EU Artificial Intelligence Act
- Organization
- European Union
- Official URL
- View framework (opens in new tab)
The world's first comprehensive legal framework for AI, establishing a risk-based classification system with binding requirements for AI system providers and deployers operating in the EU market.
The EU Artificial Intelligence Act, which entered into force in August 2024 with phased implementation through 2027, represents the first comprehensive legal framework governing AI systems globally. The regulation establishes a risk-based approach that categorizes AI applications according to their potential to cause harm, with corresponding obligations scaling from minimal to prohibitive.
The Act defines four risk tiers. Unacceptable risk AI practices are prohibited outright, including social scoring systems, manipulative AI targeting vulnerable populations, and most real-time biometric identification in public spaces. High-risk AI systems, such as those used in critical infrastructure, education, employment, law enforcement, and migration, must comply with extensive requirements including risk management, data quality, documentation, transparency, human oversight, and accuracy standards. Limited risk systems face transparency obligations, while minimal risk applications are largely unregulated.
A significant addition to the final text addresses general-purpose AI (GPAI) models, establishing baseline obligations for all GPAI providers and enhanced requirements for models assessed as posing systemic risk. The Act’s extraterritorial scope means it applies to any organization placing AI systems on the EU market or whose AI outputs affect persons within the EU, regardless of where the organization is established.
Controls
| ID | Control | Description |
|---|---|---|
| RISK-CLASS | Risk Classification | Categorizes AI systems into unacceptable, high, limited, and minimal risk tiers with corresponding obligations. |
| HIGH-RISK | High-Risk Requirements | Mandates risk management systems, data governance, technical documentation, transparency, human oversight, and accuracy for high-risk AI. |
| PROHIBITED | Prohibited Practices | Bans AI systems for social scoring, real-time biometric identification in public spaces (with exceptions), manipulation of vulnerable groups, and subliminal manipulation. |
| TRANSPARENCY | Transparency Obligations | Requires disclosure of AI-generated content, chatbot interactions, and emotion recognition or biometric categorization systems. |
| GPAI | General-Purpose AI | Establishes obligations for providers of general-purpose AI models, with additional requirements for models posing systemic risk. |
Other Frameworks
Last updated: 2026-02-25
→ AI Risk Resources & Regulatory Frameworks · → All frameworks