The European Union has leapfrogged the United States in regulating artificial intelligence, introducing the EU AI Act, a landmark law that takes effect this week. Passed in 2024, the legislation sets a comprehensive global standard for artificial intelligence safety and will phase in requirements through 2030. US startups aiming to serve European users must comply with the Act’s provisions by August 2, 2026, while existing products on the market before that date generally have until 2027 to adapt. Despite skepticism in the US about adhering to rules from abroad, compliance is non-negotiable for companies that want to operate in the EU.
The EU AI Act obligates artificial intelligence vendors to categorize their technologies under four risk categories: unacceptable, high, limited, and minimal. Applications deemed to carry ´unacceptable risk,´ such as social scoring and certain biometric tools, are outright banned. High-risk systems—including those embedded in regulated products like drones, medical devices, or sensitive data applications in HR and law enforcement—face the most stringent requirements, including technical documentation, data governance, human oversight protocols, audits, and ongoing monitoring. Limited-risk systems such as chatbots and generative content platforms must provide transparency and labeling, while minimal-risk tools such as spam filters and recommendation engines are largely exempt. Notably, organizations deploying high-risk artificial intelligence are themselves responsible for compliance, not just the technology providers.
Philly-based HR platform Phenom offers an instructive case: anticipating eventual regulation, Phenom built auditing and reporting tools early, drawing from its prior experience with GDPR. The company’s global footprint—serving clients in nearly 190 countries—meant that regulatory readiness was essential. As similar state-level rules emerge in New York, Colorado, Illinois and beyond, Phenom began tracking the EU legislation from its infancy, scaling resources accordingly. Phenom’s leadership recommends that US artificial intelligence startups: design business models with future compliance in mind, use existing laws to guide risk assessment, and maintain client-facing staff who can explain both legal risks and technical safeguards. As the regulatory landscape evolves on both sides of the Atlantic, proactive preparation is key to avoiding last-minute disruption and ensuring ongoing access to European markets.
