EU Artificial Intelligence Act

In Force

critical risk

European Union

August 2024 (phased: prohibitions Aug 2025, GPAI Aug 2025, high-risk Aug 2026)

critical risk framework

Any organization placing AI systems on the EU market or putting AI systems into service in the EU — including non-EU companies serving EU users.

Overview

The world's first comprehensive AI regulatory framework. Takes a risk-based approach, categorizing AI systems into four risk tiers: unacceptable risk (banned), high risk (regulated), limited risk (transparency obligations), and minimal risk (voluntary codes).

Key Requirements

Risk classification of all AI systems
Mandatory CE marking for high-risk AI
Human oversight requirements for high-risk systems
Transparency obligations for GPAI models
Right to explanation for automated decisions
Technical documentation and conformity assessment
Registration in EU database for high-risk systems
Post-market monitoring and incident reporting

Implementation Guidance

1Classify all AI systems by risk tier using the Act's Annex III criteria
2Appoint an EU AI Act compliance officer
3Conduct fundamental rights impact assessments for high-risk systems
4Implement technical documentation and QMS procedures
5Register qualifying high-risk systems in the EU AI database

Penalties for Non-Compliance

Up to €35M or 7% of global annual turnover for prohibited AI violations; up to €15M or 3% for other violations

Related Frameworks

NIST AI Risk Management Framework

United States

ISO/IEC 42001:2023 AI Management System

International

Framework Details

Short Name

EU AI Act

Jurisdiction

European Union

Status

In Force

Risk Level

critical

Enforcement Date