AI Sigil Logo
Contact Us
Back to all insights
A lock and key symbolizing security and regulation

Sections

EU AI Act: Milestones and Compliance Challenges Ahead

The EU AI Act: Key Milestones and Compliance Challenges

The European Union Artificial Intelligence Act (EU AI Act) is fundamentally transforming the regulatory environment for AI development and deployment, both within Europe and on a global scale. This article provides an overview of the EU AI Act’s phased implementation, compliance challenges, and future implications for organizations involved in AI technologies.

Phased Rollout: Understanding the Timeline

The EU AI Act is being implemented in several significant stages:

  • February 2, 2025: The first obligations took effect, focusing on AI literacy and prohibiting certain high-risk AI practices.
  • May 2, 2025: The delayed publication of the Code of Practice for general-purpose AI (GPAI) models was anticipated, though significant pushback from industry leaders has postponed its finalization.
  • August 2, 2025: Governance rules and obligations for GPAI models on the market will come into force.
  • August 2, 2026: The majority of the EU AI Act’s requirements will become fully enforceable.
  • 2030: Final implementation steps, especially for the public sector, will be completed.

This phased approach allows organizations time to adapt but also creates a complex compliance environment.

The EU AI Act in a Nutshell

  • World’s first comprehensive AI regulation: The EU AI Act sets a global precedent, with its ultimate impact yet to be fully realized.
  • Dense legislation: The Act comprises over 450 pages, including 68 new definitions and nearly 200 recitals.
  • Risk-based approach: Obligations scale with the risk level of the AI system, categorized from prohibited practices to high-risk and low-risk categories.
  • Wide applicability: The Act applies to developers, deployers, affected individuals, importers, and distributors, regardless of their geographical location.
  • Severe sanctions: Fines can reach up to 7% of global turnover or €35 million, surpassing penalties under the GDPR.
  • Dual enforcement: Both national supervisory authorities and the new EU AI Office will have enforcement powers.

Early Compliance: What’s Happened Since February 2025?

The initial obligations concerning AI literacy and prohibited practices have ignited significant activity across organizations:

  • AI literacy: Companies are implementing training programs to ensure staff understand AI risks and regulatory requirements.
  • Prohibited practices: Organizations are conducting audits to ensure compliance and avoid engaging in prohibited activities.

Defining ‘AI System’: Persistent Challenges

A significant challenge remains in determining whether a solution qualifies as an “AI system” under the EU AI Act. The European Commission emphasizes a holistic, case-by-case assessment based on various criteria, leading to concerns about “AI washing”, where products are overlabelled as AI-enabled for marketing purposes.

GPAI Models and the Code of Practice

Regulating general-purpose AI models, such as large language models, is a primary focus of the Act:

  • GPAI models: These are core AI technologies capable of a broad range of tasks (e.g., GPT-4).
  • AI systems: These are applications built on GPAI models, tailored for specific use cases (e.g., ChatGPT).

Obligations differ for GPAI model providers versus AI system providers, with the Code of Practice designed to facilitate compliance. Despite its voluntary nature, adherence to the Code may influence enforcement decisions.

Transparency Obligations: A Shared Responsibility

Transparency is a cornerstone of the EU AI Act. GPAI model providers must maintain up-to-date documentation and share it with both the EU AI Office and downstream system providers. In turn, system providers are required to inform users about the capabilities and limitations of the AI technologies they utilize.

Enforcement: When Do the Teeth Come Out?

While compliance is required for certain obligations already, enforcement mechanisms, including fines and penalties, will only become active from August 2025 (with a later date for GPAI models). National authorities are still being designated, but affected individuals and entities can seek injunctions in national courts.

Key Takeaways

  • The EU AI Act is complex, far-reaching, and continues to evolve.
  • Initial obligations focus on improving AI literacy and prohibiting harmful practices.
  • Defining what counts as an “AI system” remains a challenging task.
  • The upcoming Code of Practice for GPAI models is a critical but currently delayed aspect of the regulation.
  • Transparency obligations impact both GPAI model and AI system providers.
  • Enforcement will significantly increase from mid-2025.

Organizations operating in or engaging with customers in the EU must proactively engage in compliance efforts to navigate this new regulatory landscape effectively.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More