AI Sigil Logo
Contact Us
Back to all insights
A compass indicating guidance and direction for navigating AI compliance.

Sections

EU AI Act: Critical Milestones and Compliance Insights

The EU AI Act: Key Milestones and Compliance Challenges

The European Union Artificial Intelligence Act (EU AI Act) is rapidly reshaping the regulatory landscape for AI development and deployment, both within Europe and globally. Its phased implementation and compliance hurdles pose significant challenges for organizations engaged in artificial intelligence.

Phased Rollout: Understanding the Timeline

The EU AI Act is being implemented in several key stages:

  • February 2, 2025: The first obligations took effect, focusing on AI literacy and prohibiting certain high-risk AI practices.
  • May 2, 2025: The delayed publication of the Code of Practice for general-purpose AI (GPAI) models was expected, although pushback from major industry players has postponed its finalization.
  • August 2, 2025: GPAI governance rules come into force, applying to models on the market after this date.
  • August 2, 2026: The majority of the EU AI Act’s requirements become fully enforceable.
  • 2030: Final implementation steps, particularly for the public sector.

This phased approach allows organizations time to adapt but also creates a complex compliance environment.

The EU AI Act in a Nutshell

Key aspects of the EU AI Act include:

  • World’s first comprehensive AI regulation: Establishing a global precedent, akin to the GDPR.
  • Dense legislation: Comprising over 450 pages, with numerous definitions, recitals, and annexes.
  • Risk-based approach: Obligations scale with the risk level of the AI system, from prohibited practices to high-risk and low-risk categories.
  • Wide applicability: The Act applies to developers, deployers, affected individuals, and more, regardless of their location.
  • Severe sanctions: Fines can reach up to 7% of global turnover or €35 million.
  • Dual enforcement: Both national supervisory authorities and the new EU AI Office will have enforcement powers.

Early Compliance: What’s Happened Since February 2025?

Since the introduction of the first two obligations, there has been significant activity:

  • AI literacy: Companies have initiated training programs to ensure staff understand AI risks and regulatory requirements.
  • Prohibited practices: Organizations are mapping their AI systems to ensure compliance and avoid prohibited activities.

Defining ‘AI System’: Persistent Challenges

A recurring challenge is determining whether a solution qualifies as an “AI system” under the EU AI Act. Recent guidelines emphasize a holistic, case-by-case assessment, acknowledging that not all marketed solutions meet the criteria, leading to concerns about AI washing.

GPAI Models and the Code of Practice

A major focus is the regulation of GPAI models, such as large language models. The EU AI Act differentiates between:

  • GPAI models: Core AI technologies capable of a broad range of tasks.
  • AI systems: Applications built on GPAI models with specific use cases.

Obligations differ for GPAI model providers versus AI system providers. The Code of Practice aims to bridge the gap between legal requirements and practical implementation for GPAI model providers.

Transparency Obligations: A Shared Responsibility

Transparency is a cornerstone of the EU AI Act. GPAI model providers are required to maintain up-to-date documentation and share it with the EU AI Office and downstream system providers. In turn, system providers must inform users about the AI’s capabilities and limitations.

Enforcement: When Do the Teeth Come Out?

While compliance is required for certain obligations, enforcement mechanisms, including fines, will become active from August 2025 (with full enforcement for GPAI models in August 2026). Affected individuals can already seek injunctions in national courts.

Key Takeaways

  • The EU AI Act is complex and evolving.
  • Early obligations focus on AI literacy and prohibiting harmful practices.
  • Defining what counts as an “AI system” remains challenging.
  • The upcoming Code of Practice for GPAI models is critical but delayed.
  • Transparency obligations affect both GPAI model and AI system providers.
  • Enforcement will ramp up significantly from mid-2025.

Organizations operating in or with customers in the EU must engage proactively and ensure cross-functional compliance efforts to navigate this new regulatory era.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More