Skip to main content
NOPE
In Effect Law AI Safety

EU AI Act

Regulation (EU) 2024/1689 (Artificial Intelligence Act)

World's first comprehensive risk-based regulatory framework for AI systems. Classifies AI by risk level with escalating requirements from prohibited practices to high-risk obligations.

Jurisdiction

European Union

Enacted

Jul 12, 2024

Effective

Aug 1, 2024

Enforcement

AI Office (European Commission) + national authorities

Phased implementation through 2027

EUR-Lex

Why It Matters

Article 5(1)(b) prohibits AI that exploits vulnerabilities (including age) to distort behavior causing significant harm. Sets global precedent for risk-based AI regulation.

Recent Developments

Code of Practice on AI-Generated Content (Article 50): First draft published Dec 17, 2025; stakeholder feedback deadline Jan 23, 2026; second draft expected mid-March 2026; final expected June 2026. Covers Article 50(2), (4), (5) obligations for providers and deployers. Voluntary but likely de facto compliance standard. AI Regulatory Sandboxes: Commission consultation launched Dec 2, 2025; each Member State must establish at least one by Aug 2, 2026. EU AI Office investigation into Meta WhatsApp Business APIs (Jan 2026) for allegedly restricting rival AI providers.

At a Glance

Applies to

Foundation ModelAI CompanionMental Health AppHealthcare AIAutomated Decision SystemFacial RecognitionEmotion Recognition

Harms addressed

Discrimination

Safety Provisions

  • Prohibited: AI exploiting vulnerabilities (age, disability) causing psychological harm
  • Prohibited: Social scoring, predictive policing based on profiling, emotion recognition in schools/workplaces
  • High-risk systems require: risk management, data governance, human oversight, transparency
  • Conformity assessments before market placement
  • Post-market monitoring and incident reporting

Compliance & Enforcement

Key Dates

Feb 2, 2025

Prohibited AI practices enforceable; AI literacy obligations

Aug 2, 2025

GPAI model obligations; Member States designate authorities

Aug 2, 2026

Full high-risk AI system requirements

Aug 2, 2027

Extended deadline for AI in regulated products

Penalties

€35M or 7% revenue (whichever higher)

View on map

European Union

Focus Areas

Mental health & crisis
Child safety
Algorithmic accountability
Active safeguards required

Compliance Help

Requires continuous monitoring systems to identify psychological harm from AI; documented risk management processes; ability to demonstrate harm prevention measures to regulators.

See how NOPE helps

Cite This

APA

European Union. (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act).

Related Regulations

Proposed EU

EU Digital Omnibus (AI)

Proposed amendments to the EU AI Act that would delay high-risk AI system obligations by up to 16 months, making compliance conditional on availability of harmonised standards and support tools.

In Effect FI

Finland AI Act

Finland's EU AI Act implementation using decentralized supervision model. Traficom serves as single point of contact and coordination authority. Ten market surveillance authorities share enforcement across sectors. New Sanctions Board handles fines over EUR 100,000.

In Effect HU

Hungary AI Act

Hungary's comprehensive AI law implementing the EU AI Act. Designates the National Media and Infocommunications Authority (NMHH) as the primary supervisory authority, with sectoral regulators for specific domains.

In Effect EU

DSA

Comprehensive platform regulation with tiered obligations. VLOPs (45M+ EU users) face systemic risk assessments, algorithmic transparency, and independent audits.

Enacted NZ

NZ Biometric Code

Sets specific legal requirements under Privacy Act for collecting and using biometric data such as facial recognition and fingerprint scans. Prohibits particularly intrusive uses including emotion prediction and inferring protected characteristics like ethnicity or sex.

Enacted US-TX

TX Healthcare AI Law

Requires healthcare practitioners using AI for diagnosis to review all AI-generated records and disclose AI use to patients. Mandates EHR data localization (Texas patient data must be physically stored in US). Applies to covered entities and third-party vendors.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.