EU AI Act Tightens

Europe’s Artificial Intelligence Act is no longer a policy sketch: key bans already apply, general-purpose model rules started in August 2025, and the next big compliance wave is now tied to hard dates. (digital-strategy.ec.europa.eu) The law entered into force on August 1, 2024. The European Commission says prohibited AI practices and AI literacy duties started applying on February 2, 2025, while the full act becomes applicable on August 2, 2026, with later deadlines for some high-risk systems. (digital-strategy.ec.europa.eu) Those high-risk systems include AI used in critical infrastructure, education, hiring, worker management, credit scoring, public benefits, law enforcement, migration, and parts of the justice system. Annex III specifically names recruitment tools, student assessment systems, and creditworthiness scoring among the covered uses. (ai-act-service-desk.ec.europa.eu) The deadline depends on the type of system. The Commission says the latest application date is December 2, 2027 for high-risk systems listed in Annex III, while some product-safety systems covered by other European Union laws run to August 2, 2028. (digital-strategy.ec.europa.eu) That matters because compliance is not just a promise to “use AI responsibly.” For high-risk systems, providers must show risk management, data governance, record-keeping, transparency, human oversight, accuracy, robustness, cybersecurity, quality management, and conformity assessment before putting systems on the market. (digital-strategy.ec.europa.eu) The proof machinery is still being built in public. The Commission says European standards bodies CEN and CENELEC are drafting harmonised standards in ten areas, and the first draft AI quality-management standard entered public enquiry on October 30, 2025. (digital-strategy.ec.europa.eu) Conformity assessment is the checkpoint that turns legal text into a market test. Article 43 says some high-risk providers can use internal control if they apply harmonised standards, while others may need a notified body to assess their quality system and technical documentation. (artificialintelligenceact.eu) Europe has already started using softer tools to bridge the gap. The General-Purpose Artificial Intelligence Code of Practice was published on July 10, 2025 as a voluntary route for model providers to show compliance, and the Commission and the Artificial Intelligence Board said signatories get more legal certainty and lower administrative burden. (digital-strategy.ec.europa.eu) General-purpose model rules are already live. The Commission said on August 1, 2025 that providers must meet transparency and copyright duties from August 2, 2025, and models already on the market before that date have until August 2, 2027 to comply. (digital-strategy.ec.europa.eu) The enforcement stakes are large enough that timing now matters as much as theory. Under Article 99, breaches can draw fines up to 35 million euros or 7 percent of global annual turnover for the most serious violations, with lower tiers for other breaches and for misleading regulators. (artificialintelligenceact.eu)