EU AI Act
The EU AI Act is the European Union’s horizontal regulation on artificial intelligence. It classifies AI systems by risk tier and imposes obligations on providers, deployers, importers, and distributors that touch the EU market.
The Act entered into force on 1 August 2024 (20 days after publication in the Official Journal). Prohibitions applied from 2 February 2025; general-purpose AI obligations from 2 August 2025; the bulk of the high-risk regime from 2 August 2026. Most European SMEs are not building high-risk systems, but limited-risk transparency and GPAI provisions still apply to teams using third-party LLMs behind product features. Penalties scale to €35 million or 7% of global turnover for prohibited uses, with a proportionate cap for SMEs.
Definitions
Practical guides
EU AI Act risk levels: the four tiers explained
The EU AI Act sorts every AI system into one of four risk tiers: unacceptable (prohibited outright), high (heavy obligations), limited (transparency only), and minimal (no specific obligations). Classification determines every obligation that follows.
EU AI Act enforcement timeline (2024 to 2027)
The EU AI Act enters its provisions on a staggered schedule. Prohibitions applied from 2 February 2025, GPAI obligations from 2 August 2025, the bulk of the high-risk regime from 2 August 2026, and the final Annex I provisions from 2 August 2027.
GPAI obligations for SMEs using third-party LLMs
You are probably not training a GPAI model, but Chapter V of the EU AI Act still applies to your team if you fine-tune a third-party model in a way that changes its intended purpose, or if you build a product on top of one. The obligations are narrower than the high-risk regime but real.