The European Union’s Artificial Intelligence Act has officially initiated a new chapter in Artificial Intelligence regulation worldwide, having entered into force on August 1, 2024. This pioneering legislation introduces a comprehensive legal framework, aiming to ensure that all Artificial Intelligence systems on the EU market are safe and respect fundamental rights. Key obligations began rolling out in 2025, including bans on certain high-risk applications and requirements for user literacy. The next major deadline, August 2, 2025, will trigger expansive responsibilities for general purpose Artificial Intelligence (GPAI) models and activate new governance structures such as the European AI Office and the European Artificial Intelligence Board.
The regulatory approach is distinctly phased, giving organizations time to adapt to escalating obligations. Early 2025 bans manipulative and exploitative Artificial Intelligence practices while enforcing staff training standards. The August 2025 milestone focuses on GPAI model providers—especially those behind large language models—introducing mandates for comprehensive documentation, transparency regarding data and development, copyright compliance, and, for models of systemic risk, stricter obligations around cybersecurity, risk mitigation, and incident reporting. By 2026 and 2027, the full framework will apply to high-risk systems, with complete enforceability of key provisions such as Article 6(1).
Central to the Act is its risk-based classification. Artificial Intelligence systems are categorized as unacceptable, high, limited, or minimal/no risk, with varying regulatory burden. GPAI models, in particular, face detailed requirements whether integrated within larger applications or posing independent risks. Codes of Practice expected in August 2025, though voluntary, are designed to help providers demonstrate compliance ahead of the formal adoption of European standards. Critically, the Act’s jurisdiction extends extraterritorially—non-EU entities must comply if their Artificial Intelligence systems or outputs reach users in the EU, making regulatory exposure a global concern.
Non-compliance carries steep penalties, reaching up to €35 million or 7% of annual global revenue. For U.S. developers and other non-EU organizations, mapping exposure, classifying systems, enhancing internal governance, and early appointment of an EU representative are essential to risk mitigation. Hybridizing compliance with both EU and emerging U.S. regulatory frameworks can offer a strategic edge as standards converge. The Act’s demands for documentation, transparency, and copyright adherence—especially for GPAI—also raise complex intellectual property issues, requiring technical and legal vigilance to align with fast-evolving expectations. With the EU Artificial Intelligence Act setting a global precedent, companies may increasingly adopt Europe-ready approaches to streamline worldwide compliance.
