Provisions of the EU AI Act on AI Literacy and Unacceptable Risks
Effective from 2 February 2025, the provisions of Chapters 1 and 2 of the EU Regulation no. 2024/1689, which establishes harmonised rules on artificial intelligence (the “EU AI Act”), regarding AI literacy and the prohibition on the use of AI systems that pose unacceptable risks, have officially entered into force.
1. AI Literacy Obligations
As of 2 February 2025, providers of AI systems—those entities that develop, market, or put AI systems into service—alongside deployers—entities using AI systems in professional activities—are obligated to implement measures ensuring a sufficient level of AI literacy among their staff and other individuals involved in the operation and use of these systems. The concept of AI literacy encompasses the skills, knowledge, and understanding necessary to facilitate the informed deployment of AI systems while raising awareness of the potential opportunities, risks, and harms associated with AI.
Currently, there are no specific sanctions for breaches of these AI literacy obligations; however, compliance may influence the assessment of other breaches of the EU AI Act by relevant authorities.
2. Prohibited AI Systems
Starting from 2 February 2025, AI systems categorized as posing unacceptable risks—those that threaten fundamental rights, the rule of law, and the values of the European Union—are prohibited under Chapter 2 of the EU AI Act. The prohibited practices include:
- Manipulation and Deceptive Techniques: The marketing and use of AI systems that employ subliminal, manipulative, or deceptive techniques designed to materially distort human behavior.
- Exploitation of Vulnerabilities: The use of AI systems that exploit vulnerabilities of individuals based on age, disability, or socio-economic status to materially distort their behavior causing significant harm.
- Social Scoring: The practice of using AI for social scoring based on behavioral or personal attributes leading to unjustified detrimental treatment.
- Criminal Offense Risk Assessment: Profiling individuals to assess or predict criminal behavior using AI systems is prohibited.
- Unauthorized Facial Recognition Databases: The creation or expansion of facial recognition databases through untargeted scraping of images is banned.
- Emotion Recognition in Work and Education: The use of AI to infer emotions in workplace or educational settings is prohibited, except when justified for medical or safety reasons.
- Biometric Categorization: The categorization of individuals based on biometric data to deduce sensitive information, such as race or political opinions, is restricted.
- Real-Time Biometric Identification: The use of real-time remote biometric identification systems in public spaces for law enforcement is largely banned, with narrow exceptions.
Sanctions for non-compliance with these prohibitions are set to be enforced by 2 August 2025, providing for administrative fines of up to EUR 35,000,000 or 7% of total worldwide annual turnover of the entity in breach.
3. Does This Apply to You?
The regulatory scope of the EU AI Act is extensive, covering a wide array of AI activities and stakeholders. It applies to providers placing AI systems on the EU market, regardless of their origin, as well as deployers operating within the EU. Furthermore, entities established in third-party countries that utilize AI system outputs within the EU are also subject to these regulations.
Organizations involved in importing, distributing, or manufacturing products that integrate AI systems must comply with the EU AI Act’s requirements. The Act also extends its reach to individuals impacted by these systems within the EU.
