance; serious incidents must be reported to authorities within specified deadlines.
What general-purpose AI providers must do
Foundation-model providers face a distinct set of obligations:
Technical documentation, including training methodology, training data summary, evaluation results, energy consumption, and capability descriptions. Annex XI of the Act details required content.
Information disclosure to downstream deployers, sufficient to enable deployers to comply with their own obligations.
Copyright compliance. Specific obligations to put in place a policy compliant with EU copyright law, including respect for opt-outs from training-data use.
Sufficiently detailed summary of training data made publicly available. Article 53(1)(d). The implementing template is being finalised by the AI Office.
For systemic-risk GPAI (currently defined by compute thresholds, models trained with more than 10^25 floating-point operations, meaning roughly the largest frontier models):
Adversarial testing and evaluation including red-teaming.
Cybersecurity protections including model-weight protections.
Energy-efficiency reporting.
Risk-mitigation measures and serious-incident tracking.
The General-Purpose AI Code of Practice, finalised by an industry working group with the AI Office, provides operational guidance on how to meet these obligations. Foundation-model providers signing onto the Code receive a degree of compliance presumption.
Disclosure obligations on limited-risk systems
Article 50 covers transparency obligations applying to specific deployment patterns:
Chatbots and conversational AI must disclose their AI nature to users (with exceptions for clear use-case contexts).
Deepfake content must be labelled as artificially generated or manipulated, with exceptions for satire, art, and certain editorial uses.
Emotion recognition and biometric categorisation systems must disclose their operation to subjects.
AI-generated text intended to inform the public on matters of public interest must be labelled, with exceptions where the AI-generated content has been subject to human review.
These obligations apply from 2 August 2026.
Penalties
The penalty structure escalates with the seriousness of the violation:
Up to €35 million or 7 percent of global annual turnover for prohibited-AI violations.
Up to €15 million or 3 percent of global annual turnover for most high-risk violations.
Up to €7.5 million or 1 percent for incorrect, incomplete, or misleading information to authorities.
The penalty maxima are substantially higher than GDPR’s. The enforcement architecture combines national supervisory authorities with the EU-level AI Office (housed within the European Commission) for cross-border and GPAI cases.
What organisations should be doing now
For organisations deploying AI systems that touch the EU market:
Inventory. Catalogue every AI system in production or planning. Determine the risk tier under the Act. Most enterprise AI systems are minimal or limited risk; some HR, hiring, credit, healthcare, and education systems will be high risk.
Documentation. Begin building the technical-documentation artifacts for high-risk systems now. Annex IV is the canonical reference. Backfilling documentation later, when the system is already in production, is far harder than getting it right at deployment.
Data governance. Establish provenance tracking for training and fine-tuning data. The data-governance obligations in Article 10 are demanding and require systems to be in place from the beginning.
Risk management process. Implement the lifecycle risk management required by Article 9. Most modern AI development organisations have something resembling this; formalising it for compliance is the work.
Logging. Ensure high-risk systems log appropriate events. The audit trail is required regardless of whether anything goes wrong.
Conformity assessment planning. Determine whether your high-risk systems require third-party assessment. Schedule the work.
For foundation-model providers and large fine-tuners:
Decide whether to sign the Code of Practice. The compliance-presumption value is meaningful.
Build training-data documentation processes.
Implement the testing and evaluation regime for systemic-risk models.
Establish channels to provide downstream deployers with the information they need for their compliance.
What the Act does not do
The Act does not regulate AI research or non-deployed systems.
It does not address all AI risks. Privacy and data protection remain governed by GDPR; copyright remains separate; competition and consumer protection regimes apply alongside.
It does not standardise specific technical methods. The "appropriate level" language leaves judgement to organisations and enforcement authorities.
It does not pre-empt national law in many areas.
The longer trajectory
The AI Act will shape global AI regulation the way GDPR shaped global privacy regulation. Already, drafts of UK AI legislation, Brazilian AI legislation, Korean AI legislation, and Canadian AIDA all show structural similarities. The "Brussels Effect" is operating; the EU’s regulatory choices set defaults that travel.
Implementation is uneven. The AI Office is staffing; member-state authorities are stand-ing up; standards are being developed by CEN-CENELEC; the General-Purpose AI Code of Practice is in early use. The picture in 2026-2027 is one of regulators learning, organisations adapting, and the practical compliance state being negotiated case by case.
For most organisations, the right framing is: the Act creates real, costly obligations for a minority of high-risk and foundation-model use cases, and lighter transparency obligations across a wider category. Treating it as either a non-event or a complete reorganisation of AI deployment is wrong; treating it as a substantial compliance effort for specific use cases is right.
Read the Act before forming opinions about it. Most of the public discourse is wrong in specifics. The Act itself is more carefully drafted than its summaries suggest.