What Is the EU AI Act
The EU AI Act, effective August 2024, is the world's first comprehensive AI regulation. Like GDPR, all companies providing AI systems within the EU are subject, so even Japan-headquartered firms must comply if they serve EU customers.
With phased enforcement: prohibitions from February 2025, GPAI (general-purpose AI) rules from August 2025 already applied. High-risk AI rules were initially planned for full operation from August 2026, but following industry pushback, the "Digital Omnibus on AI" package pushed back the main high-risk AI compliance deadlines to 2027-2028 (regulatory simplification aimed at easing SME burden). Deepfake/AI-generated-content labeling obligations take effect as planned in August 2026. "Nudification" apps remain clearly prohibited.
4 Risk Tiers
1. Unacceptable Risk (Prohibited)
- AI distorting behavior via subliminal manipulation
- AI exploiting vulnerabilities of children/disabled people
- Social scoring (overall scoring of citizens)
- Real-time biometric ID in public spaces (with exceptions)
Fully prohibited from February 2025. Violations: up to EUR 35M or 7% of global revenue in fines.
