Beginners in AI

What is the AI Act (EU)? — AI Glossary

James Swierczewski's avatar

James Swierczewski

·

glossary_b4_glossary-what-is-the-ai-act-eu

The EU AI Act is the world’s first comprehensive law governing artificial intelligence, passed by the European Parliament in March 2024 and entering into force in August 2024. It takes a risk-based approach — the stricter the potential harm, the heavier the regulatory requirements. From outright bans on social scoring systems to documentation requirements for AI in hiring and healthcare, the AI Act is reshaping how AI is developed and deployed for any company operating in or selling to the European market.

Learn Our Proven AI Frameworks

Beginners in AI created 6 branded frameworks to help you master AI: STACK for prompting, BUILD for business, ADAPT for learning, THINK for decisions, CRAFT for content, and CRON for automation.

The Risk-Tiered Structure

The AI Act organizes AI systems into four risk tiers:

  • Unacceptable risk (banned): Social scoring by governments, real-time biometric surveillance in public spaces, AI that manipulates people through subliminal techniques, AI that exploits vulnerabilities (age, disability) to influence behavior, and predictive policing based solely on profiling.
  • High-risk AI: AI systems used in: critical infrastructure (power, water), educational credentialing, employment and HR decisions, essential private services (credit, insurance), law enforcement, migration and asylum, administration of justice. These face strict requirements: risk management systems, data governance, documentation, transparency, human oversight, accuracy, and robustness testing.
  • Limited risk: AI systems like chatbots that interact with users must disclose they are AI. Generative AI must label AI-generated content.
  • Minimal risk: AI applications like spam filters, AI in video games, and recommendation systems face no new requirements beyond existing law.

Special Rules for Frontier Models (GPAIs)

The AI Act introduced a new category: General Purpose AI (GPAI) models — foundation models with broad capabilities that can be used across many applications. Models like GPT-4, Claude, and Gemini fall here. Requirements include:

  • Technical documentation of model capabilities and limitations
  • Compliance with EU copyright law for training data
  • Summaries of training data
  • For “systemic risk” models (above 10^25 FLOPs training compute threshold): adversarial testing, incident reporting, cybersecurity measures, and annual model evaluations by the AI Office

The GPAI rules were particularly controversial and were heavily negotiated with AI labs before finalization. The 10^25 FLOP threshold currently captures GPT-4 and Gemini Ultra-scale models.

Implementation Timeline and Enforcement

The AI Act phases in over time:

  • August 2024: Act enters into force
  • February 2025: Bans on prohibited AI applications take effect
  • August 2025: GPAI model obligations apply
  • August 2026: High-risk AI system obligations fully apply

Enforcement is primarily through national Market Surveillance Authorities in each EU member state, coordinated by a new EU AI Office. Fines reach €35 million or 7% of global annual turnover for prohibited AI violations — exceeding even GDPR penalties.

The AI Act’s significance extends beyond the EU: the “Brussels Effect” means many global companies adopt EU-standard compliance globally rather than maintaining separate systems. This mirrors how GDPR became a de facto global privacy standard. Combined with broader AI regulation trends and responsible AI practices, the AI Act is reshaping global AI governance norms.

Key Takeaways

  • The EU AI Act is the world’s first comprehensive AI law, using a risk-tiered approach from banned to minimal-risk.
  • High-risk AI (healthcare, hiring, credit, law enforcement) faces strict documentation, oversight, and testing requirements.
  • Frontier models (GPAIs) have specific transparency and, above a compute threshold, safety evaluation requirements.
  • Fines reach €35M or 7% of global turnover for the most serious violations.
  • The Brussels Effect means EU AI Act standards are influencing AI governance globally, not just in Europe.

Frequently Asked Questions

Does the EU AI Act apply to US companies?

Yes, if they deploy AI in the EU or their AI affects EU residents. The extraterritorial reach is similar to GDPR — location of the data subject (EU resident), not the company, determines applicability. Any company selling AI-enabled products or services to EU customers must comply.

What is a conformity assessment under the AI Act?

High-risk AI systems must undergo a conformity assessment before deployment — a review demonstrating the system meets all AI Act requirements. For most high-risk systems, this can be done via self-assessment with documentation. For certain AI (like biometrics), independent third-party assessment is required.

What is the EU AI Office?

The AI Office is a new body within the European Commission created to oversee implementation of the AI Act, particularly for GPAI models. It’s responsible for creating codes of practice, conducting evaluations of systemic-risk models, and coordinating with national authorities. It’s essentially the EU’s AI regulator at the supranational level.

Is open-source AI exempt from the AI Act?

Partially. Open-source models with publicly available weights receive some exemptions from GPAI requirements. However, if an open-source model is used in a high-risk application, the high-risk deployment rules still apply to the deployer. And “systemic risk” open-source models above the compute threshold still face some requirements.

How does the AI Act relate to GDPR?

They complement each other. GDPR governs personal data processing — including training data and inference on personal data. The AI Act governs AI system deployment and risk. A single AI system may be subject to both: GDPR for how it uses personal data, AI Act for whether it constitutes high-risk AI. Compliance programs need to address both frameworks simultaneously.

Want to go deeper? Browse more terms in the AI Glossary or subscribe to our newsletter for daily AI concepts explained in plain English.

Free download: Get the Beginners in AI Report — free daily briefings on AI regulation, the EU AI Act, and global governance developments.

Sources

You May Also Like

Get free AI tips daily → Subscribe to Beginners in AI

Sources

This article draws on official documentation, product pages, and industry reporting. Specific sources are linked inline throughout the text.

Last reviewed: April 2026

Get Smarter About AI Every Morning

Free daily newsletter — one story, one tool, one tip. Plain English, no jargon.

Free forever. Unsubscribe anytime.

, , ,

Discover more from Beginners in AI

Subscribe now to keep reading and get access to the full archive.

Continue reading