EU AI Act
Compliance · 6 min
The EU AI Act (Regulation 2024/1689) was published on 12 July 2024 and entered into force on 1 August 2024. It is the world's first comprehensive AI regulation. Some obligations — such as the prohibitions (Art. 5) and AI literacy (Art. 4) — have been applicable since 2 February 2025. Full application with enforcement and penalties starts from 2 August 2026.
Art. 4 AI Literacy ALREADY APPLIES
The AI literacy obligation (Art. 4) has been in force since 2 February 2025. There is no single certification, no mandatory AI Officer role, and no one-size-fits-all training requirement. Enforcement and supervision starts from August 2026.
Risk Classes
| Class | Examples | Requirements |
|---|---|---|
| Unacceptable | Social scoring, manipulation | BANNED |
| High | HR, credit, biometric | Full compliance |
| Limited | Chatbots, deepfakes | Transparency |
| Minimal | Spam filters | None |
Typical Business AI Scenarios
| Scenario | Risk Level | Obligations |
|---|---|---|
| LLM for content creation | Minimal to Limited | Transparency when publishing without human review |
| AI customer support chatbot | Limited | Users must know they are talking to AI. If it makes service decisions, may be high-risk. |
| Internal productivity (email, code, summaries) | Minimal | No specific obligations, but documentation recommended |
| AI for recruiting (CV screening, candidate ranking) | High | Full compliance: documentation, risk management, human oversight |
High-Risk Requirements Detail
- Risk management system: Documented, ongoing process to identify, analyze, and mitigate risks — not a one-time assessment
- Data governance: Training and test data must meet quality criteria. Document data sources, preparation methods, and potential biases
- Technical documentation: Detailed documentation before market placement including intended purpose, design methodology, and test results
- Record-keeping: Automatic logging of AI system operations for traceability. Provide to authorities on request
- Transparency: Clear information about capabilities, limitations, and intended use
- Human oversight: Humans can understand capabilities and limits, intervene in decisions, and choose not to use the system
Timeline
- 12 Jul 2024: Published in EU Official Journal
- 1 Aug 2024: Entered into force
- 2 Feb 2025: Prohibitions (Art. 5) + AI Literacy (Art. 4) ALREADY APPLY
- 2 Aug 2025: Governance rules + GPAI models
- 2 Aug 2026: Full application (high-risk etc.) + enforcement/supervision starts
- 2 Aug 2027: High-risk AI in regulated products
Penalties
- Unacceptable risk: EUR 35M or 7% global revenue
- Non-compliance: EUR 15M or 3% global revenue
- Incorrect information: EUR 7.5M or 1% global revenue
What Local AI Helps With
- No third-country transfer
- Full documentation possible
- Transparency easier to implement
- Data stays in EU
Sources
Next step: operationalize compliance
Use ready-to-run GDPR templates, checklists and practical guidance for AI systems that need documentation and auditability.
Why AI Engineering
- Local and self-hosted by default
- Documented and auditable
- Built from our own runtime
- Made in Austria
Not legal advice.