Definition
The EU AI Act is a 2024 European Union law that sorts AI systems into risk tiers and imposes obligations on each tier in proportion to its risk.
At a glance
- The world’s first comprehensive AI law, sorting systems into four risk tiers: unacceptable, high, limited, and minimal[1][2].
- Obligations scale with risk: banned outright at the top, heavy compliance for high-risk, transparency-only for limited, nothing for minimal[2].
- It reaches any company whose AI affects people in the EU, wherever the company is based[1].
- Top fines hit 7% of global annual turnover.
How it works
Every AI system lands in one of four tiers, and the tier decides the rules[2]. Unacceptable uses (social scoring, manipulation, workplace emotion recognition) are banned[3]. High-risk uses (CV screening, credit scoring, biometrics) carry the full load: risk management, documentation, human oversight, and a conformity check before launch[2]. Limited-risk tools like chatbots need only disclose that users are dealing with AI. A separate track covers general-purpose foundation models[1].
When it applies to you
Rollout is phased: bans took effect Feb 2025, high-risk rules land by 2026-2027[1]. Recruitment tools, credit decisions, customer chatbots, and AI in regulated products are the first places to check your tier.
EU vs US approach
The US has no single law. It relies on Executive Order 14110 and the voluntary NIST framework, with enforcement spread across existing agencies[5]. Brookings calls this broad but largely non-binding[4]. The same HR tool that draws only voluntary guidance in the US faces a binding EU conformity check.
Bottom line
Any AI touching EU residents now sits in a defined tier, and the tier dictates the paperwork, making the Act a de facto global compliance baseline.