AI Sigil Logo
Contact Us
Back to all insights
A bridge

Sections

Understanding the EU AI Act’s Impact on Legacy Systems

Does the EU AI Act Apply to “Old” AI Systems?

As the discussion around artificial intelligence (AI) regulation intensifies, a pressing question emerges: What happens to AI systems that were built and deployed before the EU AI Act enters into force? The short answer is that the Act is generally not retroactive, but important exceptions and transitional obligations exist.

The Non-Retroactivity Principle

The AI Act is not retroactive, meaning that:

  • AI systems placed on the market or put into service before 2 August 2025 are largely exempt from the Act’s new obligations.
  • However, this exemption does not apply to certain prohibited AI practices under Article 5 of the Act.

Key Prohibited Practices Affecting All AI Systems

Regardless of when the AI system was deployed, the following uses are banned and must be phased out:

  • Social scoring by governments
  • Real-time biometric identification in public spaces (with limited exceptions)
  • Exploitative manipulation of vulnerable groups
  • Dark pattern AI designed to materially distort user behavior

Any legacy AI falling under these categories must be immediately remediated or discontinued.

Important Transition Dates & Compliance Triggers

When Do Legacy AI Systems Have to Comply?

1. Substantial Modification

If an AI system placed on the market before 2 August 2025 is substantially modified after 2 August 2026, it is treated as a new system and must comply fully with the AI Act.

  • Substantial modification refers to significant changes to design, functionality, or intended purpose (see Article 3(23), Recital 177).
  • The party performing the modification could be considered a quasi-provider and thus take on legal obligations.

2. Special Rules for General-Purpose AI Models (GPAI)

For foundation models like GPT, LLaMA, and similar systems:

  • Models already on the market before 2 August 2025 must comply with certain transparency, risk management, and copyright obligations starting 2 August 2027.
  • This transition period allows for auditing, policy updates, and implementation of safeguards against systemic risks.

3. Public Sector High-Risk AI Systems

Public authorities using high-risk AI systems deployed before 2 August 2025 have until 2 August 2030 to ensure full compliance.

  • The AI Act acknowledges the complexity and budget cycles of public administrations.
  • Providers and deployers in this space must retrofit, replace, or decommission older AI to meet requirements by this deadline.

4. Special Consideration: Large-Scale European Information Systems

Legacy AI systems used in critical EU public infrastructures (under Annex X, e.g., Schengen Information System, Eurodac):

  • Exempt only temporarily if deployed before 2 August 2027.
  • Any substantial modification triggers compliance immediately.
  • New deployments after this date must comply fully from the outset.

Summary: AI Act Applicability to Legacy AI

While the AI Act generally exempts legacy AI systems from most new obligations, non-compliance, especially related to prohibited practices or high-risk AI, can lead to substantial fines under Article 99. These penalties can reach up to €35 million or 7% of global annual turnover.

Importantly, the AI Act is not intended to hinder technological progress. Instead, it reflects the EU’s commitment to strike a balance between innovation and the protection of fundamental rights and critical infrastructure.

Effective AI Governance

Effective AI governance begins with proactive readiness. Organizations should first identify their most opaque or high-impact AI systems, those where risks and uncertainties converge, and prioritize these. From there, building a structured, risk-based AI management approach becomes not just a regulatory necessity but a strategic advantage.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More