Artificial Intelligence is transforming our world — but it also brings profound ethical, legal, and societal challenges. In response, the European Union has enacted the AI Act, which has gradually taken effect since February 2025.
The Act is the world’s first comprehensive law aimed at regulating the use and development of AI systems. If your company operates in the EU, uses AI, or markets AI-powered products or services, here is a short breakdown of the Act and how to prepare.
What is the EU Artificial Intelligence Act?
The EU AI Act is a landmark regulation that introduces a risk-based framework for the use, development, and deployment of artificial intelligence systems across the European Union. It defines what constitutes an AI system, sets obligations depending on the risk level of a given system, and enforces transparency, safety, and accountability requirements.
Key definitions in the Act:
- AI system: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.
- General-purpose AI (GPAI): ‘General-purpose AI system’ means an AI system that is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems.
- High-risk AI: In a very general way, these systems that pose significant threats to people’s health, safety, or fundamental rights.
Why has the EU enacted the AI Act?
The EU has implemented the AI Act to promote the development of trustworthy AI that upholds European values and fundamental rights. It aims to prevent the misuse of AI technologies - such as mass surveillance or social scoring – and protect citizens from biased or harmful algorithmic outcomes.
At the same time, the Act encourages innovation through tools like regulatory sandboxes while ensuring fair competition. Strategically, the legislation positions the EU as a global leader in AI governance, much like it did with GDPR in the area of data protection.
What exactly does the EU AI Act mean for European businesses?
The AI Act imposes specific responsibilities on European businesses depending on their role and the risk level of the AI systems they use or provide.
- Providers of high-risk AI systems must conduct conformity assessments (internally or through notified bodies), implement post-market monitoring, ensure robust cybersecurity and data quality, maintain detailed records, and potentially carry out a Fundamental Rights Impact Assessment (FRIA).
- Deployers of AI systems are required to inform users when interacting with AI (such as chatbots), disclose if content is AI-generated or manipulated, and notify employees if AI is used in workplace contexts.
- Providers of General-Purpose AI (GPAI) models must maintain technical documentation, provide summaries of training data, comply with EU copyright rules, and, for models above the 1025 FLOPs threshold, monitor and mitigate systemic risks.
Additionally, all businesses must avoid prohibited practices, including (but not limited to) manipulative AI, emotion recognition in sensitive settings like schools or workplaces, and the untargeted scraping of biometric data. The obligation to promote AI literacy applies to all providers and deployers of an AI system.
Potential hurdles for complying with the EU AI Act
The EU AI Act is well-intentioned. However, the Act presents substantial compliance hurdles, especially for startups and small and medium enterprises (SMEs), as they may face the following challenges:
- Businesses must navigate complex classifications, with currently still vague definitions, which are not yet determined by case law, making system categorization difficult.
- Compliance costs are also high for high-risk systems, requiring expensive testing, documentation, and legal reviews.
- There are also gaps in standardization, with many standards (e.g., watermarking, explainability) still being developed.
- Companies also face the challenge of aligning AI compliance with existing regulations such as GDPR, product safety, and labor laws.
- There are also concerns about open-source developers and academic researchers encountering grey areas within current exemptions.
Benefits of the AI Act for businesses
While the EU AI Act raises compliance hurdles as outlined above, it offers valuable benefits:
- Businesses complying with the Act build customer trust in an era of growing concern over AI’s impact on society.
- Compliance further positions businesses as first movers, which in turn allows them to help shape industry standards.
- Finally, aligning with the Act provides future-proofing as global regulatory frameworks evolve and expand across the globe.
Checklist: What is the best way to comply with the AI Act?
The best approach is proactive readiness. In the following, we have compiled a short checklist of compliance measures for companies navigating the EU AI Act:
- Map all AI systems in use or development (AI Inventory).
- Classify AI use cases and tools by risk level.
- Identify legal obligations, including copyright law and data protection law, depending on your role as provider, deployer or importer for each system type.
- Start building internal compliance and organizational structures (e.g., AI guidelines, AI literacy including training, and FRIA templates).
- Monitor standardization updates and guidance from the EU AI Office.
- Consider participating in regulatory sandboxes to test innovative solutions with regulatory oversight.
- Install a lifecycle management, e.g., best practices and controls of already implemented compliance structures.
Innovation requires responsibility
The EU AI Act presents significant new challenges for businesses, as extensive adjustments in processes and technologies are required. Innovation in AI comes with great responsibility. The EU AI Act is a milestone for responsible AI regulation, and a wake-up call for businesses that AI is no longer a legal grey zone. By treating compliance not just as a legal hurdle but as a trust-building tool, companies can navigate the AI Act with confidence and lead in the next wave of ethical innovation.
Disclaimer:
The information provided about the AI Act is for general informational purposes only and does not constitute legal advice. Despite the utmost care taken in creating this document, it does not claim to be exhaustive or accurate.
![[Translate to English:]](/fileadmin/_processed_/b/b/csm_Composing-911143711-PSIwms-AI-Vergleich_416bb8da0a.jpg "[Translate to English:]")
![[Translate to English:] Montage: zhengzaishanchu, Fotolia.com und psdesign1 - AdobeStock.com](/fileadmin/_processed_/8/e/csm_Blog-header_Artikel_WFM_PSIcommand_13f6c1af4f.jpg)
