The European Union’s groundbreaking AI Act, designed to mitigate the potential risks of artificial intelligence, is now officially in effect for companies globally. This legislation, initially approved in March 2024, saw its first compliance deadline pass on February 2, 2025. The EU Commission has released supplementary guidance to help businesses ensure their generative AI models adhere to the Act’s requirements and avoid falling into the “unacceptable risk” category, now prohibited within the EU economic territory.
European Union
This comprehensive legislation sets a precedent for AI regulation worldwide. The Act outlines specific prohibited uses of AI and establishes significant penalties for non-compliance. These guidelines, while not legally binding in themselves, aim to provide clarity and promote consistent application of the AI Act across all member states.
Understanding the Prohibited AI Practices
The EU AI Act explicitly bans eight specific applications of artificial intelligence considered to pose unacceptable risks:
- Harmful AI-based Manipulation and Deception: This encompasses uses of AI designed to manipulate individuals through subliminal techniques or deceptive practices, causing psychological or physical harm.
- Harmful AI-based Exploitation of Vulnerabilities: This prohibits AI systems that exploit vulnerabilities related to age, physical or mental disability, leading to harm.
- Social Scoring: AI-driven social scoring systems, which assess and rank individuals based on their social behavior or predicted characteristics, are banned.
- Individual Criminal Offence Risk Assessment or Prediction: Predictive policing based on AI, including profiling individuals based on their perceived likelihood of committing crimes, is prohibited.
- Untargeted Scraping of Internet or CCTV Material for Facial Recognition Databases: The indiscriminate collection of facial data from online sources or CCTV footage to create or expand facial recognition databases is not allowed.
- Emotion Recognition in Workplaces and Education Institutions: Using AI to analyze and interpret emotions in these contexts is forbidden.
- Biometric Categorisation to Deduce Certain Protected Characteristics: Inferring sensitive information like race, ethnicity, political opinion, religious beliefs, or sexual orientation through biometric data analysis is prohibited.
- Real-time Remote Biometric Identification for Law Enforcement in Publicly Accessible Spaces: Real-time facial recognition and other biometric identification technologies for law enforcement purposes in public areas are banned, with specific exceptions.
Penalties and Implementation Timeline
Companies found in violation of these prohibited AI practices face substantial fines of up to 7% of their global turnover or €35 million, whichever is greater. This initial compliance deadline is the first of many to be enforced as AI technology continues to evolve. The AI Act is being implemented in phases over the next two years, with full implementation expected by August 2, 2026.
Navigating Compliance
The EU Commission’s guidelines offer valuable insights for businesses seeking to comply with the AI Act. They provide legal explanations and practical examples to clarify the requirements and help stakeholders understand their obligations. These guidelines aim to ensure the uniform and effective implementation of the Act across the EU.
Conclusion
The EU AI Act signifies a significant step in regulating artificial intelligence, emphasizing the importance of ethical considerations in AI development and deployment. While the regulations present challenges for businesses, they also offer an opportunity to build trust and ensure responsible innovation in this rapidly evolving field. Staying informed and proactively addressing the requirements outlined in the Act and its accompanying guidelines will be crucial for businesses operating within or interacting with the EU market.
