EU AI Act
The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors.
What is EU AI Act?
The EU AI Act categorises AI systems as prohibited, high-risk, limited-risk, or minimal-risk. High-risk systems (including AI in employment, credit, education, biometric identification, critical infrastructure, and certain product-safety contexts) carry obligations on data quality, technical documentation, transparency, human oversight, accuracy, robustness, and cybersecurity. The Act also creates rules for general-purpose AI models, including transparency and copyright duties. Phased application runs from February 2025 (prohibitions) through August 2026 (most high-risk obligations) into 2027.
How does EU AI Act apply to enterprise AI?
Any enterprise selling into the EU, processing EU data subjects, or deploying AI for EU users falls within scope, regardless of headquarters location. Compliance work involves classification, conformity assessment, documentation, post-market monitoring, and incident reporting.
Related terms
- GDPR - The General Data Protection Regulation (GDPR) is the EU's data-protection regulation, governing the processing of personal data of people in the EU and EEA.
- AI Risk Management - AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle.
- Conformity Assessment - Conformity assessment is the formal process of demonstrating that a high-risk AI system meets the requirements of the EU AI Act before being placed on the market or put into service.
- Transparency Notice - A transparency notice is a clear disclosure to users that they are interacting with an AI system, what it is doing with their data, and what its limits are.
External references
Need help applying EU AI Act to your enterprise? Submit a short brief and we reply within one business day.