EU AI Act (Regulation 2024/1689)
Regulation (EU) 2024/1689, commonly the "EU AI Act," is the first comprehensive horizontal AI law worldwide. It entered into force on 1 August 2024 and applies in phases through 2 August 2027. It classifies AI systems by risk (prohibited, high-risk, limited-risk, minimal) and imposes obligations primarily on providers and deployers — including non-EU organisations placing AI systems on the EU market or whose AI output is used in the EU. General-purpose AI (GPAI) models, including foundation models, have a separate obligations regime under Articles 53-55.
Overview
The EU AI Act's defining design choice is its risk-based scope: rather than regulating AI as a single category, it carves out four risk tiers and applies proportionate obligations to each. Most AI systems in the market fall into "minimal risk" and carry no Act-specific obligations. A second band — chatbots, emotion-recognition systems, deepfakes — carries transparency obligations under Article 50 (essentially: tell the user they are interacting with AI). The Act's teeth are in the "high-risk" band (Article 6, defined by use in safety components of regulated products, or by inclusion in Annex III sectors like employment, education, law enforcement, critical infrastructure, biometric ID, and access to public services). Prohibited AI under Article 5 — social scoring, untargeted face-scraping, manipulative subliminal techniques, emotion-recognition in workplaces or schools — carries the heaviest penalties and was the first phase to become applicable, on 2 February 2025.
The extraterritorial reach is significant. The Act applies to providers placing AI systems on the EU market regardless of where the provider is established, and to deployers in the EU. Critically, it also applies to providers and deployers outside the EU where the AI system's output is used in the EU (Article 2(1)(c)). For a US SaaS company whose product is used by EU customers — even just one EU customer — the Act can apply.
The GPAI regime (Articles 53-55, effective 2 August 2025) is the most globally consequential piece. It applies to foundation-model providers regardless of jurisdiction if the model is placed on the EU market. The threshold for "systemic risk" (Article 51, currently >10^25 training FLOPs) captures all the frontier labs. Even non-systemic GPAI providers must publish training-data summaries and maintain documentation that downstream deployers can use for their own compliance — making upstream AI supply-chain transparency, for the first time, a legal requirement.
For agentic AI specifically, the Act does not yet have agent-specific provisions, but agentic systems will frequently fall into "high-risk" categories — particularly those operating in employment, credit-scoring, critical-infrastructure, or law-enforcement contexts. Human oversight requirements under Article 14 ("effective oversight by natural persons" with "the ability to fully understand the capacities and limitations of the high-risk AI system") are the closest direct hook, and they read as if the Singapore MGF Agentic's second dimension had been promoted to statute.
Does This Apply to Your Organization?
A five-minute self-assessment. If you answer "yes" to any of the questions below, this framework is directly relevant to your AI governance program.
-
Do you place an AI system on the EU market or put it into service in the EU?
Includes selling, providing for use under your own name or trademark, or making the system available for distribution or use in the EU — even free of charge.
-
Are you a deployer (user under your authority) of an AI system in the EU?
Deployer obligations under Article 26 apply when the deployer is established or located in the EU, regardless of where the AI system was provided.
-
Is the output of your AI system used in the EU, even if you and the system are outside the EU?
Article 2(1)(c) extends the Act to providers and deployers outside the EU where the AI output is used in the EU. A US-based AI service whose API responses reach EU end-users is in scope.
-
Do you provide a general-purpose AI model (foundation model, multimodal model, large language model)?
GPAI obligations apply regardless of risk tier of downstream applications. Systemic-risk obligations apply above the 10^25 FLOPs training threshold or by Commission designation.
-
Does your AI system fall into any Annex III use case (employment, education, credit, public services, law enforcement, biometrics, critical infrastructure, justice)?
These are presumptively high-risk and trigger the full Article 9-15 obligation set. Verify against the specific Annex III sub-categories, including any narrow exemptions in Article 6(3).
-
Does your AI system interact with humans, generate synthetic content, perform emotion recognition, or do biometric categorisation outside the high-risk and prohibited bands?
Article 50 transparency obligations apply — disclose AI use to the user, label synthetic content, etc.
Framework Components
Risk-based classification
AI systems are classified into four tiers: prohibited (Article 5), high-risk (Article 6 + Annexes I, III), limited-risk subject to transparency obligations (Article 50), and minimal risk (encouraged but not regulated). Classification determines the obligation set.
Obligations on providers and deployers
High-risk AI providers must implement a risk-management system (Art. 9), data governance (Art. 10), technical documentation (Art. 11 + Annex IV), record-keeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy/robustness/cybersecurity (Art. 15), quality-management system (Art. 17), and conformity assessment (Art. 43). Deployers carry their own obligations under Article 26.
General-purpose AI (GPAI) regime
GPAI model providers must publish a sufficiently detailed summary of training content (Art. 53(1)(d)), maintain technical documentation (Art. 53(1)(a)-(b)), comply with EU copyright law, and — for GPAI with systemic risk (Art. 55, currently models trained with >10^25 FLOPs) — perform model evaluations, assess and mitigate systemic risks, track and report serious incidents, and ensure adequate cybersecurity.
Enforcement, penalties, and governance
Penalties scale by violation: up to €35M or 7% of global annual turnover (whichever higher) for prohibited-AI violations; up to €15M or 3% for high-risk obligation breaches; up to €7.5M or 1% for incorrect information to authorities. Enforcement is decentralised through national market-surveillance authorities, coordinated by the EU AI Office and AI Board.
How to Apply This Framework
A staged path from "we should look at this" to "this is part of how we ship."
Scope assessment and classification
2-3 weeks
Map every AI system you provide or deploy. For each, determine whether the Act applies (Article 2) and which risk tier (Articles 5, 6, 50, or minimal). Document the classification with the reasoning. This is the foundation of every other compliance step.
Article-9 risk-management system + Annex IV technical file
8-12 weeks per high-risk system
For each high-risk system: stand up a continuous risk-management process (Art. 9), document the data-governance practices behind training/validation/testing datasets (Art. 10), assemble the Annex IV technical file (Art. 11), and design human-oversight controls (Art. 14). This is the bulk of the compliance work.
Quality-management system + conformity assessment
6-10 weeks
Stand up an Article-17 quality-management system covering compliance strategy, design control, testing, technical-file production, change management, post-market monitoring, and serious-incident reporting. Decide between internal control (Annex VI) or notified-body assessment (Annex VII) and prepare accordingly.
Deployer obligations + post-market monitoring
Ongoing
For systems you deploy, instrument Article-26 operations: use per provider instructions, ensure relevant input data, monitor performance, retain logs, communicate to affected persons where required, and report serious incidents under Article 73. Integrate this with your existing GRC tooling rather than creating a parallel programme.
Components In Depth
1. Risk-based classification (Articles 5, 6, 50)
The Act sorts AI systems into four buckets, each with its own obligations.
**Prohibited (Article 5).** Banned outright. Includes manipulative or exploitative AI causing significant harm; real-time remote biometric identification in public spaces by law enforcement (with narrow exceptions); biometric categorisation inferring sensitive attributes; social scoring; predictive policing based solely on profiling; untargeted scraping of facial images from the internet/CCTV; emotion recognition in workplaces and educational institutions; and certain forms of crime-prediction. Applicable from 2 February 2025.
**High-risk (Article 6 + Annex III).** Either (a) AI used as a safety component of a product covered by EU harmonisation legislation (Annex I — machinery, toys, medical devices, vehicles, etc.), or (b) AI used in the use-cases enumerated in Annex III (biometric ID and categorisation; critical infrastructure; education and vocational training; employment and worker management; access to essential private and public services; law enforcement; migration, asylum, and border control; administration of justice and democratic processes). High-risk systems carry the heaviest obligation load. Applicable from 2 August 2026 (or 2 August 2027 for Annex I systems).
**Limited-risk / transparency (Article 50).** Systems that interact with humans (chatbots), generate or manipulate content (deepfakes, synthetic media), or perform emotion recognition or biometric categorisation outside the high-risk and prohibited tiers. Obligation: tell the user. Applicable from 2 August 2026.
**Minimal risk.** Everything else. No Act-specific obligations; voluntary codes of conduct encouraged.
Classification is the gating decision. Get it wrong and you will either over-comply (expensive) or under-comply (catastrophic).
Key Outcome
A documented classification for every AI system you provide, deploy, or use, with the rationale recorded against the Article 5/6/50 criteria. Re-classify when use cases change.
2. High-risk obligations (Articles 9-15, 17, 26)
Provider obligations for high-risk AI cluster into seven areas:
1. **Risk management system (Art. 9)**: a continuous, iterative risk-management process across the entire AI lifecycle. 2. **Data and data governance (Art. 10)**: training, validation, and testing datasets must be relevant, sufficiently representative, free of errors and complete, with documented data-governance practices. 3. **Technical documentation (Art. 11 + Annex IV)**: a comprehensive technical file demonstrating compliance, kept up to date for the life of the system + 10 years. 4. **Record-keeping (Art. 12)**: automatic event logging ("logs") with traceability of the system's functioning sufficient to support post-market monitoring. 5. **Transparency and information to deployers (Art. 13)**: instructions for use that allow deployers to understand and use the system correctly. 6. **Human oversight (Art. 14)**: design and development that enables natural persons to oversee the system, including the ability to interpret outputs, decide whether to use them, override them, or interrupt the system. 7. **Accuracy, robustness, cybersecurity (Art. 15)**: appropriate levels declared and maintained; protection against errors, faults, inconsistencies, and unauthorised third-party attempts.
Providers must also maintain a quality-management system (Art. 17) and perform a conformity assessment (Art. 43) before placing the system on the market. Deployers carry their own obligations under Article 26: use the system per instructions, ensure input data is relevant, monitor operation, keep logs, suspend use and report serious incidents under Article 73.
Key Outcome
For each high-risk system: a complete Annex IV technical file, an operational risk-management process, a quality-management system, evidence of conformity assessment, and (for deployers) operational logs and an instruction-conformant usage protocol.
3. General-purpose AI (Articles 51-55)
GPAI gets its own regime, recognising that foundation models are upstream inputs to many downstream AI systems.
All GPAI providers (Article 53) must: maintain technical documentation including training and testing details; provide information and documentation to downstream providers wishing to integrate the model; put in place a copyright-compliance policy; and publish a sufficiently detailed summary of training-data content.
GPAI models with systemic risk — currently defined (Article 51) as those trained with more than 10^25 FLOPs of compute, plus models the European Commission designates by decision — face additional obligations under Article 55: perform model evaluations including adversarial testing; assess and mitigate possible systemic risks; track and report serious incidents to the AI Office and national competent authorities; and ensure adequate cybersecurity for the model and its physical infrastructure.
The Commission has published voluntary Codes of Practice that GPAI providers can adhere to as a route to demonstrating compliance. Adherence is non-binding but heavily reduces the burden of proof.
This regime is consequential for any organisation that ships a frontier foundation model into the EU market, but it also matters for downstream deployers: the Article 53 documentation flow gives you, the deployer, the upstream evidence you need for your own Article 9/10/11/15 obligations on the high-risk system you build on top.
Key Outcome
If you provide GPAI: technical documentation + copyright policy + training-data summary, plus (for systemic-risk models) model evaluations, mitigation plans, incident reporting, and cybersecurity controls. If you build on third-party GPAI: collect the Article 53 documentation as part of your vendor diligence.
4. Enforcement, penalties, and timeline
Enforcement is shared between the EU AI Office (Commission-level, primarily GPAI) and national market-surveillance authorities (Member-State level, most other AI systems). The AI Board, the Scientific Panel, and an advisory forum provide coordination.
Penalty caps (Article 99) are framework maxima — actual penalties consider proportionality factors like size, intent, and cooperation: - **Prohibited-AI violations**: up to €35M or 7% of global annual turnover (higher of the two) - **High-risk obligation breaches and other non-compliance**: up to €15M or 3% - **Incorrect, incomplete, or misleading information to notified bodies or competent authorities**: up to €7.5M or 1% - **SMEs and start-ups**: penalties calibrated downward
The phased timeline (Article 113): - **2 August 2024**: Regulation entered into force - **2 February 2025**: Prohibitions (Art. 5) and general provisions (Chapters I-II) became applicable - **2 August 2025**: GPAI rules (Chapter V), governance (Chapter VII), penalties (Chapter XII except Article 101) became applicable - **2 August 2026**: General application — most provisions including Annex III high-risk, Article 50 transparency - **2 August 2027**: Annex I high-risk systems (AI as safety component of regulated products)
For most organisations, **2 August 2026 is the binding deadline that matters now** — high-risk obligations on Annex III systems become enforceable then.
Key Outcome
A calendar that tracks the phase-in deadlines applicable to your systems, a notified-body/authority engagement plan if you face conformity assessment, and an internal penalty-exposure assessment integrated into your enterprise risk register.
Frequently Asked Questions
When does the EU AI Act bind us?
It already does, depending on the system. Prohibitions (Article 5) have been applicable since 2 February 2025. GPAI obligations (Chapter V) have been applicable since 2 August 2025. The big deadline for most organisations is 2 August 2026, when Annex III high-risk obligations and Article 50 transparency obligations become applicable. Annex I high-risk systems get an extra year, applicable 2 August 2027.
Does the Act apply to us if we are not in the EU?
Often, yes. Article 2(1) sets the scope: providers placing AI on the EU market or putting it into service in the EU (regardless of provider location); deployers in the EU; and — critically — providers and deployers in third countries where the AI output is used in the EU. A US SaaS company with EU customers whose product includes AI features is in scope. A US AI lab whose API serves EU developers is in scope. There are narrow exemptions for AI used exclusively for military or national security purposes, and for purely research and development activities pre-deployment.
What counts as "high-risk"?
Article 6 defines two paths. Path one: the AI system is a safety component of a product (or is itself a product) covered by EU harmonisation legislation in Annex I (machinery, toys, medical devices, vehicles, etc.) requiring third-party conformity assessment. Path two: the AI system is listed in Annex III — biometric identification and categorisation, critical infrastructure management, education and vocational training, employment and worker management, access to essential private and public services, law enforcement, migration/asylum/border control, administration of justice and democratic processes. There is a narrow safe harbour in Article 6(3) for systems intended to perform a narrow procedural task or improve the result of a previously completed human activity.
How is the EU AI Act different from GDPR?
GDPR regulates personal data processing — what data you can collect, why, how long, and what rights data subjects have. The EU AI Act regulates AI systems — what they do, who builds them, how they are tested, and the obligations of providers and deployers. They overlap meaningfully: a high-risk AI system that processes personal data must comply with both. The Article 27 Fundamental Rights Impact Assessment (FRIA) for deployers of certain high-risk systems explicitly anticipates this overlap, as does the data-governance obligation in Article 10.
We use foundation models from OpenAI / Anthropic / Google / Meta. Are we a GPAI provider?
Generally no — you are a downstream provider or deployer. The GPAI obligations in Articles 53-55 bind the upstream model providers. Your obligations come from how you use the model: if you build a high-risk AI system on top, you carry the Article 9-15 obligations as the provider of that downstream system. The upstream model provider must supply you with documentation under Article 53(1)(b) that you can use to comply with your own technical-file obligation — make sure your vendor diligence captures this.
How do penalties work in practice?
Penalty caps (Article 99) are framework maxima. The actual penalty is set by national market-surveillance authorities considering proportionality factors: nature and gravity of the infringement, duration, prior infringements, cooperation, financial benefit gained, size and turnover of the operator, intentional or negligent character. SMEs and start-ups receive penalties calibrated to their financial position. So far, with the Act only partially in force, there is little case law — the closest analogue is GDPR enforcement, which has settled into a pattern of meaningful but proportionate penalties scaled to organisation size and harm.
What is the relationship with ISO/IEC 42001?
ISO/IEC 42001 (AI Management System) is the operational substrate that Article-17 quality-management systems will, in practice, be built on. A certified ISO 42001 AIMS does not by itself prove EU AI Act compliance, but the controls overlap heavily and provide much of the documentary evidence the Act demands. Most organisations building EU AI Act programmes from scratch are using ISO 42001 as the management-system backbone and bolting the Act-specific obligations on top.
How does this interact with agentic AI specifically?
The Act does not yet have agent-specific provisions, but agentic AI systems often fall into high-risk classifications when deployed in Annex III sectors (employment automation, public-service access, etc.). Article 14 (human oversight) and Article 13 (transparency to deployers) are the closest hooks, and they map cleanly to the Singapore MGF Agentic's second dimension. Expect the next round of Commission delegated acts and AI Office guidance to address agentic systems explicitly — the Singapore framework will heavily influence what that looks like.
What are the voluntary Codes of Practice?
Voluntary Codes of Practice (Article 56) are Commission-facilitated industry codes that provide adherence-route compliance with specific GPAI obligations. They are non-binding, but adherence creates a rebuttable presumption of compliance with the obligations they cover and substantially lowers enforcement risk. The first Code of Practice for GPAI providers was finalised in 2025 and is the de facto compliance route for the major foundation-model labs.
Do we need a notified body?
It depends on the system. Annex VI conformity assessment (internal control) is the default for most Annex III high-risk systems and does not require a notified body. Annex VII assessment (involving a notified body) is required for biometric identification and categorisation systems, certain critical-infrastructure AI, and AI used as a safety component of products under Annex I. Plan early — notified-body capacity is finite, and the queue grows as 2 August 2026 approaches.
Control Mapping to Other Frameworks
How each requirement in this framework maps to controls in NIST AI RMF, ISO/IEC 42001, SOC 2, and HIPAA Security Rule. Use this to avoid duplicating governance work across frameworks.
| This Framework | Mapped Controls |
|---|---|
| Article 9: Risk management system |
|
| Article 10: Data and data governance |
|
| Article 11 + Annex IV: Technical documentation |
|
| Article 12: Record-keeping (logs) |
|
| Article 13: Transparency and information to deployers |
|
| Article 14: Human oversight |
|
| Article 15: Accuracy, robustness, cybersecurity |
|
| Articles 53-55: GPAI provider obligations |
|
The Bottom Line
The EU AI Act is no longer a future concern. The prohibitions are already in force; GPAI obligations have been live since August 2025; high-risk obligations bind on 2 August 2026; and the extraterritorial reach means US organisations whose AI output reaches EU users are in scope. The Act is also the global anchor: its risk-based architecture is being copied (Brazil, Canada, parts of Asia), and even where it is not, vendor-risk teams use Annex IV-style technical documentation as the working definition of "documented AI." Build a compliance programme that produces that evidence, and you will satisfy most other regimes — including the Singapore MGF for Agentic AI — as a near-free byproduct.
Compliance Relevance
The Act is the world's most consequential binding AI law. For US organisations, the practical question is rarely "does it apply?" — for any company with EU customers or output that reaches the EU, it likely does — but "which articles apply to which systems?" Coupling EU AI Act high-risk obligations with NIST AI RMF and the Singapore MGF Agentic produces an integrated control set that satisfies all three regimes simultaneously.
Related TrustEdge Services
As of May 22, 2026. We are not lawyers and this is not legal advice. It is the responsibility of consumers of this data that they verify the applicability and current ratified statutes and legal precedence with a qualified attorney licensed in the state or country they are researching.
Need Help with AI Compliance?
Our team helps organizations build compliance-first AI systems that meet current and emerging regulatory requirements.