AI Sigil Logo
Contact Us
Back to all insights
A compliance checklist

Sections

EU AI Act: Key Compliance Challenges Ahead

The EU AI Act Comes into Force: Implications for Compliance and Risk

On 2 February 2025, the European Union enacted significant provisions of its Artificial Intelligence Act (EU AI Act), which are now legally binding. This landmark legislation introduces critical obligations regarding prohibited AI practices and AI literacy requirements, setting a precedent for AI governance throughout the EU. The Act raises essential questions for businesses, AI developers, and regulators about compliance and enforcement.

Provisions Now in Force

The EU AI Act establishes a risk-based framework that categorizes AI systems into four tiers: unacceptable, high-risk, limited risk, and minimal risk. As of February 2025, the following provisions have been activated:

  • Prohibited AI Practices: Certain AI applications are banned due to their potential to violate fundamental rights. These include:
    • Subliminal Manipulation: AI systems designed to manipulate individuals beyond their conscious awareness, potentially causing harm.
    • Exploitation of Vulnerable Groups: AI targeting children, disabled individuals, or economically disadvantaged people in harmful ways.
    • Social Scoring: The use of AI to rank individuals based on behavior, socio-economic status, or personal characteristics, leading to discriminatory treatment.
    • Real-Time Biometric Identification in Public Spaces: Except in specific law enforcement scenarios, the use of AI for biometric surveillance is largely prohibited.
  • AI Literacy Requirements: Companies deploying AI in high-risk sectors must ensure that affected individuals understand how these systems function, their limitations, and how to challenge automated decisions.

Who Must Comply?

The provisions in force apply to AI developers, deployers, and service providers operating within the EU or offering AI-based services to EU citizens. This includes:

  • AI Developers: Companies creating AI tools, particularly in sensitive areas such as biometric surveillance, predictive policing, or automated decision-making.
  • Businesses and Public Sector Organizations: Those employing AI in sectors like finance, healthcare, recruitment, public services, and law enforcement must align with the new obligations.
  • Non-EU Companies: The extraterritorial scope of the EU AI Act means that any company offering AI services within the EU must also comply, similar to the General Data Protection Regulation (GDPR).

Implications for Compliance

Organizations affected by the new rules must take immediate steps to:

  • Conduct AI Risk Assessments: Businesses should audit their AI models to ensure compliance with prohibitions and literacy requirements.
  • Implement AI Transparency Measures: AI deployers must provide clear information to end users about how AI decisions are made and their rights to contest them.
  • Enhance Internal Governance: Establishing AI ethics committees, compliance teams, and risk mitigation strategies is essential.

Non-compliance could lead to severe financial penalties, with fines reaching up to €35 million or 7% of global annual turnover, underscoring the EU’s strict stance on AI governance.

Challenges, Risks, and Legal Uncertainty

Despite the Act’s clear prohibitions, significant challenges remain:

  • Interpretation and Enforcement Gaps: Regulators must clarify how “subliminal manipulation” or “exploitation of vulnerabilities” will be assessed.
  • Impact on Innovation: Restrictions on biometric surveillance and AI-driven social scoring may hinder AI development in security and financial technology sectors.
  • Enforcement Capacity: National regulators may struggle to monitor compliance effectively, especially as AI technology evolves rapidly.
  • Diverging Global Regulations: The EU’s AI governance model differs from approaches in the United States and China, complicating compliance for multinational companies.

What Comes Next?

While the banned AI practices and literacy requirements are now binding, additional provisions for high-risk AI systems and general-purpose AI models will come into force in phases over the next few years. Organizations must remain proactive in monitoring legal updates and refining their AI governance strategies. The activation of these provisions signals the EU’s commitment to responsible AI development, but also introduces regulatory uncertainty. As enforcement mechanisms evolve and legal interpretations solidify, companies operating in the AI sector must remain agile in adapting to this changing regulatory landscape.

More Insights

A robot with a safety helmet.

AI Regulations: Comparing the EU’s AI Act with Australia’s Approach

September 24, 2025 AI,AI Regulation,European Union AI Governance,Regulatory Frameworks
Global companies need to navigate the differing AI regulations in the European Union and Australia, with the EU's AI Act setting stringent requirements based on risk levels, while Australia adopts a...
Read More
A blueprint of a university campus integrating AI technology.

Quebec’s New AI Guidelines for Higher Education

September 24, 2025 AI,AI Governance,AI Regulation Awareness,Artificial Intelligence Governance
Quebec has released its AI policy for universities and Cégeps, outlining guidelines for the responsible use of generative AI in higher education. The policy aims to address ethical considerations and...
Read More
A magnifying glass focusing on a document labeled "AI Guidelines."

AI Literacy: The Compliance Imperative for Businesses

September 24, 2025 AI,AI Literacy,AI Regulation Awareness,Compliance Requirements
As AI adoption accelerates, regulatory expectations are rising, particularly with the EU's AI Act, which mandates that all staff must be AI literate. This article emphasizes the importance of...
Read More
A network server illustrating the infrastructure behind AI and its regulation.

Germany’s Approach to Implementing the AI Act

September 24, 2025 AI,AI Regulation,European Union AI Governance,Regulatory Frameworks
Germany is moving forward with the implementation of the EU AI Act, designating the Federal Network Agency (BNetzA) as the central authority for monitoring compliance and promoting innovation. The...
Read More
A lock with a digital fingerprint scanner

Global Call for AI Safety Standards by 2026

September 23, 2025 AI,AI Regulation,Artificial Intelligence Governance,Global Collaboration
World leaders and AI pioneers are calling on the United Nations to implement binding global safeguards for artificial intelligence by 2026. This initiative aims to address the growing concerns...
Read More
A smart home device

Governance in the Era of AI and Zero Trust

September 23, 2025 AI,AI Ethics,AI Governance,EU AI Compliance
In 2025, AI has transitioned from mere buzz to practical application across various industries, highlighting the urgent need for a robust governance framework aligned with the zero trust economy...
Read More
A blueprint to illustrate the planning and framework needed for AI governance.

AI Governance Shift: From Regulation to Technical Secretariat

September 23, 2025 AI,AI Governance,AI Regulation,Regulatory Framework
The upcoming governance framework on artificial intelligence in India may introduce a "technical secretariat" to coordinate AI policies across government departments, moving away from the previous...
Read More
A lock shaped like a computer chip to illustrate the concept of securing AI systems.

AI Safety as a Catalyst for Innovation in Global Majority Nations

September 23, 2025 AI,AI Safety Regulations,AI Security,Global AI Policy
The commentary discusses the tension between regulating AI for safety and promoting innovation, emphasizing that investments in AI safety and security can foster sustainable development in Global...
Read More
A magnifying glass illustrating the importance of scrutiny and transparency in AI governance.

ASEAN’s AI Governance: Charting a Distinct Path

September 23, 2025 AI,AI Governance,Global AI Policy
ASEAN's approach to AI governance is characterized by a consensus-driven, voluntary, and principles-based framework that allows member states to navigate their unique challenges and capacities...
Read More