EU AI Act Enters Active Enforcement Phase

- Enforcement is staggered, with the ban on "unacceptable risk" AI—such as government social scoring and untargeted facial image scraping—having been in effect since February 2025. Rules for general-purpose AI models will apply from August 2025, followed by the main rules for high-risk systems in August 2026. - A new European AI Office has been established within the European Commission to directly supervise and enforce the rules for general-purpose AI models. Enforcement for other AI systems is handled by national competent authorities in each member state, with the AI Office acting as a central coordinator. - The penalty structure is tiered: violations involving prohibited AI practices face fines up to €35 million or 7% of global turnover. Breaches of other obligations, such as those for high-risk systems, can result in fines up to €15 million or 3%, while supplying incorrect information can lead to fines of up to €7.5 million or 1.5% of turnover. - The European Parliament specifically added AI systems "used to influence voters in political campaigns" to the list of high-risk applications. This category also includes AI used for biometric identification, managing critical infrastructure, and determining access to essential public services, all of which are relevant to government and public sector clients. - For systems deemed "limited risk," such as chatbots or AI-generated content (deepfakes), the primary obligation is transparency. Users must be clearly informed that they are interacting with an AI system or that the content they are viewing is synthetically generated. - In contrast to the EU's comprehensive legal framework, the UK has adopted a decentralized, principles-based model that relies on existing regulators to govern AI within their specific sectors. Meanwhile, Canada's proposed Artificial Intelligence and Data Act (AIDA) directly incorporates a risk-based approach similar to the EU's model.