AI Sigil Logo
Contact Us
Back to all insights
A compliance checklist

Sections

EU AI Act: Key Compliance Challenges Ahead

The EU AI Act Comes into Force: Implications for Compliance and Risk

On 2 February 2025, the European Union enacted significant provisions of its Artificial Intelligence Act (EU AI Act), which are now legally binding. This landmark legislation introduces critical obligations regarding prohibited AI practices and AI literacy requirements, setting a precedent for AI governance throughout the EU. The Act raises essential questions for businesses, AI developers, and regulators about compliance and enforcement.

Provisions Now in Force

The EU AI Act establishes a risk-based framework that categorizes AI systems into four tiers: unacceptable, high-risk, limited risk, and minimal risk. As of February 2025, the following provisions have been activated:

  • Prohibited AI Practices: Certain AI applications are banned due to their potential to violate fundamental rights. These include:
    • Subliminal Manipulation: AI systems designed to manipulate individuals beyond their conscious awareness, potentially causing harm.
    • Exploitation of Vulnerable Groups: AI targeting children, disabled individuals, or economically disadvantaged people in harmful ways.
    • Social Scoring: The use of AI to rank individuals based on behavior, socio-economic status, or personal characteristics, leading to discriminatory treatment.
    • Real-Time Biometric Identification in Public Spaces: Except in specific law enforcement scenarios, the use of AI for biometric surveillance is largely prohibited.
  • AI Literacy Requirements: Companies deploying AI in high-risk sectors must ensure that affected individuals understand how these systems function, their limitations, and how to challenge automated decisions.

Who Must Comply?

The provisions in force apply to AI developers, deployers, and service providers operating within the EU or offering AI-based services to EU citizens. This includes:

  • AI Developers: Companies creating AI tools, particularly in sensitive areas such as biometric surveillance, predictive policing, or automated decision-making.
  • Businesses and Public Sector Organizations: Those employing AI in sectors like finance, healthcare, recruitment, public services, and law enforcement must align with the new obligations.
  • Non-EU Companies: The extraterritorial scope of the EU AI Act means that any company offering AI services within the EU must also comply, similar to the General Data Protection Regulation (GDPR).

Implications for Compliance

Organizations affected by the new rules must take immediate steps to:

  • Conduct AI Risk Assessments: Businesses should audit their AI models to ensure compliance with prohibitions and literacy requirements.
  • Implement AI Transparency Measures: AI deployers must provide clear information to end users about how AI decisions are made and their rights to contest them.
  • Enhance Internal Governance: Establishing AI ethics committees, compliance teams, and risk mitigation strategies is essential.

Non-compliance could lead to severe financial penalties, with fines reaching up to €35 million or 7% of global annual turnover, underscoring the EU’s strict stance on AI governance.

Challenges, Risks, and Legal Uncertainty

Despite the Act’s clear prohibitions, significant challenges remain:

  • Interpretation and Enforcement Gaps: Regulators must clarify how “subliminal manipulation” or “exploitation of vulnerabilities” will be assessed.
  • Impact on Innovation: Restrictions on biometric surveillance and AI-driven social scoring may hinder AI development in security and financial technology sectors.
  • Enforcement Capacity: National regulators may struggle to monitor compliance effectively, especially as AI technology evolves rapidly.
  • Diverging Global Regulations: The EU’s AI governance model differs from approaches in the United States and China, complicating compliance for multinational companies.

What Comes Next?

While the banned AI practices and literacy requirements are now binding, additional provisions for high-risk AI systems and general-purpose AI models will come into force in phases over the next few years. Organizations must remain proactive in monitoring legal updates and refining their AI governance strategies. The activation of these provisions signals the EU’s commitment to responsible AI development, but also introduces regulatory uncertainty. As enforcement mechanisms evolve and legal interpretations solidify, companies operating in the AI sector must remain agile in adapting to this changing regulatory landscape.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More