The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive horizontal regulation of artificial intelligence systems. It entered into force on August 1, 2024 and applies in tiered phases: prohibitions on unacceptable-risk practices apply from February 2, 2025; obligations for general-purpose AI (GPAI) models from August 2, 2025; and the bulk of high-risk system requirements from August 2, 2026, with extended timelines for high-risk systems embedded in regulated products through 2027. The Act takes a risk-based approach, sorting systems into prohibited, high-risk, limited-risk (transparency obligations), and minimal-risk tiers. Enforcement is split between the European Commission's AI Office (for GPAI and cross-border matters) and national market-surveillance authorities. Maximum fines reach €35 million or 7% of worldwide annual turnover for prohibited practices, whichever is higher.
What does EU AI Act actually require?
Key obligations include: Classify each AI system against the Act's risk tiers (prohibited, high-risk per Annex III, limited-risk, or minimal-risk) and document the determination.; For high-risk systems: implement a risk management system, data governance, technical documentation, automatic logging, transparency to deployers, human oversight, and accuracy/robustness/cybersecurity measures.; Register stand-alone high-risk systems in the EU public database before placing them on the market.; Conduct a conformity assessment (self-assessment for most Annex III systems; notified-body assessment for biometric and certain product-embedded systems) and obtain CE marking.; Providers of general-purpose AI models: publish a training-data summary, comply with EU copyright law, and (for models with systemic risk) conduct adversarial testing and report serious incidents.; Deployers of high-risk systems: ensure human oversight, monitor operation, retain logs for at least six months, and conduct a fundamental-rights impact assessment for public bodies and certain private actors..
Who is in scope of EU AI Act?
EU AI Act is in_force in EU. Scope attaches based on jurisdiction and the role a company plays in the AI supply chain. See /frameworks/eu-ai-act for the full scope note and source links.
When does EU AI Act take effect?
The primary enforcement date is 2026-08-02. Some provisions may phase in earlier or later — see the framework brief for the full timeline.
What are the penalties?
Maximum penalties: Tiered (Art. 99): up to €35M or 7% of global turnover for prohibited practices (Art. 5); up to €15M or 3% for high-risk and GPAI obligation violations; up to €7.5M or 1% for supplying misleading information. SMEs/start-ups: lower of the two thresholds (Art. 99(6)).. Enforcement is carried out by the designated authorities in the jurisdiction.
Which vendors help with EU AI Act compliance?
In our directory, the following vendors reference EU AI Act in their compliance coverage: Credo AI, Holistic AI, Fiddler AI, CalypsoAI, Monitaur, Trustible, FairNow, Fairly AI, Saidot, LatticeFlow AI, Lakera, HiddenLayer. Each profile links to the public source for the claim.