EU AI Act Enforcement Begins with Heavy Fines

- The Act's enforcement is staggered over several years; rules banning specific AI practices like social scoring began in February 2025, while obligations for general-purpose AI models start in August 2025, and the comprehensive rules for high-risk systems will apply from August 2026. - Fines are tiered based on the severity of the violation; the €35 million or 7% of global turnover figure applies to prohibited AI practices, while other violations, such as non-compliance with data governance or transparency rules, face penalties of up to €20 million or 4% of turnover. - Specific examples of "high-risk" AI systems relevant to public agencies include those used for managing critical infrastructure, determining access to public services and benefits, and AI used in recruitment or worker management. - A new European AI Office has been established within the European Commission to oversee the regulation's implementation, support member states, and directly enforce the rules for general-purpose AI models. - While it complements the GDPR, the AI Act is structured more like product safety legislation, requiring mandatory pre-market conformity assessments and EU database registration for high-risk systems before they can be deployed. - To encourage innovation within the new regulatory framework, the Act requires all EU member states to establish at least one "AI regulatory sandbox" by August 2026, allowing companies and public authorities to test AI systems in a controlled environment. - The Act's implementation runs in parallel with the European Accessibility Act (EAA), which became enforceable in June 2025 and requires digital services to meet accessibility standards, a rule that applies to AI-driven public interfaces. - Similar to the GDPR, the AI Act has an extraterritorial reach, applying to any organization that provides or deploys an AI system whose output is used in the EU