EU AI Act reshapes sovereignty

The AI Act was published in the Official Journal on 12 July 2024 and entered into force on 1 August 2024, with staggered application of provisions—prohibitions on certain AI practices began on 2 February 2025 and the bulk of high‑risk obligations took effect on 2 August 2026 (with further dates extending to 2 August 2027). (eur-lex.europa.eu (eur-lex.europa.eu)) The law’s scope reaches non‑EU actors: Article 2 applies to providers placing AI systems or general‑purpose models “in the Union” and to third‑country providers and deployers whose systems’ outputs are used within the EU, creating output‑based extraterritorial jurisdiction. (artificialintelligenceact.eu (artificialintelligenceact.eu)) Article 2 includes two research exemptions—Article 2(6) for AI developed and put into service exclusively for scientific research and Article 2(8) for development/testing prior to market placement—and the European Commission has listed clarification of those exemptions as a 2026 guidance priority. (digital-strategy.ec.europa.eu (digital-strategy.ec.europa.eu)) The European Data Protection Board published final guidance on transfers to third‑country authorities on 5 June 2025, adding a parallel GDPR compliance layer that research teams handling EU personal or health data must satisfy alongside AI Act obligations. (edpb.europa.eu (edpb.europa.eu)) Legal scholars and industry groups warn the research exemptions are ambiguous in practice—academic analysis says the two exemptions raise interpretive uncertainties about “placing on the market” and real‑world testing, while EFPIA has argued the exemptions should cover AI tools used in medicines R&D. (academic.oup.com (academic.oup.com)) (healthcarelifesciences.bakermckenzie.com (healthcarelifesciences.bakermckenzie.com)) The Act automatically treats many AI‑enabled clinical decision support systems as high‑risk and imposes lifecycle, data‑governance and human‑oversight obligations, while AI embedded in medical devices may trigger dual compliance with the AI Act and the Medical Device Regulation requiring notified‑body conformity assessment. (jmir.org (jmir.org)) (taylorwessing.com (taylorwessing.com)) Enforcement carries heavy penalties: infringements of prohibited practices can draw fines up to €35 million or 7% of worldwide annual turnover, other operator‑related breaches up to €15 million or 3% of turnover, and EU market surveillance and investigations into alleged non‑compliance were reported as active in 2026. (ai‑act‑service‑desk.ec.europa.eu (ai-act-service-desk.ec.europa.eu)) (aiwire.ai (aiwire.ai)) EU officials and policy analysts describe the Act as a pillar of European digital sovereignty and strategic autonomy, and commentators note it has already become a focal point in transatlantic tech policy debates over standards, data flows and potential trade frictions. (atlanticcouncil.org (atlanticcouncil.org)) (thinkeuropa.dk (thinkeuropa.dk))