New Tools Emerge for Automated EU AI Act Compliance

- The EU AI Act is being implemented in phases; rules banning certain "unacceptable risk" AI practices began applying as of February 2025, with the majority of rules, including those for high-risk systems and transparency, becoming enforceable by August 2, 2026. - The regulation categorizes AI systems into four tiers of risk: unacceptable (which are banned), high-risk, limited-risk, and minimal-risk. Prohibited applications include social scoring systems, cognitive behavioral manipulation, and most real-time remote biometric identification in public spaces. - High-risk AI systems, such as those used in critical infrastructure, employment, or law enforcement, face stringent obligations. These include requirements for continuous risk management, high-quality data governance to prevent bias, detailed technical documentation, human oversight, and a high level of cybersecurity and robustness. - The penalty structure for non-compliance is severe, with fines for using prohibited AI systems reaching up to €35 million or 7% of a company's total worldwide annual turnover, whichever is higher. - Providing incorrect or misleading information to authorities can result in fines of up to €7.5 million or 1% of global turnover. - By August 2, 2026, deployers of AI systems that generate or manipulate image, audio, or video content constituting a "deepfake" must disclose that the content is artificial. Similar transparency rules apply to AI-generated text published to inform the public on matters of interest, unless it has undergone human editorial review. - To facilitate compliance with transparency rules, the European Commission is developing a Code of Practice, expected by mid-2026, which will provide guidance on labeling, watermarking, and other technical measures to identify AI-generated content.