AI ACT | Shaping the digital future in Europe

The AI Act (Regulations (EU) 2024/1689 Exploring harmonious rules for artificial intelligence) is a comprehensive legal framework for AI around the world. The purpose of the regulations is to promote reliable AI in Europe.

The AI Act provides a clear set of risk-based rules for AI developers and deployers regarding the specific use of AI. The AI Act is part of a broader policy measure to support the development of trustworthy AI, including AI innovation packages, AI factories launches, and AI coordination plans. Together, these measures ensure safety, fundamental rights, and human-centered AI, and enhance AI intake, investment and innovation across the EU.

To facilitate the transition to a new regulatory framework, the committee launched AI PACT, a voluntary initiative that supports future implementation, engages with stakeholders, and invites AI providers and deployers from Europe.

Why are AI rules needed?

AI Act ensures that Europeans can trust what AI has to offer. While most AI systems are limited without risk and can contribute to solving many social challenges, certain AI systems create risks that must be addressed to avoid unwanted outcomes.

For example, it is often not possible to find out why an AI system made a decision or prediction and took a particular action. Therefore, it may be difficult to assess whether someone is unfairly disadvantaged, such as by applying for employment decisions or public interest schemes.

While existing laws provide some protection, they are not sufficient to address the specific challenges that AI systems may pose.

A risk-based approach

AI ACT defines four levels of risk in an AI system.

Unacceptable risk

All AI systems are considered to be a clear threat to people's safety, livelihoods and rights. The AI Act prohibits eight practicesi.e.:

Harmful AI-based manipulation and deception
Harmful AI-based exploitation of vulnerabilities
Social Scoring
Assessment or prediction of individual crime risks
Unreduced scraping of Internet or CCTV materials to create or extend facial recognition databases
Recognizing emotions in the workplace and in educational institutions
Biometric classification to estimate specific protected characteristics
Real-time remote biometric authentication for law enforcement purposes in publicly accessible spaces

High risk

AI use cases that can pose serious risks to health, safety, or fundamental rights are classified as high risk. these High risk Use cases include:

AI safety components of critical infrastructure (such as transport), their failures can put citizens' lives and health at risk
AI solutions used in educational institutions may determine someone's professional life education and access to courses (e.g. exam scoring)
AI-based safety components of the product (e.g. AI applications in robot-assisted surgery)
AI tools for employment, worker management, access to self-employment (e.g. CV-Sorting software for recruitment)
Certain AI use cases used to provide access to mandatory private and public services (e.g. credit scoring that denies the opportunity for citizens to obtain loans)
AI systems used for remote biometric authentication, emotional recognition, and biometric classification (e.g., AI systems that retrospectively identify shoplifting)
Cases of AI law enforcement use can hinder the fundamental rights of people (e.g., assessment of the credibility of evidence)
AI use cases for migration, asylum, and border management (e.g., automatic visa application inspections)
AI solutions used to manage judicial and democratic processes (e.g. AI solutions for preparing court decisions)

High-risk AI system It is subject to Strict obligation Before they hit the market:

Appropriate risk assessment and mitigation systems
A high-quality data set that supplies the system to minimize the risk of discriminatory outcomes
Logging activities to ensure results traceability
Detailed documentation that provides all the information needed for the system and the purpose of the authorities assessing compliance
Clear and appropriate information for the deployer
Appropriate human surveillance measures
High level of robustness, cybersecurity, accuracy

Limited risks

This refers to risks associated with the need for transparency regarding the use of AI. The AI Act introduces certain disclosure obligations to ensure that a person is notified when necessary to maintain trust. For example, when using AI systems such as chatbots, humans need to be aware that they are interacting with the machine so that they can make informed decisions.

Additionally, the provider of the generator AI must ensure that the content generated by the AI is identifiable. Additionally, content generated by a particular AI must be clearly and visibly labeled. That is, deep falsehood and texts are published with the aim of notifying the public about the matters of public interest.

Minimal or no risk

The AI Act does not introduce any AI rules that are considered minimal or no risk. Most of the AI systems currently used in the EU fall into this category. This includes applications such as AI-enabled video games and spam filters.

How does it actually work for a provider of high-risk AI systems?

Once AI systems are on the market, authorities are responsible for market surveillance, deployers ensure human surveillance and surveillance, and providers implement post-market surveillance systems. Providers and deployers also report serious incidents and malfunctions.

Solutions for reliable use of large AI models

The General Purpose AI (GPAI) model can perform a wide range of tasks and is the basis for many AI systems in the EU. Some of these models can involve systemic risks when highly capable or widely used. To ensure safe and reliable AI, the AI Act introduces rules to providers of such models. This includes transparency and copyright-related rules. For models that may involve systemic risks, providers should assess and mitigate these risks. The AI Act regulations regarding GPAI have come into effect from August 2025.

Compliance support

In July 2025, the committee introduced three key equipment to support responsible development and deployment of GPAI models.

Guidelines on the scope of provider obligations in the GPAI model clarify the scope of GPAI obligations under the AI Act and help actors along the AI value chain understand who must follow these obligations.
GPAI Code of Practice is a voluntary compliance tool submitted to the committee by independent experts and provides actionable guidance to help providers comply with their obligations under AI laws relating to transparency, copyright, safety and security.
The template for the public summary of training content for GPAI models must provide an overview of the data that the provider uses to train the model. This includes the source from which the data was retrieved (including the large dataset and top domain name). The template also requires information on aspects of data processing to enable parties with legitimate interests to exercise their rights under EU law.

These tools are designed to work hand in hand. Together, it provides a clear and practical framework for providers of the GPAI model to comply with AI laws, reduce administrative burdens, and promote innovation while protecting fundamental rights and public trust.

Governance and Implementation

The European AI Office and member state authorities are responsible for implementing, oversight and enforcement of AI laws. The AI Committee, Science Panel, and Advisory Forum pilot and advise on the governance of AI law. Learn more about AI Law governance and enforcement.

Application Timeline

The AI Act will come into effect on August 1, 2024 and will be fully applied two years later on August 2, 2026.

Prohibition and AI literacy obligations entered on the application form from February 2, 2025
Governance rules and obligations in the GPAI model now apply on August 2, 2025
High-risk AI systems rules – built into regulatory products – have an extended transition period until August 2, 2027

Source link