Skip to main content

[ FRAMEWORK · EUROPEAN UNION ]

EU AI Act, tracked end to end.

The Artificial Intelligence Act is the EU's risk-based horizontal regulation for AI systems. It bans certain practices outright, imposes tough conformity-assessment requirements on high-risk AI, and sets transparency and governance obligations for general-purpose AI (GPAI) models.

Book a demoStart your trial

[ LEGISLATION ]

EU AI Act at a glance.

Full name
Artificial Intelligence Act
Jurisdiction
European Union
Legal basis
Regulation (EU) 2024/1689
In force
1 August 2024 (phased)
Official text
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689

[ WHO IT COVERS ]

Who has to comply with EU AI Act.

  • Providers placing AI systems on the EU market or putting them into service
  • Deployers of AI systems located in the EU
  • Providers and deployers outside the EU where the output of the AI system is used in the EU
  • Providers of general-purpose AI models with systemic risk
  • Importers and distributors of AI systems in the EU market

[ KEY REQUIREMENTS ]

What EU AI Act requires.

  1. 01Prohibition on specified AI practices (social scoring, manipulative systems, real-time biometric ID in public spaces with narrow exceptions, emotion recognition at work/school, untargeted facial-recognition scraping)
  2. 02Conformity assessment, CE marking and post-market monitoring for high-risk AI systems listed in Annex III
  3. 03Technical documentation, record-keeping and log-retention for high-risk AI
  4. 04Human-oversight, accuracy, robustness, cybersecurity and data-governance requirements
  5. 05Transparency obligations for certain AI systems — chatbots, deepfakes, emotion-recognition, biometric categorisation
  6. 06GPAI model obligations including technical documentation, training-data summaries and — for systemic-risk models — additional evaluation and risk management

[ TRY IT ]

See every EU AI Act obligation in your workspace.

14-day trial across up to 8 jurisdictions. EU AI Act Level 2 standards, guidance, and enforcement — all tracked.

Start your trialTalk to us

[ WHAT XHS™ MONITORS ]

EU AI Act surface area, in one workspace.

  • European Commission delegated and implementing acts under the AI Act
  • EU AI Office guidance and codes of practice for GPAI providers
  • European Artificial Intelligence Board (EAIB) decisions and opinions
  • National market-surveillance authority guidance and enforcement
  • Cross-references with the GDPR, the Product Liability Directive, NIS2, DORA
  • International interoperability work with NIST AI RMF, ISO/IEC 42001 and the Council of Europe Framework Convention

[ TIMELINE ]

EU AI Act milestones.

  • 13 June 2024 — AI Act adopted
  • 1 August 2024 — Entry into force
  • 2 February 2025 — Prohibitions and AI-literacy obligations applicable
  • 2 August 2025 — GPAI, governance and notified-body provisions applicable
  • 2 August 2026 — Majority of high-risk AI system obligations applicable
  • 2 August 2027 — High-risk obligations for AI embedded in regulated products applicable

[ QUESTIONS ]

EU AI Act, answered.

How does XHS™ Copilot help with EU AI Act compliance?

XHS™ Copilot tracks every Commission delegated and implementing act, AI Office code of practice, EAIB output and national market-surveillance guidance under the AI Act. Lens™ AI maps each update to your AI system's risk classification (prohibited, high-risk, limited-risk, minimal-risk, or GPAI).

When does the EU AI Act apply?

The AI Act entered into force on 1 August 2024 and applies in phases: prohibitions and AI literacy from 2 February 2025; GPAI, governance and notified bodies from 2 August 2025; most high-risk obligations from 2 August 2026; embedded-product high-risk obligations from 2 August 2027.

What AI practices does the AI Act ban?

The AI Act prohibits AI systems used for social scoring by public authorities, manipulative or exploitative techniques, real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions), untargeted facial-recognition database scraping, emotion recognition in the workplace and in education, and biometric categorisation by sensitive attributes.

Does the AI Act apply to ChatGPT and other LLMs?

Yes. Foundation models and large language models fall under the general-purpose AI (GPAI) provisions. They face transparency, documentation and training-data summary requirements. Models with systemic risk — measured by compute and impact thresholds — face additional evaluation, risk-management and incident-reporting obligations.

Does the AI Act apply outside the EU?

Yes, extraterritorially. It applies to providers placing AI on the EU market from anywhere, and to providers and deployers outside the EU whose AI system output is used in the EU — similar in mechanism to the GDPR's territorial scope.

[ RELATED FRAMEWORKS ]

See every EU AI Act change in your workspace.

14-day free trial. Up to 8 jurisdictions. Cancel any time. No credit card.

Book a demoStart your trial