The EU AI Act Is In Force. Here's What Every Enterprise Technology Team Actually Needs to Do.
Maximum penalty -- or 7% of global annual turnover, whichever is higher
GPAI model obligations enforceable
Article 50 transparency obligations already in force
The EU AI Act entered into force on 1 August 2024. High-risk AI system obligations apply from 2 August 2026. General-purpose AI model requirements apply from 2 August 2025. If your enterprise uses AI in any customer-facing context -- personalisation, content generation, decision support, accessibility tools -- you have obligations that are already in effect or become binding within the next 12 months.
Risk tier classification -- your first obligation
The Act classifies AI systems into four tiers: unacceptable risk (prohibited), high risk (heavily regulated), limited risk (transparency obligations), and minimal risk (largely unregulated). Most enterprise web applications using AI fall into the limited or high risk categories.
What your compliance programme needs
A practical EU AI Act compliance programme has four components. First, an AI system inventory -- every AI system documented and classified by risk tier. Second, conformity assessments for high-risk systems. Third, an AI content disclosure workflow. Fourth, continuous monitoring -- accuracy, bias, and performance tracked on an ongoing basis with documented evidence.