European Union AI Act Enters Into Force: Compliance Rules for Tech Companies
The European Union AI Act has officially entered into force, establishing the world's first comprehensive legal framework for artificial intelligence. Penalties for non-compliance could reach 7% of global annual turnover.
Do not wait for legal to prompt you. AI PMs must map all active models and features against the EU risk tiers. High-risk features require detailed documentation and audit trails. Building these logging and compliance hooks into your sprint cycles today prevents costly re-engineering when enforcement deadlines hit.
Enforcement begins in phases, starting with prohibited practices in late 2026.
Tiered Risk Framework
The EU AI Act categorizes AI systems into four risk levels.
- unacceptable
- high
- limited
- minimal
High-risk systems—such as those used in biometrics, critical infrastructure, and recruitment—face strict requirements including mandatory human oversight, detailed logging, and rigorous cybersecurity frameworks before they can enter the EU market.
Impact on Foundation Model Providers
Providers of general-purpose AI (GPAI) models must adhere to transparency requirements, publish summaries of training data, and respect copyright laws. Very powerful models with systemic risks face additional obligations, including adversarial testing (red-teaming) and incident reporting.
Frequently Asked Questions
Bans on prohibited practices apply in 6 months, rules on General Purpose AI models apply in 12 months, and full obligations for high-risk systems apply in 24 months.