The EU AI Act is the European Union's comprehensive regulatory framework for artificial intelligence, formally adopted in 2024 and entering into force in stages through 2027. It is the first comprehensive AI law in the world and establishes a risk-based regulatory approach: the requirements imposed on an AI system depend on the potential harm it could cause.
The Act defines four risk tiers. Prohibited AI practices are banned outright, including real-time biometric surveillance in public spaces, social scoring systems, and AI that manipulates behavior through subliminal techniques. High-risk AI systems, including those used in healthcare, education, employment, critical infrastructure, and law enforcement, face mandatory conformity assessments, technical documentation requirements, human oversight obligations, and registration in an EU database before deployment. Limited-risk systems like chatbots face lighter transparency requirements, primarily the obligation to disclose to users that they are interacting with AI. Minimal-risk systems face no specific obligations.
For organizations operating in the EU or selling AI products to EU-based customers, compliance timelines matter. Prohibited practices requirements took effect in February 2025. High-risk system requirements for most categories apply from August 2026, with some categories following in 2027. General-purpose AI model obligations, which apply to providers of large foundation models, have been in force since August 2025.
The EU AI Act has implications well beyond European borders. Large companies operating globally are likely to implement AI governance practices to the highest applicable standard across their operations rather than maintain separate compliance postures by jurisdiction. Like GDPR before it, the EU AI Act is expected to influence AI regulation in other jurisdictions and to shape the practices of multinational technology companies building on AI.