Artificial Intelligence Act
Status: In force
- In force since 1 August 2024
- Application on 2 August 2026 (2 years after its entry into force) of generally all rules of the AI Act including obligations for high-risk systems defined in Annex III (list of high-risk use cases), with certain exceptions where obligations are applicable earlier/later. Exceptions in detail:
- 2 February 2025: Member States shall phase out prohibited systems and companies need to comply with the AI literacy requirement;
- 2 August 2025: obligations for new general purpose AI models become applicable;
- 2 August 2027: obligations for high-risk systems defined in Annex I (list of Union harmonisation legislation) apply.
Summary
The AI Act introduces EU-wide minimum requirements for AI systems and proposes a sliding scale of rules based on the risk: the higher the perceived risk, the stricter the rules. AI systems with an ‘unacceptable level of risk’ will be strictly prohibited and those considered as ‘high-risk’ will be permitted but subject to the most stringent obligations. The AI Act is also regulating foundation models and generative AI systems under the label of ‘General Purpose AI’ with a specific set of obligations.
Scope
Applies in varying degrees to providers, users, end-product manufacturers, importers or distributors of AI systems, depending on the risk.
Key elements
- Risk-based approach to AI systems: the higher the perceived risk, the stricter the rules. AI systems with an ‘unacceptable level of risk’ to European fundamental rights, like social scoring by governments, will be strictly prohibited. ‘High-risk’ systems, like automated recruitment software, will be subject to the most stringent obligations and limited-risk systems, like chatbots and deep fakes, will be subject to transparency rules. Free use of minimal-risk systems like AI enabled video games or SPAM filter.
- Specific regulation on General Purpose AI (foundation models), tiered approach with baseline obligations for all General Purpose AI (GPAI) systems and models, and add-on obligations for GPAI models with ‘systemic risks’.
- Developers of high-risk AI systems must conduct a self-conformity assessment. High-risk AI systems and foundation models must be registered in an EU database.
- Fines:
- up to €35m or 7% of global annual turnover for infringements on prohibited practices or non-compliance related to requirements on data;
- up to €15m or 3% of global annual turnover for other requirements or obligations of AI Act, including the rules on general-purpose AI models;
- up to €7.5m or 1% of global annual turnover for providing incorrect information, incomplete or misleading information.
Challenges
- Legal uncertainty from self-conformity assessment
- High administrative burden from documentation obligations, including:
- Risk management system
- Registration of stand-alone AI systems in EU database
- Declaration of conformity needs to be signed
- For generative AI: Sufficiently detailed summary of copyrighted material training data, safeguards to ensure legality of output
- Overlap with GDPR / redundancies
Blogs
Author(s): Christine Lyon, Giles Pratt, Christoph Werkmeister
- ai
- asia-pacific
- cyber security
- data
- data protection
- e-commerce
- eu ai act
- eu data act
- eu digital strategy
- europe
- european data spaces
- gdpr
- ico
- internet of things
- regulatory framework
- tech media and telecoms
- us
- americas
- global
- innovation
- platforms
Author(s): Satya Staes Polet, Raquel Flórez, David Mendel, Leonhard Prasser, Hubertus Reinbach, Flavia Lang, Brunhilde Van Den Haute, Olga Chislova, Matteo Tola, Guy Huffen, Marina Sokolova, Blaise Nsenguwera
- ai
- employment
- eu ai act
- eu ai act series
- gdpr
Author(s): Verena Kirchmair, Victor Garcia Lopez, Christoph Werkmeister, Theresa Ehlen, Lutz Riede, Philipp Roos
- ai
- data
- eu ai act
- eu ai act series
- europe
Author(s): Richard Bird, Lutz Riede, Benjamin Blum, Cedric Lindenmann
- ai
- eu ai act
- eu ai act series
Author(s): Richard Bird, Cedric Lindenmann
- ai
- eu ai act
- eu ai act series
Author(s): Richard Bird, Cedric Lindenmann
- ai
- eu ai act
- eu ai act series
Author(s): Laura Knoke, Christoph Werkmeister, Elena Brandt, Elena Engels
- ai
- eu ai act
- eu ai act series
Author(s): Christoph Werkmeister, Theresa Ehlen, Lutz Riede, Philipp Roos, Yvonne Wolski
- eu ai act
- eu ai act series
- ai
Author(s): Lutz Riede, Sean Quinn, Aaron Stanislawski, Verena Kirchmair, Yannick Chatard
- ai
- eu ai act
- eu ai act series
Author(s): Natalie Pettinger Kearney, David Sewell, Janina Heinz, Victor Garcia Lopez, Daniel Klingenbrunn
- ai
- eu ai act
- europe
- financial services
- financial institutions
- fintech
- regulatory
- tech media and telecoms
Author(s): Christoph Werkmeister, Theresa Ehlen, Lutz Riede, Philipp Roos, John-Markus Maddaloni
- ai
- eu ai act
- eu ai act series
Author(s): Satya Staes Polet, Boris Dzida, Julia Förster, Sarah Rohmann, Brunhilde Van Den Haute, Hubertus Reinbach, Olga Chislova, Giovanni Gaudio
- ai
- employment
- ai in the workplace
- eu ai act
Author(s): Laura Knoke, Lutz Riede, Christoph Werkmeister, Theresa Ehlen, Philipp Roos, Verena Kirchmair, Yannick Chatard
- ai
- eu ai act
- eu ai act series
Author(s): Christoph Werkmeister, Theresa Ehlen, Lutz Riede, Philipp Roos, Victor Garcia Lopez, Vincent Fischer
- ai
- eu ai act
- eu ai act series
Author(s): Gernot Fritz, Theresa Ehlen, Tina Fokter Cuvan
- ai
- eu ai act
- eu ai act series
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Philipp Roos, Jan Niklas Di Fabio
- ai
- eu ai act
- eu ai act series
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Philipp Roos, Lena Isabell Loeber
- ai
- eu ai act
- eu ai act series
Author(s): Janina Heinz, Philipp Roos, Daniel Klingenbrunn
- ai
- cyber security
- eu ai act
- fintech
- gdpr
- innovation
- regulatory
Author(s): Christoph Werkmeister, Laura Knoke, Philipp Roos, John-Markus Maddaloni
- data
- data protection
- eu ai act
- eu digital strategy
- gdpr
- innovation
- platforms
Author(s): Christoph Werkmeister, Theresa Ehlen, Lutz Riede, Philipp Roos, Christian Sosna
- ai
- eu ai act
- eu ai act series
Author(s): Theresa Ehlen, Gernot Fritz, Adam Gillert, Julia Utzerath, Björn Lambrenos
- ai
- eu ai act
Author(s): Theresa Ehlen, Beth George, Giles Pratt, Adam Gillert
- ai
- eu ai act
- global
- europe
- tech media and telecoms
- americas
- asia-pacific
- data
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Miriam Benmoussa, Philipp Roos
- ai
- eu ai act
- eu ai act series
Author(s): Christoph Werkmeister, Theresa Ehlen, Philipp Roos, Johanna Voget
- ai
- eu ai act
- eu ai act series
Author(s): Theresa Ehlen, Christoph Werkmeister, Philipp Roos, Felix Müller-Eising
- ai
- eu ai act
- eu ai act series
Author(s): Christoph Werkmeister, Theresa Ehlen, Philipp Roos, Benjamin Blum
- ai
- eu ai act
- eu ai act series
Author(s): Lutz Riede, Oliver Talhoff, Matthias Hofer
- ai
- intellectual property
- eu ai act
- eu digital strategy
- eu dsm directive
Author(s): Thomas Mollnhuber
- ai
- eu ai act
- eu digital strategy
- europe
- innovation
- regulatory
- corporate
Author(s): Rikki Haria, Theresa Ehlen, Christine Lyon, Jeanne Queneudec, Edward Dean, Christine Chong, Laura Llangozi
- ai
- consumer
- corporate
- cyber security
- data protection
- employment
- eu ai act
- europe
- innovation
- intellectual property
- tech media and telecoms
Author(s): Beth George, Natasha Good, Giles Pratt
- ai
- data
- eu ai act
- eu ai liability directive
- europe
- global
- regulatory
- tech media and telecoms
- us
Author(s): Thomas Mollnhuber
- ai
- corporate
- data
- eu ai act
- innovation
- legaltech
- mergers and acquisitions
- tech media and telecoms
Author(s): Theresa Ehlen, Adam Gillert, Julia Utzerath, Björn Lambrenos
- ai
- data
- data protection
- eu ai act
- eu ai liability directive
- eu data act
- eu digital strategy
- europe
- global
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Giles Pratt, Rachael Annear, Victor Garcia Lopez, Julia Utzerath
- ai
- eu digital strategy
- eu ai act
Author(s): Christoph Werkmeister, Enrico Castellani, Giuseppe Curtò, Laura Bellezza
- ai
- eu digital strategy
- eu ai liability directive
- eu ai act
- data protection
- data
Author(s): Lutz Riede, Katie Hyewon Sa, Dora Bertrandt, Adam Gillert
- ai
- data
- eu ai act
- global
- europe
Author(s): Rachael Annear, Giles Pratt, Beth George, Brock Dahl, Adam Gillert, Björn Lambrenos
- ai
- data
- data protection
- eu ai act
- eu ai liability directive
- global
- gdpr
- tech media and telecoms
- standards
Author(s): Rachael Annear, Giles Pratt, Beth George, Brock Dahl, Adam Gillert, Björn Lambrenos
- ai
- eu ai act
- eu ai liability directive
- standards
- tech media and telecoms
- global
Author(s): Lutz Riede, Oliver Talhoff, Matthias Hofer
- ai
- eu ai act
- eu digital strategy
- intellectual property
- tech media and telecoms
Author(s): Natalie Pettinger Kearney, Christoph Werkmeister, Victor Garcia Lopez
- eu digital strategy
- eu ai act
- ai
AI Act - The Parliament has had its say and final negotiations between co-legislators will start now
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Julia Utzerath, Eugene McQuaid, Victor Garcia Lopez
- eu digital strategy
- ai
- eu ai act
Author(s): Lutz Riede, Giles Pratt, Matthias Hofer, Alexandra Morgan
- ai
- intellectual property
- eu digital strategy
- eu ai act
- eu dsm directive
Author(s): Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Satya Staes Polet, Julia Utzerath, Eugene McQuaid, Victor Garcia Lopez
- ai
- eu digital strategy
- eu ai act
- eu digital services act
Author(s): Philipp Roos, Christoph Werkmeister, Vinita Kailasanath
- medtech
- life sciences
- eu digital strategy
- eu ai act
Author(s): Rachael Annear, Andrew Austin, Claudia Chan, Adam Gillert, Hannah Walker Gore, Maxwell Smith, Haris Ismail
- gdpr
- ai
- data
- data protection
- ico
- tech media and telecoms
- europe
- product liability
- eu digital strategy
- eu ai act
Author(s): Christoph Werkmeister, Michael Schwaab, Annabelle Hamelin
- eu digital strategy
- eu digital services act
- eu digital markets act
- eu nis2 directive
- eu data governance act
- eu data act
- eu ai act
- eu cyber resilience act
- eu ai liability directive
- gdpr
Author(s): Giles Pratt, Rachael Annear, Maxwell Smith, Katie Hyewon Sa, Claudia Chan, Adam Gillert
- ai
- data
- tech media and telecoms
- innovation
- europe
- gdpr
- intellectual property
- data protection
- eu digital strategy
- eu ai act
- eu ai liability directive
Author(s): Vinita Kailasanath, Sora Park
- life sciences
- eu data act
- eu ai act
Author(s): Andrew Austin, Theresa Ehlen, Christoph Werkmeister, Victor Garcia Lopez
- ai
- product liability
- eu digital strategy
- eu ai act
- eu ai liability directive
- eu digital services act
Author(s): Julia Utzerath, Theresa Ehlen, Christoph Werkmeister, Eugene McQuaid
- cyber security
- data
- internet of things
- product liability
- eu digital strategy
- eu cyber resilience act
- eu nis2 directive
- eu ai act
- eu data act
- gdpr
Author(s): Alexander Bothe, Christoph Werkmeister
- ai
- financial institutions
- data
- fintech
- europe
- eu digital strategy
- eu ai act
Author(s): Sam Hancock, Giles Pratt
- ai
- eu digital strategy
- eu ai act
