EU AI Act
Compliance Guide
Regulation (EU) 2024/1689 — what it means for your organisation, which AI systems are affected, and what you must do before August 2026.
The world's first comprehensive AI regulation
The EU AI Act (Regulation (EU) 2024/1689) is the first legally binding regulation governing artificial intelligence across all sectors. It entered into force on 1 August 2024 with a phased enforcement schedule.
Scope
Applies to AI providers, deployers, importers, and distributors placing systems on the EU market or affecting EU residents — regardless of where they are established.
Obligations
Risk-proportionate requirements: from transparency disclosures for limited-risk systems to full conformity assessments, Annex IV documentation, and human oversight for high-risk AI.
Timeline
Prohibited AI provisions from Feb 2025. GPAI model rules from Aug 2025. Full high-risk AI enforcement from 2 August 2026. Regulated products extension from Aug 2027.
Four risk tiers — four different sets of obligations
The EU AI Act uses a risk-based approach. Your obligations depend entirely on how your AI system is classified.
Prohibited AI Practices
Examples
- Social scoring systems by public authorities
- Subliminal or manipulative AI techniques
- Exploitation of vulnerabilities (age, disability)
- Real-time remote biometric identification in public spaces
Obligations
- Immediate cessation required
- No derogations available
- Criminal liability possible
High-Risk AI Systems
Examples
- Employment screening, CV/résumé scoring
- Credit scoring and financial assessment
- Critical infrastructure management
- Educational assessment and admissions
Obligations
- Annex IV technical documentation
- Conformity assessment before deployment
- Human oversight mechanisms (Art. 14)
- Post-market monitoring (Art. 72)
- EU database registration
- Fundamental rights impact assessment
Limited Risk AI
Examples
- Chatbots and conversational AI
- AI-generated synthetic media
- Deepfake content generation
- AI-generated text, images, audio
Obligations
- Disclose AI nature to users
- Label synthetic content
- Transparency about AI interaction
Minimal Risk AI
Examples
- Spam and content filters
- AI in video games
- Simple recommendation engines
- Predictive text / autocomplete
Obligations
- No mandatory obligations
- Voluntary codes of conduct recommended
High-risk AI system categories
Annex III lists the eight categories of AI systems classified as high-risk regardless of deployment context.
Critical Infrastructure
Energy grid management, water supply, transport systems
Education & Vocational Training
Student assessment, admissions, personalised learning
Employment & Worker Management
CV screening, performance monitoring, task allocation
Access to Essential Services
Credit scoring, insurance risk, social benefits eligibility
Law Enforcement
Risk profiling, evidence reliability assessment, crime prediction
Migration & Asylum
Visa risk assessment, document authentication, threat detection
Administration of Justice
Legal research assistance, case outcome prediction
Democratic Processes
Voter profiling, election infrastructure, influence detection
The cost of non-compliance
Prohibited AI violations
High-risk AI non-compliance
Incorrect information to authorities
Know your AI systems.
Govern your risk.
Join the enterprises building defensible, auditable AI compliance infrastructure. Full visibility into every AI system — from first commit to live inference.