EU AI Act
aka AI Act, Regulation (EU) 2024/1689
EU regulation on artificial intelligence, in force from 1 August 2024. Bans some practices, regulates 'high-risk' AI systems, and imposes transparency obligations on general-purpose AI models.
Last reviewed April 2026
Definition
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is the world's first comprehensive horizontal regulation of AI systems. It entered into force on 1 August 2024 with a phased application: the prohibitions on unacceptable-risk practices apply from 2 February 2025; obligations on general-purpose AI (GPAI) model providers from 2 August 2025; and the bulk of the high-risk AI obligations from 2 August 2026, with extended timelines for AI in regulated products until 2 August 2027. The Act is risk-tiered: unacceptable-risk practices are banned outright (social scoring, manipulative AI, real-time remote biometric identification with narrow exceptions); high-risk AI (HR/recruitment, education access, credit scoring, critical infrastructure, biometric ID, justice/border control) faces conformity assessment, technical documentation, human oversight and post-market monitoring; limited-risk AI (chatbots, deepfakes) faces transparency obligations; minimal-risk AI is unregulated. GPAI providers face documentation and copyright transparency duties; GPAI models with 'systemic risk' (compute over 10^25 FLOPs) face additional safety, evaluation and incident-reporting duties. Fines reach EUR 35 million or 7% of global turnover for prohibited-practice breaches.
Why it matters for software choice
Irish SMEs that deploy AI in HR (CV screening, performance), credit/lending, education or biometric ID are likely covered as deployers of high-risk AI. Vendors that publish their AI Act risk classification, conformity assessment status, and human-oversight controls cut compliance work from a six-month project to a vendor-questionnaire.
Authority sources
- EU Artificial Intelligence Act (Regulation 2024/1689) (eur-lex.europa.eu)
- European Commission: AI Act (digital-strategy.ec.europa.eu)
Software categories this affects
Vendors covered by this term
ChatGPT Enterprise
OpenAI's enterprise AI assistant with advanced reasoning, data analysis, and custom GPTs
Claude for Business
Anthropic's AI assistant with strong safety focus, long context handling, and business-grade data privacy
Microsoft Copilot
AI assistant integrated into Microsoft 365, with EU data boundary for European customers
Gemini Business
Google's AI assistant integrated with Google Workspace, with EU data processing for European customers
Jasper AI
AI content platform for marketing teams, with brand voice and campaign management
Notion AI
AI writing and knowledge management built into the Notion workspace platform
Related terms
AI Risk Categories
Four-tier risk classification under the EU AI Act: unacceptable-risk (banned), high-risk (regulated), limited-risk (transparency), minimal-risk (unregulated). Determines a system's compliance burden.
Data Residency (EU vs US)
Where customer personal data is stored and processed. Storing inside the EU/EEA simplifies GDPR compliance; processing in the US triggers transfer-mechanism obligations under Schrems II.
Data Protection Commission
Ireland's national data protection authority. Lead supervisory authority for many large US tech companies headquartered in Dublin under the GDPR's one-stop-shop mechanism.