EU AI Act Compliance Countdown Begins as Germany Approves

Why it matters

- The EU AI Act introduces a tiered approach to regulation, categorizing AI systems as posing unacceptable, high, limited, or minimal risk. Systems deemed an "unacceptable risk," such as those used for social scoring or exploiting vulnerabilities, are prohibited. High-risk systems, including those in critical infrastructure, medical devices, and law enforcement, face stringent requirements. - Providers of high-risk AI systems must implement a comprehensive risk management system for the entire lifecycle of the AI. This includes ensuring high-quality data governance to prevent biases, maintaining detailed technical documentation, and enabling human oversight to minimize risks to health, safety, and fundamental rights. - The regulation establishes a European AI Office to oversee the implementation and enforcement of the Act, particularly for general-purpose AI (GPAI) models. This office will develop evaluation methodologies, investigate potential rule infringements, and promote a consistent application of the law across all 27 member states. - The Act defines specific obligations for providers of general-purpose AI (GPAI) models, with stricter rules for models classified as presenting "systemic risk". A GPAI model is presumed to have systemic risk if the computing power used for its training exceeds 10^25 floating point operations (FLOPs). - Fines for non-compliance are substantial and can reach up to €35 million or 7% of a company's total worldwide annual turnover for the preceding financial year, whichever is higher, for violations related to prohibited AI practices. For other infringements, such as non-compliance with requirements for high-risk systems, fines can be up to €15 million or 3% of global turnover. - The compliance timeline is staggered. The ban on prohibited AI practices began to apply in February 2025. Obligations for general-purpose AI models will come into effect in August 2025, while the comprehensive rules for high-risk AI systems will be fully applicable by August 2026. An extended transition period until August 2027 is provided for high-risk AI systems that are embedded into regulated products.

Key numbers

• This office will develop evaluation methodologies, investigate potential rule infringements, and promote a consistent application of the law across all 27 member states.
• A GPAI model is presumed to have systemic risk if the computing power used for its training exceeds 10^25 floating point operations (FLOPs).
• Fines for non-compliance are substantial and can reach up to €35 million or 7% of a company's total worldwide annual turnover for the preceding financial year, whichever is higher, for violations related to prohibited AI practices.
• For other infringements, such as non-compliance with requirements for high-risk systems, fines can be up to €15 million or 3% of global turnover.

What happens next

• This office will develop evaluation methodologies, investigate potential rule infringements, and promote a consistent application of the law across all 27 member states.
• Obligations for general-purpose AI models will come into effect in August 2025, while the comprehensive rules for high-risk AI systems will be fully applicable by August 2026.

Sources

• has greenlit
• voiced concerns
• The EU AI Act introduces
• Systems deemed an "unacceptable
• High-risk systems, including
• Providers of high-risk
• This includes ensuring
• The regulation establishes
• This office will develop
• A GPAI model is presumed
• Fines for non-compliance
• For other infringements
• Obligations for general-purpose

Quick answers