# EU AI Act — Regulation (EU) 2024/1689 **Primary source:** EUR-Lex — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689 **Official citation:** Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence. **In force:** August 1, 2024. Most obligations apply on a rolling basis between August 2025 and August 2027. --- ## Key Dates | Date | Obligation | |------|-----------| | 2025-02-02 | Prohibited AI practices (Article 5) and AI literacy (Article 4) apply | | 2025-08-02 | GPAI model obligations apply; notified bodies can begin conformity assessments | | 2026-08-02 | High-risk AI system obligations (Annex III) apply; deployers of embedded high-risk AI in products | | 2027-08-02 | High-risk AI in products already CE-marked under existing directives | Source: Regulation (EU) 2024/1689, Article 113 — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689 --- ## Risk Tiers ### Unacceptable Risk (Prohibited) — Article 5 AI systems that are banned outright, including: social scoring, real-time remote biometric identification in public spaces (with narrow exceptions), subliminal manipulation, exploitation of vulnerabilities, and AI-enabled profiling of individuals based on biometric categorisation for law-enforcement inference. ### High Risk — Annex III AI systems used in: biometric identification and categorisation, management of critical infrastructure, educational and vocational assessment, employment screening and management, access to essential private and public services, law enforcement, migration and border control, administration of justice. High-risk AI systems require: conformity assessment, Annex IV technical documentation, quality management system, human oversight measures, accuracy and robustness testing, registration in the EU database, and post-market monitoring. ### Limited Risk — Articles 50–52 Chatbots and emotion-recognition systems must disclose to users that they are interacting with AI. ### Minimal Risk No mandatory obligations beyond general principles. Voluntary codes of practice encouraged. --- ## Who Must Comply - **Providers** — entities that develop AI systems and place them on the EU market or put them into service in the EU. - **Deployers** — entities that use AI systems in a professional context within the EU. - **Importers and distributors** — entities in the supply chain for AI products. SMEs using off-the-shelf AI tools (e.g. ChatGPT, Copilot) are **deployers** and must ensure compliance with Article 4 (AI literacy) and check whether any tools fall under Annex III. --- ## Maximum Penalties - €35,000,000 or 7% of global annual turnover — prohibited AI practices (Article 99(3)) - €15,000,000 or 3% of global annual turnover — other violations (Article 99(4)) - €7,500,000 or 1.5% of global annual turnover — incorrect information to authorities (Article 99(5)) --- ## SME Guidance The AI Act includes proportionality provisions for SMEs (Article 2(8), Article 55). Micro and small enterprises may use simplified technical documentation templates. National competent authorities must support SMEs with compliance sandboxes (Article 57). The EU AI Office provides guidance: https://digital-strategy.ec.europa.eu/en/policies/eu-office-ai --- ## Canonical Pages (EuroComply) - Full guide: https://eurocomply.app/regulations/ai-act - SME compliance guide: https://eurocomply.app/ai-act-sme-compliance - SME checklist: https://eurocomply.app/ai-act-checklist-sme - Key deadlines: https://eurocomply.app/ai-act-deadline-sme - AI X-Ray tool: https://eurocomply.app/tools/ai-xray --- Last updated: 2026-05-12