Introduction
The EU AI Act [1] [2] [3] [4] [5], formally known as Regulation (EU) 2024/1689, establishes a comprehensive legal framework for artificial intelligence systems within the European Union. It introduces staggered implementation dates, focusing on General-Purpose AI (GPAI) models [1] [2] [5], and outlines key obligations for organizations involved in the AI sector. The Act categorizes AI systems based on risk and enforces prohibitions on certain practices, with significant penalties for non-compliance. It also emphasizes the importance of AI literacy and stakeholder engagement to ensure adherence to the regulatory landscape.
Description
The EU AI Act [1] [2] [3] [4] [5], Regulation (EU) 2024/1689 [4], establishes a comprehensive legal framework for artificial intelligence systems [4] [5], with staggered implementation dates and a focus on General-Purpose AI (GPAI) models. Key obligations will commence on August 2, 2025, necessitating immediate action from organizations involved in the development [5], modification [1] [3], branding [1], distribution [1], or deployment of GPAI systems [1], which include a wide range of applications such as Large Language Models and foundation models. These obligations encompass maintaining extensive technical documentation, sharing relevant information with downstream users [5], and adhering to safety and cybersecurity standards [5].
The Act categorizes AI systems based on risk [5], particularly emphasizing those with systemic capabilities [5], including high-risk models [5]. It enforces absolute prohibitions on certain AI practices, such as social scoring and invasive biometric surveillance [1], particularly real-time remote biometric identification systems by public authorities [3], which has already deterred certain activities even before full enforcement [3]. Violations of these prohibitions can incur significant penalties, including fines of up to €35 million or 7% of global turnover [1] [2]. A focus on AI literacy within organizations is emphasized to ensure compliance and foster understanding of the regulatory landscape.
On August 2, 2025 [1] [2] [4] [5], the second phase of the Act will come into effect [1], marking a significant transition as governance structures [1], transparency requirements [1] [5], and enforcement mechanisms become fully operational [1]. Specific obligations will be imposed on GPAI providers and users, with the AI Office overseeing compliance and enforcement [4], particularly for models deemed to present systemic risks [4]. Member States are required to designate national competent authorities by this date [4], responsible for supervising compliance with the Act and reporting their resources to the Commission biennially [4]. Spain has already taken the lead as the first EU country to establish a national AI supervisory authority, AESIA [3].
Providers of GPAI models must adhere to obligations under the Act [4], including maintaining transparency through user notifications and usage logs [1], which are essential for building client trust in AI solutions [1]. Those models classified as presenting systemic risk will face additional requirements [4], including risk management policies and incident reporting [4]. The Commission has issued a GPAI Code of Practice to assist compliance [4], although it is not legally binding [4]. Notable companies such as Aleph Alpha [2], Amazon [2], Anthropic [2], Cohere [2], Google [2], IBM [2], Microsoft [2], Mistral AI [2], and OpenAI have signed the code, although signing does not imply full endorsement [2]. Stakeholder engagement is promoted, emphasizing the need for organizations to coordinate with GPAI model providers to ensure compliance across the AI value chain [5].
While most penalty provisions are now in effect [4], those related to GPAI models will be enforced starting August 2, 2026 [4]. Violations concerning documentation, transparency obligations [1], or governance rules can incur fines of up to €15 million or 3% of global turnover [1], and providing incorrect information to authorities may result in fines of up to €7.5 million or 1% of global turnover [1]. There is uncertainty regarding the practical enforcement of penalties [4], as Member States must establish their own enforcement measures by August 2, 2025 [4]. Investigatory powers related to GPAI model obligations will also not be applicable until August 2, 2026 [4].
Businesses are advised to prioritize early preparation for these obligations, as the implementation of the EU AI Act will vary across Member States [4]. Larger firms are proactively adjusting to the regulation, while smaller businesses face challenges due to bureaucratic and economic burdens [3], compounded by a lack of practical guidance [3]. Additionally, global AI regulation remains inconsistent [4], with various countries developing their own approaches to balance the benefits and risks of AI technology [4]. Despite lobbying efforts for a delay in the implementation of key obligations, the European Union has reaffirmed its commitment to the established timeline for the EU AI Act [2]. The foundation for a comprehensive AI regulatory ecosystem will be firmly established [1], requiring GPAI providers to demonstrate adherence to transparency and safety standards while preparing for regulatory scrutiny [1]. Early preparation is crucial for maintaining competitive advantages and minimizing regulatory risks in the evolving AI landscape [5].
Conclusion
The EU AI Act represents a significant step towards regulating artificial intelligence within the European Union, with far-reaching implications for organizations involved in AI development and deployment. By categorizing AI systems based on risk and enforcing strict compliance measures, the Act aims to ensure the safe and ethical use of AI technologies. Organizations must prioritize early preparation to navigate the regulatory landscape effectively, maintain competitive advantages [5], and minimize potential risks. As the global AI regulatory environment continues to evolve, the EU AI Act sets a precedent for comprehensive AI governance, emphasizing transparency [1] [5], safety [1] [5], and stakeholder engagement [5].
References
[1] https://www.projectivegroup.com/ainsight-into-the-ai-light-what-changes-on-2-august-2025/
[2] https://techcrunch.com/2025/08/05/the-eu-ai-act-aims-to-create-a-level-playing-field-for-ai-innovation-heres-what-it-is/
[3] https://www.cio.com/article/4032894/analysis-of-the-european-ai-regulation-one-year-after-its-entry-into-force.html
[4] https://www.jdsupra.com/legalnews/latest-wave-of-obligations-under-the-eu-3886441/
[5] https://digital.nemko.com/insights/eu-ai-act-rules-on-gpai-2025-update
