TAKEAIcourse.com
Get Started
Infrastructure & Ethics

EU AI Act

The European Union's risk-based AI regulation, the first comprehensive AI law from a major jurisdiction.

In common use since 2021

The EU AI Act is the European Union's risk-based regulation governing AI systems, formally entering into force in August 2024 with a phased application schedule running through 2027. It is the first comprehensive AI law from a major jurisdiction and has become the de facto template that other governments — including some US state legislatures — reference when drafting their own AI rules.

The Act takes a risk-based approach, classifying AI uses into four tiers:

  • Prohibited — social scoring by governments, real-time biometric ID in public spaces (with narrow exceptions), emotion recognition in workplaces and schools, predictive policing based on profiling. Banned outright.
  • High-risk — AI in critical infrastructure, education, employment, essential services, law enforcement, migration, justice. Subject to strict requirements: risk management, data governance, transparency, human oversight, accuracy, robustness, cybersecurity, conformity assessment.
  • Limited risk — chatbots, deepfakes, emotion recognition (where allowed). Transparency obligations: users must know they are interacting with AI; AI-generated content must be disclosed.
  • Minimal risk — most current commercial AI uses. No specific obligations beyond existing law.

Plus a separate set of rules for general-purpose AI models (foundation models / LLMs):

  • All GPAI — technical documentation, copyright compliance, training data summaries.
  • GPAI with systemic risk (above 10^25 FLOPS training compute) — additional model evaluations, adversarial testing, incident reporting, cybersecurity. The frontier model tier.

The phased application:

  • February 2025 — prohibited practices banned.
  • August 2025 — GPAI rules and governance structure (AI Office) operational.
  • August 2026 — most high-risk requirements apply.
  • August 2027 — high-risk requirements fully apply to systems already in use.

Why the EU AI Act matters for US companies in 2026:

  • Extraterritorial scope — applies to any AI system whose output is used in the EU, even if the provider is outside.
  • Fines — up to €35M or 7% of global turnover for prohibited practices; up to €15M or 3% for other violations.
  • Brussels Effect — EU rules tend to become global product baselines because companies prefer one compliant version to many regional variants.
  • De-facto template for US states — Colorado, California, New York and others have AI laws drawing heavily on EU AI Act concepts.

For a US team building AI products in 2026, the practical implications:

  • Audit your high-risk uses — if you have AI in hiring, lending, healthcare, education, employment evaluation or essential services and any EU users, high-risk obligations may apply.
  • Document your data and model decisions — the documentation requirements are extensive; treat this as compliance work, not optional.
  • Disclose synthetic content — chatbot disclosure and AI-generated content labelling are now mandatory for EU-facing products.
  • Watch the GPAI obligations — most companies are downstream users of frontier models, but contracts with providers should now include the data and documentation flow needed for compliance.
  • NIST AI RMF as a compatible framework — the US's NIST AI Risk Management Framework, while voluntary, maps reasonably well to EU AI Act expectations and is increasingly cited in US procurement.

The Act is genuinely consequential. It is also still a moving target — implementing acts, harmonised standards and enforcement guidance are being written through 2026 and 2027. Treat compliance as ongoing rather than a one-time project.

Related terms

NIST AI Risk Management FrameworkA voluntary US framework for managing risks across the AI lifecycle, increasingly cited in procurement.
AlignmentThe discipline of ensuring AI systems pursue the goals their developers and users actually want.
Model CardA standardised document describing an AI model's purpose, training, limitations and intended use.
AGI (Artificial General Intelligence)Hypothetical AI capable of matching or exceeding human performance across the full range of cognitive tasks.
ASI (Artificial Superintelligence)Hypothetical AI vastly exceeding human cognitive abilities across essentially all domains.
Copyright (and AI-generated works)The legal protection for original creative works; complicated when AI generates the output.

Keep exploring

Looking for something else? The full glossary covers 120+ AI terms updated for 2026.

Open the glossary
Chat on WhatsApp