EU AI Act
What is EU AI Act?
EU AI ActEU Regulation 2024/1689 establishing harmonised rules on artificial intelligence with a risk-based approach, phased in between 2025 and 2027.
The EU AI Act (Regulation EU 2024/1689) is the world's first comprehensive horizontal law on artificial intelligence. Adopted in 2024 and published in the Official Journal in July 2024, it applies a risk-based approach: unacceptable-risk practices (e.g. social scoring, manipulative AI) are prohibited from 2 February 2025; obligations for general-purpose AI models apply from 2 August 2025; high-risk system requirements (Annex III, conformity assessment, post-market monitoring) become fully applicable on 2 August 2026; and remaining provisions on embedded high-risk systems by 2 August 2027. Enforcement is shared between the new European AI Office and national market-surveillance authorities, with fines up to EUR 35 million or 7% of global turnover.
● Examples
- 01
A medical-device manufacturer placing a high-risk AI-enabled diagnostic system on the EU market and performing the required conformity assessment.
- 02
A provider of a general-purpose AI model publishing a technical documentation summary and a copyright compliance policy.
● Frequently asked questions
What is EU AI Act?
EU Regulation 2024/1689 establishing harmonised rules on artificial intelligence with a risk-based approach, phased in between 2025 and 2027. It belongs to the Compliance & Frameworks category of cybersecurity.
What does EU AI Act mean?
EU Regulation 2024/1689 establishing harmonised rules on artificial intelligence with a risk-based approach, phased in between 2025 and 2027.
How does EU AI Act work?
The EU AI Act (Regulation EU 2024/1689) is the world's first comprehensive horizontal law on artificial intelligence. Adopted in 2024 and published in the Official Journal in July 2024, it applies a risk-based approach: unacceptable-risk practices (e.g. social scoring, manipulative AI) are prohibited from 2 February 2025; obligations for general-purpose AI models apply from 2 August 2025; high-risk system requirements (Annex III, conformity assessment, post-market monitoring) become fully applicable on 2 August 2026; and remaining provisions on embedded high-risk systems by 2 August 2027. Enforcement is shared between the new European AI Office and national market-surveillance authorities, with fines up to EUR 35 million or 7% of global turnover.
How do you defend against EU AI Act?
Defences for EU AI Act typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for EU AI Act?
Common alternative names include: AI Act, Regulation (EU) 2024/1689.
● Related terms
- ai-security№ 027
AI Governance
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
- ai-security№ 033
AI Safety
The discipline that aims to prevent AI systems from causing unintended harm to users, operators, and society — covering technical, operational, and societal dimensions.
- ai-security№ 025
AI Bill of Materials (AIBOM)
A machine-readable inventory of every component that goes into an AI system — datasets, base models, fine-tuning data, libraries, prompts, and evaluation artifacts — used for security, compliance, and accountability.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
- ai-security№ 034
AI Supply Chain Risk
The set of threats arising from the third-party datasets, base models, libraries, plug-ins, and infrastructure that organisations combine to build and deploy AI systems.
- ai-security№ 029
AI Incident Response
The set of processes, roles, and playbooks an organisation uses to detect, contain, investigate, communicate, and recover from incidents involving AI systems.