The European Union has taken a landmark step in governing the rapidly advancing field of artificial intelligence with the implementation of its comprehensive AI Act. This pioneering regulation, the first of its kind globally, aims to establish a legal framework that fosters innovation while ensuring that AI systems developed and deployed within the EU are safe, transparent, non-discriminatory, and respect fundamental rights and human oversight. The Act represents a significant attempt to proactively address the potential risks associated with AI technology before they become widespread, setting a potential benchmark for other nations grappling with similar regulatory challenges.
The core of the EU AI Act is a risk-based approach, categorizing AI systems based on their potential impact on individuals and society. Systems deemed to pose an ‘unacceptable risk’ are outright banned. This category includes technologies considered a clear threat to people’s safety, livelihoods, and rights, such as social scoring systems used by governments, AI that manipulates human behavior to circumvent free will, and certain applications of predictive policing. The ban on these high-risk applications began applying from February 2, 2025, marking the first tangible enforcement milestone of the regulation.
A second tier identifies ‘high-risk’ AI systems, which, while not banned, are subject to stringent requirements before they can be put on the market. These systems are those that could negatively affect safety or fundamental rights. The Act divides these into two main groups: AI systems embedded in products already covered by EU product safety legislation (like toys, cars, medical devices, and aviation components) and specific AI systems listed in the Act due to their potential societal impact. This latter group includes systems used in critical infrastructure management, education, employment, essential services access (like credit scoring), law enforcement, migration control, and the administration of justice. These high-risk systems will face obligations related to data quality, documentation, transparency, human oversight, accuracy, and cybersecurity, with compliance deadlines set further out (36 months after entry into force) to allow developers time to adapt.
The Act also addresses specific uses of biometric identification. Real-time remote biometric identification (like facial recognition in public spaces) is generally prohibited but allowed in narrowly defined, exceptional circumstances for law enforcement purposes, such as searching for victims of serious crimes or preventing imminent threats like terrorist attacks, subject to strict safeguards and authorization. Post-remote biometric identification (analyzing recorded footage later) is permitted only for prosecuting serious crimes and requires prior judicial approval.
Furthermore, the regulation imposes transparency obligations on certain AI systems, even if not classified as high-risk. For example, AI systems like chatbots intended to interact with humans must disclose that users are interacting with an AI. Deepfakes or other AI-generated content must generally be labeled as such. General-purpose AI systems, particularly powerful foundation models, will also face specific transparency requirements, with rules coming into effect 12 months after the Act’s entry into force. The implementation timeline is staggered, allowing industry and institutions time to adjust, with codes of practice expected within nine months. The EU AI Act represents a complex but crucial effort to steer AI development in a direction aligned with European values, potentially influencing global standards for responsible AI governance.
Source: European Parliament
