Hael
Sign inRequest a demo
EU AI Act · Introduction

What is the EU AI Act?

Updated 30 June 2026 · 6 min read
Key takeaway
The EU AI Act is the world's first comprehensive law governing artificial intelligence. It is a regulation of the European Union, formally Regulation (EU) 2024/1689, that sets rules for how AI systems can be developed, sold, and used across the EU market. It takes a risk-based approach: the higher the risk an AI system poses to people's safety and rights, the stricter the obligations that apply to it.
  • The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI law, using a risk-based approach.
  • It sorts AI into four tiers: unacceptable (banned), high, limited, and minimal risk.
  • It applies to providers, deployers, importers and distributors, and reaches any company placing AI on the EU market, wherever based.
  • Rules phase in over time; some are already enforceable, with high-risk obligations the biggest milestone.
  • Current as of June 2026. This is general information, not legal advice.

Why the EU AI Act exists

The EU created the Act to make AI trustworthy. The goal is to let organisations adopt AI with confidence while protecting people from uses that could harm them, discriminate against them, or operate without proper oversight. Rather than banning AI or leaving it unregulated, the Act sorts AI systems by how much risk they carry and matches the rules to that risk.

The Act entered into force on 1 August 2024, but its rules do not all apply at once. They phase in over several years, with different obligations switching on at different dates.

The four risk tiers

The Act classifies AI systems into four categories:

  • Unacceptable risk: A small set of uses are banned outright, such as social scoring by public authorities and certain manipulative or exploitative systems. These prohibitions have applied since 2 February 2025.
  • High risk: Systems used in sensitive areas such as hiring, credit scoring, biometric identification, education, and critical infrastructure. These face the heaviest obligations: risk management, data governance, technical documentation, human oversight, logging, and conformity assessment.
  • Limited risk: Systems with transparency duties, such as chatbots and generative AI, which must make clear that a person is interacting with AI or that content is AI-generated.
  • Minimal risk: Everything else, such as spam filters or AI in video games, which carries no specific obligations under the Act.

Who the Act applies to

The Act applies to providers (those who develop and place AI systems on the market), deployers (those who use them), and importers and distributors. Crucially, it has extraterritorial reach: it applies to any organisation placing an AI system on the EU market or putting it into service in the EU, regardless of where that organisation is based. A US or UK company selling AI into Europe is in scope.

General-purpose AI (GPAI)

The Act has a separate set of rules for general-purpose AI models, the foundation models that power many AI products. GPAI providers must produce technical documentation, publish a summary of training content, and comply with EU copyright rules. These obligations have applied since 2 August 2025. Models judged to pose systemic risk face additional requirements.

When the rules apply

The timeline is phased. Prohibited practices and AI literacy duties have applied since February 2025, and GPAI obligations since August 2025. The obligations for high-risk systems are the most consequential for most organisations, and their timing was revised in 2026 (see our timeline guide for the current dates). The practical message is that some parts of the Act are already enforceable today, so it is not a future-only concern.

What it means for you

If you build or use AI, the first step is to work out which of your systems fall into which tier, because that determines your obligations. Vendors selling AI into the EU increasingly find that enterprise buyers ask about EU AI Act readiness during procurement, so being ready is becoming a way to win deals, not just a legal duty. Enterprises deploying AI need to know which of their systems are high-risk and govern them accordingly.

Key terms

EU AI Act
Regulation (EU) 2024/1689, the world's first comprehensive law governing AI.
Risk-based regulation
An approach that scales obligations to the level of risk a system poses to safety and rights.
High-risk AI
AI used in sensitive contexts such as hiring, credit, biometrics, education, and critical infrastructure.
GPAI
General-purpose AI: foundation models with broad capabilities, governed under a dedicated regime.
AI governance
The processes, controls, and records by which an organisation manages its AI responsibly.

References

Related guides

Keep reading on EU AI Act.

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN