EU AI Act Greenlit by Member States

- The Act categorizes AI systems into four risk levels: unacceptable, high, limited, and minimal. Systems deemed "unacceptable risk," such as those for social scoring or manipulating human behavior, are prohibited. - Enforcement is handled by a newly established European AI Office at the EU level, which has exclusive power over general-purpose AI models, and by national competent authorities in each member state. - Non-compliance can lead to significant fines, with the most severe penalties for prohibited AI practices reaching up to €35 million or 7% of a company's total worldwide annual turnover, whichever is higher. Fines for other violations, like providing misleading information, can be up to €7.5 million or 1% of global turnover. - The law has a staggered implementation timeline. A ban on prohibited AI systems began in early 2025, rules for general-purpose AI models apply from August 2025, and the majority of rules, including those for high-risk systems, will be in force by August 2026. - The regulation introduces specific rules for general-purpose AI (GPAI) models, which are categorized as either standard or "systemic risk" based on the computing power used for training (a threshold of 10^25 FLOPs). All GPAI providers must create technical documentation and respect copyright law, while those with systemic risk models face stricter obligations. - The legislation is expected to have a global impact, often referred to as the "Brussels Effect," influencing AI regulations worldwide much like the GDPR did for data privacy. Any company placing an AI system on the EU market or whose system's output is used in the EU will be subject to the rules. - To aid compliance and innovation, the Act provides for "regulatory sandboxes," which are controlled environments where companies, particularly small and medium-sized enterprises, can test their AI systems with the guidance of national authorities.