Enforcement: 2 August 2026

EU AI Act
Compliance Guide

Regulation (EU) 2024/1689 — what it means for your organisation, which AI systems are affected, and what you must do before August 2026.

What Is the EU AI Act?

The world's first comprehensive AI regulation

The EU AI Act (Regulation (EU) 2024/1689) is the first legally binding regulation governing artificial intelligence across all sectors. It entered into force on 1 August 2024 with a phased enforcement schedule.

Scope

Applies to AI providers, deployers, importers, and distributors placing systems on the EU market or affecting EU residents — regardless of where they are established.

Obligations

Risk-proportionate requirements: from transparency disclosures for limited-risk systems to full conformity assessments, Annex IV documentation, and human oversight for high-risk AI.

Timeline

Prohibited AI provisions from Feb 2025. GPAI model rules from Aug 2025. Full high-risk AI enforcement from 2 August 2026. Regulated products extension from Aug 2027.

Risk Classification

Four risk tiers — four different sets of obligations

The EU AI Act uses a risk-based approach. Your obligations depend entirely on how your AI system is classified.

PROHIBITED

Prohibited AI Practices

Article 5
€35M or 7% global turnover

Examples

  • Social scoring systems by public authorities
  • Subliminal or manipulative AI techniques
  • Exploitation of vulnerabilities (age, disability)
  • Real-time remote biometric identification in public spaces

Obligations

  • Immediate cessation required
  • No derogations available
  • Criminal liability possible
HIGH RISK

High-Risk AI Systems

Annex III
€15M or 3% global turnover

Examples

  • Employment screening, CV/résumé scoring
  • Credit scoring and financial assessment
  • Critical infrastructure management
  • Educational assessment and admissions

Obligations

  • Annex IV technical documentation
  • Conformity assessment before deployment
  • Human oversight mechanisms (Art. 14)
  • Post-market monitoring (Art. 72)
  • EU database registration
  • Fundamental rights impact assessment
LIMITED RISK

Limited Risk AI

Article 52
€7.5M or 1.5% global turnover

Examples

  • Chatbots and conversational AI
  • AI-generated synthetic media
  • Deepfake content generation
  • AI-generated text, images, audio

Obligations

  • Disclose AI nature to users
  • Label synthetic content
  • Transparency about AI interaction
MINIMAL RISK

Minimal Risk AI

Recital 43
No mandatory obligations

Examples

  • Spam and content filters
  • AI in video games
  • Simple recommendation engines
  • Predictive text / autocomplete

Obligations

  • No mandatory obligations
  • Voluntary codes of conduct recommended
Annex III

High-risk AI system categories

Annex III lists the eight categories of AI systems classified as high-risk regardless of deployment context.

1

Critical Infrastructure

Energy grid management, water supply, transport systems

2

Education & Vocational Training

Student assessment, admissions, personalised learning

3

Employment & Worker Management

CV screening, performance monitoring, task allocation

4

Access to Essential Services

Credit scoring, insurance risk, social benefits eligibility

5

Law Enforcement

Risk profiling, evidence reliability assessment, crime prediction

6

Migration & Asylum

Visa risk assessment, document authentication, threat detection

7

Administration of Justice

Legal research assistance, case outcome prediction

8

Democratic Processes

Voter profiling, election infrastructure, influence detection

Penalties & Enforcement

The cost of non-compliance

Prohibited AI violations

Whichever is higher
€35,000,000
or 7% of global annual turnover

High-risk AI non-compliance

Whichever is higher
€15,000,000
or 3% of global annual turnover

Incorrect information to authorities

Whichever is higher
€7,500,000
or 1.5% of global annual turnover
EU AI Act Enforcement: 2 August 2026

Know your AI systems.
Govern your risk.

Join the enterprises building defensible, auditable AI compliance infrastructure. Full visibility into every AI system — from first commit to live inference.

No source code retention SOC2 architecture ISO 42001 aligned Dedicated enterprise support