Understanding the EU AI Act: Implications for Businesses

AI Act in a Nutshell

The EU’s AI Act is a groundbreaking regulation aimed at governing the use of artificial intelligence (AI) within the European Union. As of April 2025, this act is set to have a significant impact on businesses operating in this space, with its first real implementations just around the corner.

Core Objectives of the AI Act

The primary goals of the AI Act include:

• Creating a framework of trust for AI adoption
• Encouraging responsible innovation
• Protecting fundamental rights and user data

Key Timeline Milestones

Understanding the timeline of the AI Act is crucial for compliance:

• August 2024: Law enters into force
• February 2025: Ban on unacceptable risk AI systems
• May 2025: AI Office Codes of Practice ready
• August 2025: General-purpose AI model regulations become effective
• August 2026: Full application to all AI systems

Governance Structure

The Act establishes a two-level governance structure:

1. National authorities supervising AI systems
2. European Commission and AI Office regulating general-purpose AI models

While the legal complexity is significant, the goal remains straightforward: to make AI trustworthy while fostering innovation.

Risk Classification System

The AI Act introduces a four-tier risk classification system, which is essential for understanding compliance requirements:

• Unacceptable Risk (PROHIBITED):
  • Social scoring systems
  • Emotion recognition in workplaces/education
  • Biometric categorization systems that infer sensitive attributes
  • Scraping facial images from the internet
  • Manipulative or deceptive AI
• High Risk:
  • Medical devices
  • Recruitment systems
  • Critical infrastructure
  • Education and vocational training
  • Law enforcement systems
• Specific Transparency Risk:
  • Chatbots
  • Deepfakes
  • AI-generated content → Must clearly disclose they are AI-generated
• Minimal Risk:
  • Anti-spam filters
  • AI in video games
  • Most business applications

Compliance Challenges

Businesses face numerous challenges in adhering to the EU AI Act due to its complexity and stringent requirements. The penalties for violations can be severe, reaching up to 7% of global annual turnover or €35 million for breaches related to prohibited practices.

Before deploying any AI system, businesses must ensure compliance by assessing the AI system’s risk level, which will dictate their compliance obligations.

Conclusion

As organizations prepare for the upcoming regulations, it is crucial to stay informed about the requirements and implications of the AI Act. Engaging with trusted partners in the AI domain can provide valuable support in navigating this new regulatory landscape.