EU Regulation 2024/1689

EU AI Act

The world's first comprehensive AI regulation, establishing a risk-based framework for the development and use of artificial intelligence in the European Union.

Assess AI Risk LevelView Risk Categories
€35M
Maximum fine
Or 7% global revenue
4
Risk levels
Risk-based approach
First
In the world
Comprehensive AI law
2026
Full application
Phased rollout

Who Must Comply with the AI Act?

The AI Act applies to any organization that develops, deploys, or uses AI systems affecting EU citizens.

AI Providers

  • AI system developers
  • Foundation model providers
  • General-purpose AI systems
  • Open-source AI developers

AI Deployers

  • Companies using AI systems
  • Public authorities
  • Healthcare providers
  • Financial institutions

AI Importers & Distributors

  • Companies importing AI
  • Technology distributors
  • System integrators
  • Resellers and agents

Extra-territorial reach: The AI Act applies to AI providers outside the EU if their AI systems are used in the EU or if outputs are used by EU citizens.

AI Risk Classification

The AI Act uses a risk-based approach with four categories of AI systems

Unacceptable Risk

PROHIBITED

AI systems that pose a threat to fundamental rights are banned entirely.

Social scoring by governmentsReal-time biometric surveillanceManipulation of vulnerable groupsEmotion recognition in workplaces/schools

High Risk

STRICT REQUIREMENTS

AI systems that may impact safety or fundamental rights face strict regulations.

Biometric identificationCritical infrastructure managementEducation and employment decisionsLaw enforcement and justice

Limited Risk

TRANSPARENCY REQUIRED

AI systems that interact with humans must clearly disclose their AI nature.

Chatbots and virtual assistantsEmotion recognition systemsDeepfake generatorsAI-generated content

Minimal Risk

NO RESTRICTIONS

Most AI applications fall here with minimal or no regulatory requirements.

Spam filtersVideo game AIRecommendation systemsMost business AI tools

High-Risk AI Requirements

High-risk AI systems must meet stringent requirements throughout their lifecycle.

Risk Management

Establish and maintain a risk management system throughout AI lifecycle

Data Governance

Use high-quality training datasets with proper documentation

Technical Documentation

Maintain detailed technical documentation before market placement

Record Keeping

Automatic logging of events for traceability and audit

Transparency

Clear information for deployers about system capabilities and limits

Human Oversight

Enable effective human oversight and intervention capabilities

Penalties for Non-Compliance

The AI Act establishes significant fines based on the type of violation

€35M
or 7% of global turnover

Prohibited AI Systems

Using banned AI systems or violating data quality requirements

€15M
or 3% of global turnover

High-Risk Non-Compliance

Failing to meet high-risk AI obligations

€7.5M
or 1.5% of global turnover

Other Violations

Providing incorrect information to authorities

How Dependra Helps with AI Act

Identify and assess AI systems in your technology stack for compliance readiness.

  • Inventory all AI-powered tools and services
  • Classify AI systems by risk level
  • Identify EU-based AI alternatives
  • Assess vendor AI compliance posture
  • Track AI provider documentation
  • Monitor for prohibited AI features
Start AI Assessment

Related Regulations

GDPR

General data protection regulation

ePrivacy

Electronic communications privacy

NIS2

Network and information security

DORA

Digital operational resilience

Official Resources

AI Act Full Text

Official EU regulation text

European AI Office

Implementation guidance and updates

AI Act Quick Facts

Full Name
Artificial Intelligence Act
Regulation Number
EU 2024/1689
Adopted
June 13, 2024
Full Application
August 2, 2026
Approach
Risk-Based Classification

Ready for AI Act Compliance?

Prepare your organization for the world's first comprehensive AI regulation.

Start AI AssessmentView Demo