News

Understanding the EU AI Act: What Businesses Need to Know

Cansin Cengiz

05 Aug 2025 — 3 min read

What Is the EU AI Act?

The European Union (EU) has introduced the Artificial Intelligence Act, widely known as the EU AI Act. This landmark legislation is the world’s first comprehensive law designed to regulate artificial intelligence (AI) across the EU’s 27 member countries, affecting a population of over 450 million. However, its impact stretches far beyond European borders, influencing both local and international companies that develop, sell, or deploy AI systems within the EU.

Why Was the EU AI Act Created?

Consistency in regulation is a hallmark of EU policy. The aim of the EU AI Act is to establish a uniform legal framework for AI across the bloc, ensuring the free movement of AI-powered products and services without conflicting local rules. By introducing timely regulation, the EU hopes to foster trust, support innovation, and create a level playing field for both established businesses and emerging startups.

Key Objectives of the EU AI Act

According to EU lawmakers, the main goals are to:

Promote the adoption of human-centric and trustworthy AI
Ensure a high level of protection for health, safety, fundamental rights, democracy, rule of law, and environmental sustainability
Prevent the harmful effects of AI while supporting responsible innovation

This framework highlights the EU’s commitment to balancing rapid AI adoption with the need to protect citizens and uphold ethical standards.

How Does the EU AI Act Regulate AI?

The EU AI Act employs a risk-based approach to regulation. Here’s how it works:

Unacceptable Risk: Certain AI applications, such as untargeted facial recognition from internet or CCTV footage, are outright banned.
High Risk: AI systems used in critical areas like recruitment or banking face strict regulation and oversight.
Limited Risk: Other AI uses are subject to lighter requirements, mainly transparency obligations.

Implementation Timeline and Key Dates

The EU AI Act began its rollout on August 1, 2024, but its provisions take effect in stages. The initial enforcement on February 2, 2025, targeted bans on a handful of prohibited AI uses. Most requirements, especially for existing businesses, will apply by mid-2026.

From August 2, 2025, the Act also covers general-purpose AI models with systemic risk (GPAI), such as those capable of aiding in chemical or biological weapon development. Both European and non-European AI providers—including major players like Google, Meta, OpenAI, and Anthropic—must comply. Existing providers have until August 2, 2027, to fully align with the law.

Enforcement and Penalties

The EU AI Act includes strict penalties to ensure compliance. Fines can reach up to €35 million or 7% of a company’s global annual turnover for the most serious violations. Providers of GPAI models face penalties up to €15 million or 3% of annual turnover, depending on the level of risk and non-compliance.

Industry Reaction: Compliance and Concerns

Major technology companies have responded in varied ways. Some, like Google, agreed to sign the voluntary GPAI code of practice, while others, such as Meta, declined, citing concerns about legal uncertainty and potential overreach. European AI leaders have also voiced apprehensions, with calls for delays to allow more time for adaptation.

Despite these concerns, the EU has stood firm on its deadlines and intends to maintain its implementation schedule.

What Does This Mean for Businesses?

Any company—European or not—that offers AI systems or services in the EU needs to understand which category their AI solutions fall into and prepare for compliance. The risk-based approach means obligations differ depending on intended use and potential societal impact. Early preparation will be crucial for businesses to continue operating seamlessly in the European market.