AI Sigil Logo
Contact Us
Back to all insights
A compass indicating guidance and direction for navigating AI compliance.

Sections

EU AI Act: Critical Milestones and Compliance Insights

The EU AI Act: Key Milestones and Compliance Challenges

The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. Its phased implementation and compliance hurdles pose significant challenges for organizations engaged in artificial intelligence.

Phased Rollout: Understanding the Timeline

The EU AI Act is being implemented in several key stages:

  • February 2, 2025: The first obligations took effect, focusing on AI literacy and prohibiting certain high-risk AI practices.
  • May 2, 2025: The delayed publication of the Code of Practice for general-purpose AI (GPAI) models was expected, although pushback from major industry players has postponed its finalization.
  • August 2, 2025: GPAI governance rules come into force, applying to models on the market after this date.
  • August 2, 2026: The majority of the EU AI Act’s requirements become fully enforceable.
  • 2030: Final implementation steps, particularly for the public sector.

This phased approach allows organizations time to adapt but also creates a complex compliance environment.

The EU AI Act in a Nutshell

Key aspects of the EU AI Act include:

  • World’s first comprehensive AI regulation: Establishing a global precedent, akin to the GDPR.
  • Dense legislation: Comprising over 450 pages, with numerous definitions, recitals, and annexes.
  • Risk-based approach: Obligations scale with the risk level of the AI system, from prohibited practices to high-risk and low-risk categories.
  • Wide applicability: The Act applies to developers, deployers, affected individuals, and more, regardless of their location.
  • Severe sanctions: Fines can reach up to 7% of global turnover or €35 million.
  • Dual enforcement: Both national supervisory authorities and the new EU AI Office will have enforcement powers.

Early Compliance: What’s Happened Since February 2025?

Since the introduction of the first two obligations, there has been significant activity:

  • AI literacy: Companies have initiated training programs to ensure staff understand AI risks and regulatory requirements.
  • Prohibited practices: Organizations are mapping their AI systems to ensure compliance and avoid prohibited activities.

Defining ‘AI System’: Persistent Challenges

A recurring challenge is determining whether a solution qualifies as an “AI system” under the EU AI Act. Recent guidelines emphasize a holistic, case-by-case assessment, acknowledging that not all marketed solutions meet the criteria, leading to concerns about AI washing.

GPAI Models and the Code of Practice

A major focus is the regulation of GPAI models, such as large language models. The EU AI Act differentiates between:

  • GPAI models: Core AI technologies capable of a broad range of tasks.
  • AI systems: Applications built on GPAI models with specific use cases.

Obligations differ for GPAI model providers versus AI system providers. The Code of Practice aims to bridge the gap between legal requirements and practical implementation for GPAI model providers.

Transparency Obligations: A Shared Responsibility

Transparency is a cornerstone of the EU AI Act. GPAI model providers are required to maintain up-to-date documentation and share it with the EU AI Office and downstream system providers. In turn, system providers must inform users about the AI’s capabilities and limitations.

Enforcement: When Do the Teeth Come Out?

While compliance is required for certain obligations, enforcement mechanisms, including fines, will become active from August 2025 (with full enforcement for GPAI models in August 2026). Affected individuals can already seek injunctions in national courts.

Key Takeaways

  • The EU AI Act is complex and evolving.
  • Early obligations focus on AI literacy and prohibiting harmful practices.
  • Defining what counts as an “AI system” remains challenging.
  • The upcoming Code of Practice for GPAI models is critical but delayed.
  • Transparency obligations affect both GPAI model and AI system providers.
  • Enforcement will ramp up significantly from mid-2025.

Organizations operating in or with customers in the EU must engage proactively and ensure cross-functional compliance efforts to navigate this new regulatory era.

More Insights

A magnifying glass illustrating the importance of scrutiny and oversight in AI implementation.

EU AI Act vs. US AI Action Plan: A Risk Perspective

September 5, 2025 AI,AI Regulation,EU AI Compliance,Regulatory Frameworks
Dr. Cari Miller discusses the differences between the EU AI Act and the US AI Action Plan, highlighting that the EU framework is much more risk-aware and imposes binding obligations on high-risk AI...
Read More
A maze

The Hidden Risks of AI Integration in the Workplace

September 4, 2025 AI,AI Ethics,AI Regulation Awareness,Business Impact
As organizations rush to adopt AI, many are ignoring the critical risks involved, such as compliance and oversight issues. Without proper governance and human management, AI can quickly become a...
Read More
A safety net

Investing in AI Safety: Capitalizing on the Future of Responsible Innovation

September 4, 2025 AI,AI Ethics,AI Governance,AI Safety Regulations
The AI safety collaboration imperative is becoming essential as the artificial intelligence revolution reshapes industries and daily life. Investors are encouraged to capitalize on this opportunity by...
Read More
A robotic police dog used for patrol and assistance.

AI Innovations in Modern Policing

September 4, 2025 AI,AI Ethics,AI Governance,AI Regulation
Law enforcement agencies are increasingly leveraging artificial intelligence to enhance their operations, particularly in predictive policing. The integration of technology offers immense potential...
Read More
A handshake figurine representing collaboration and partnership in international agreements.

Kenya’s Pivotal Role in UN’s Groundbreaking AI Governance Agreement

September 4, 2025 AI,AI Governance,International Policy
Kenya has achieved a significant diplomatic success by leading the establishment of two landmark institutions for governing artificial intelligence (AI) at the United Nations. The Independent...
Read More
A blueprint

AI Governance Framework: Ensuring Responsible Deployment for a Safer Future

September 3, 2025 AI,AI Governance,AI Regulation,Artificial Intelligence Governance
At the 17th annual conference of ISACA in Abuja, stakeholders called for an AI governance framework to ensure responsible deployment of artificial intelligence. They emphasized the need for...
Read More
A digital lock illustrating security and trust in AI systems.

Essential Strategies for Effective AI Governance in Healthcare

September 3, 2025 AI,AI Ethics,AI Governance,AI Regulation
The AMA emphasizes the necessity for CMOs and healthcare leaders to establish policies for AI tool adoption and governance due to the rapid expansion of AI in healthcare. Key foundational elements for...
Read More
A magnifying glass over a digital interface illustrating the scrutiny and examination of AI policies and ethics.

UN Establishes AI Governance Panel for Global Cooperation

September 3, 2025 AI,AI Ethics,AI Governance,Global AI Policy
The United Nations General Assembly has adopted a resolution to establish an Independent International Scientific Panel on Artificial Intelligence and a Global Dialogue on AI Governance. This...
Read More
A magnifying glass

Emerging Cyber Threats: AI Risks and Solutions for Brokers

September 3, 2025 AI,AI Security,Cybersecurity Regulations,Data Security
As artificial intelligence (AI) tools rapidly spread across industries, they present new cyber risks alongside their benefits. Brokers are advised to help clients navigate these risks by understanding...
Read More