2.1 · The EU AI Act — Operational Compliance Essentials

The Law Has Arrived — Are You Ready?

12 minCourse 02

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. It entered into force in August 2024 and is now being applied in stages — some provisions are already in effect, others will apply from 2025 and 2026. If your organisation operates in the EU, sells to EU customers, or processes data about EU residents, this law applies to you.

Why This Matters Right Now

The EU AI Act is not a future concern. Prohibited AI practices — those banned outright — became enforceable in February 2025. High-risk AI system requirements begin applying in August 2026. If you haven't started your compliance analysis, you're already behind schedule.

What the EU AI Act Actually Regulates

The Act regulates "AI systems" — a deliberately broad definition that covers most software with a machine learning component. It applies to anyone who:

  • Develops an AI system for placing on the EU market
  • Deploys an AI system in the EU (even if built elsewhere)
  • Imports or distributes AI systems in the EU
  • Uses certain high-risk AI systems within the EU

This extraterritorial reach is significant. A US-based SaaS company selling an AI-powered hiring tool to a German company is subject to the Act. A UK fintech using an AI credit scoring model on EU customers is subject to the Act.

The Enforcement Reality

Fines under the EU AI Act are substantial — up to €35 million or 7% of global annual turnover (whichever is higher) for the most serious violations. This is higher than GDPR. National competent authorities in each EU member state are responsible for enforcement, with a European AI Office providing oversight and coordination.

€35M
Maximum fine for prohibited AI violations
7%
Of global turnover — the alternative fine cap
Aug 2026
High-risk AI requirements become enforceable
The Compliance Gap

A 2025 survey found that 67% of European businesses subject to the EU AI Act had not yet conducted a formal assessment of which of their AI systems fall within scope. You cannot comply with a law you haven't mapped yourself against.

Your Starting Point

The first step in EU AI Act compliance is always the same: inventory and classify your AI systems. Before you can know what you need to do, you need to know what you have. This section will give you the tools to do exactly that.