First Steps to Compliance: Meeting Early Obligations Under the EU AI Act

The EU Artificial Intelligence (AI) Act, effective from August 2024, is the first broad regulatory framework for AI worldwide. While most provisions will apply by mid-2026, crucial parts became effective in early 2025, including defining AI systems and prohibiting certain practices. These changes kick off a new regulatory environment for AI in Europe, requiring companies to align their AI operations with these regulations.

To aid compliance, the European Commission has this year issued guidance, covering AI system definitions and forbidden AI activities. Two significant initial obligations for businesses include fostering AI literacy and understanding the prohibited utilizations of AI. AI literacy is a compliance mandate under the Act, requiring organizations to ensure their teams are educated about AI and its associated risks.

The AI Act defines systems based on their lifecycle and functionality. It prohibits activities exploiting vulnerabilities or enabling social scoring, putting businesses on notice to scrutinize their AI applications carefully. Understanding these requirements will help companies navigate compliance and reduce legal risks, establishing a culture of safe AI usage.