EU AI Act enacted

The regulation was published in the Official Journal on 12 July 2024 (eur-lex.europa.eu) and formally entered into force on 1 August 2024 (commission.europa.eu). The Act’s requirements are being applied in phases: banned‑practice rules began six months after entry (2 Feb 2025) (mayerbrown.com), general‑purpose‑AI obligations and governance milestones kicked in on 2 Aug 2025 (ai-act-service-desk.ec.europa.eu), and the bulk of high‑risk rules became applicable on 2 Aug 2026. (artificialintelligenceact.eu) Providers who had placed general‑purpose AI models on the market before 2 Aug 2025 must achieve compliance by 2 Aug 2027, creating a defined two‑year legacy compliance window for early GPAI deployments. (artificialintelligenceact.eu) Enforcement will be handled by a new European AI Office alongside national market surveillance authorities, with Member States required to designate at least one market surveillance authority under Article 70 to carry out investigations and sanctions. (digital-strategy.ec.europa.eu) Non‑compliance carries tiered administrative fines: up to €35,000,000 or 7% of worldwide annual turnover for the most serious breaches, up to €15,000,000 or 3% for major operator/deployer obligations, and up to €7,500,000 or 1% for supplying incorrect or misleading information. (artificialintelligenceact.eu) Industry moves are already concrete: Anthropic announced a Safeguards Research Team led by Mrinank Sharma to work on jailbreak robustness and monitoring techniques (alignment.anthropic.com) and is actively recruiting roles such as a Technical Scaled Abuse Threat Investigator to detect and disrupt large‑scale misuse. (job-boards.greenhouse.io); separately, Gartner forecasted that by 2028 half of enterprise incident‑response efforts will focus on incidents involving custom AI applications. (gartner.com)