Compliance & Regulatory
EU AI Act
The European Union's comprehensive regulation governing the development and use of AI systems.
The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, adopted by the European Parliament in 2024. It establishes a risk-based approach to AI regulation with four tiers:
- Unacceptable risk: AI systems that are banned outright (social scoring, real-time biometric surveillance in public spaces)
- High risk: AI used in critical domains (employment, credit, education, law enforcement) — subject to conformity assessments, documentation, and human oversight requirements
- Limited risk: AI with specific transparency obligations (chatbots must disclose they're AI, deepfakes must be labeled)
- Minimal risk: Most AI applications, subject to voluntary codes of conduct
Key compliance dates: prohibited AI practices took effect February 2025; high-risk system requirements take full effect August 2, 2026. The Act applies to any organization offering AI systems or deploying AI within the EU, regardless of where the organization is headquartered.
Why it matters
If your organization has EU customers, employees, or operations, the EU AI Act likely applies to you. Compliance requires an AI inventory, risk assessments, documentation, and human oversight — all of which require operational tooling, not just legal review.