Skip to main content
NOPE
In Effect Law AI Safety

EU AI Act

Regulation (EU) 2024/1689 (Artificial Intelligence Act)

World's first comprehensive risk-based regulatory framework for AI systems. Classifies AI by risk level with escalating requirements from prohibited practices to high-risk obligations.

Jurisdiction

European Union

Enacted

Jul 12, 2024

Effective

Aug 1, 2024

Enforcement

AI Office (European Commission) + national authorities

Phased implementation through 2027

EUR-Lex

Why It Matters

Article 5(1)(b) prohibits AI that exploits vulnerabilities (including age) to distort behavior causing significant harm. Sets global precedent for risk-based AI regulation.

Recent Developments

Code of Practice on AI-Generated Content (Article 50): First draft published Dec 17, 2025; stakeholder feedback deadline Jan 23, 2026; second draft expected mid-March 2026; final expected June 2026. Covers Article 50(2), (4), (5) obligations for providers and deployers. Voluntary but likely de facto compliance standard. AI Regulatory Sandboxes: Commission consultation launched Dec 2, 2025; each Member State must establish at least one by Aug 2, 2026. EU AI Office investigation into Meta WhatsApp Business APIs (Jan 2026) for allegedly restricting rival AI providers.

At a Glance

Applies to

Foundation ModelAI CompanionMental Health AppHealthcare AIAutomated Decision SystemFacial RecognitionEmotion Recognition

Harms addressed

Discrimination

Safety Provisions

  • Prohibited: AI exploiting vulnerabilities (age, disability) causing psychological harm
  • Prohibited: Social scoring, predictive policing based on profiling, emotion recognition in schools/workplaces
  • High-risk systems require: risk management, data governance, human oversight, transparency
  • Conformity assessments before market placement
  • Post-market monitoring and incident reporting

Compliance & Enforcement

Key Dates

Feb 2, 2025

Prohibited AI practices enforceable; AI literacy obligations

Aug 2, 2025

GPAI model obligations; Member States designate authorities

Aug 2, 2026

Full high-risk AI system requirements

Aug 2, 2027

Extended deadline for AI in regulated products

Penalties

€35M or 7% revenue (whichever higher)

View on map

European Union

Focus Areas

Mental health & crisis
Child safety
Algorithmic accountability
Active safeguards required

Cite This

APA

European Union. (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act).

Related Regulations

Pending EU

EU Digital Omnibus (AI)

Proposed amendments to the EU AI Act that would delay high-risk AI system obligations by up to 16 months, making compliance conditional on availability of harmonised standards and support tools.

Enacted EU

EU CRA

Mandatory cybersecurity requirements for all products with digital elements placed on the EU market, including AI software. Requires security by design, vulnerability handling, incident reporting to ENISA, software bills of materials, and CE marking for market access.

In Effect FI

Finland AI Act

Finland's EU AI Act implementation using decentralized supervision model. Traficom serves as single point of contact and coordination authority. Ten market surveillance authorities share enforcement across sectors. New Sanctions Board handles fines over EUR 100,000.

In Effect NZ

NZ Biometric Code

Sets specific legal requirements under Privacy Act for collecting and using biometric data such as facial recognition and fingerprint scans. Prohibits particularly intrusive uses including emotion prediction and inferring protected characteristics like ethnicity or sex.

In Effect US-TX

TX Healthcare AI Law

Requires healthcare practitioners using AI for diagnosis to review all AI-generated records and disclose AI use to patients. Mandates EHR data localization (Texas patient data must be physically stored in US). Applies to covered entities and third-party vendors.

In Effect AU

AU Privacy Amendment 2024

Strengthens Privacy Act requirements for biometric data collection, raising the standard of conduct for collecting biometric information used for automated verification or identification. Cannot collect such information unless individual has consented and it is reasonably necessary.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.