EU AI Act implementation

Europe’s artificial intelligence law stopped being a distant threat on 2 August 2025, when the rules for general-purpose artificial intelligence models started to apply across the European Union. That means the companies behind foundation models now have live obligations, not draft talking points. (digital-strategy.ec.europa.eu) A general-purpose artificial intelligence model is the base layer that can be dropped into many products, the way an engine can power a sedan, a van, or a truck. The European Commission says these models must be able to perform a wide range of distinct tasks and be integrated into many downstream systems. (digital-strategy.ec.europa.eu) The new duties are concrete. Providers must prepare technical documentation, put in place a copyright policy, and publish a summary of the content used for training. (digital-strategy.ec.europa.eu) The toughest layer applies to models with “systemic risk,” which is Brussels’ label for models so capable or so widely impactful that a failure could ripple across the market. For those models, providers must notify the European Commission, assess and mitigate risk, report serious incidents, and maintain cybersecurity protections. (digital-strategy.ec.europa.eu) This is why the latest implementation work matters more than the original political deal. The European Commission spent 2024 and 2025 moving from broad lawmaking into operating manuals, including a Code of Practice published on 10 July 2025 and formal guidelines published on 18 July 2025. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) Those guidelines were written to answer a basic question companies kept asking: does my model count, and if it does, what exactly do I owe? The Commission says the guidance is meant to clarify scope, lifecycle obligations, systemic-risk criteria, and notification duties before enforcement hardens. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) The Code of Practice is voluntary, but it is not decorative. The Commission and member states said providers that sign and follow it can get lower compliance burden and more legal certainty when showing they meet the law. (digital-strategy.ec.europa.eu) The pressure is not only on model makers in Paris or Berlin. The Artificial Intelligence Act applies to providers placing systems on the European Union market and to deployers using them in the bloc, so a company running cross-border workloads from the United States can still be pulled into the rulebook if its models or services land in Europe. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) The timeline is staggered, which is why this story keeps resurfacing in pieces. The Commission published guidelines on prohibited artificial intelligence practices on 4 February 2025, general-purpose model obligations began on 2 August 2025, and other parts of the law continue phasing in after that. (digital-strategy.ec.europa.eu) (digital-strategy.ec.europa.eu) So the shift in Europe is not “we passed an artificial intelligence law.” The shift is that Brussels is now deciding the paperwork, reporting channels, and access rules that turn a 2024 regulation into a 2026 compliance system companies have to build around. (digital-strategy.ec.europa.eu) (digital-strategy.ec.europa.eu)