EU AI Act

Jurisdiction:

European Union

phased enforcement

Effective:

Aug 1, 2024

Full enforcement:

Aug 1, 2027

Authority:

European Commission

Official text Verified Mar 25, 2026

Obligations Covered

AI Literacy & Training Human Oversight Transparency & Disclosure Risk Assessment Conformity Assessment Record-Keeping & Documentation

AI Literacy (Article 4) #

Obligation:

Ai Literacy

enforcing

Effective:

Feb 2, 2025

Risk tier:

all

Scope:

providers, deployers

Requirements

Requirement	Details
Staff AI literacy	Providers AND deployers must ensure sufficient AI literacy
Context-specific	Tailored to role, industry, use case
No method prescribed	Compliance method is flexible

Penalties

Violation	Fine
Non-compliance	Up to EUR 15M or 3% global turnover (aggravating factor)

Human Oversight (Article 14) #

Obligation:

Human Oversight

enacted

Effective:

Aug 2, 2026

Risk tier:

high-risk

Scope:

providers, deployers

Requirements

Requirement	Details
Effective oversight	High-risk AI must enable oversight by natural persons
Understand capabilities	Overseers must understand system capabilities and limitations
Interpret output	Must be able to correctly interpret output
Override/reverse	Must be able to override or reverse AI output
Address automation bias	Must address risk of automation bias
Competent personnel	Deployers must assign persons with necessary competence, training, authority

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Transparency Requirements #

Obligation:

Transparency

phased enforcement

Effective:

Aug 2, 2025

Risk tier:

all

Scope:

providers, deployers

Requirements

Requirement	Details
Usage disclosure	Deployers must inform users they're interacting with AI
Deepfake labeling	Providers must mark AI-generated content
Technical docs	Providers must document system capabilities and limits

Penalties

Violation	Fine
Prohibited practices	Up to EUR 35M or 7% global turnover
High-risk non-compliance	Up to EUR 15M or 3% global turnover
Incorrect information	Up to EUR 7.5M or 1% global turnover

Risk Management (Article 9) #

Obligation:

Risk Assessment

enacted

Effective:

Aug 2, 2026

Risk tier:

high-risk

Scope:

providers

Requirements

Requirement	Details
Risk management system	Establish and maintain throughout AI lifecycle
Identify risks	Identify and analyze known and foreseeable risks
Testing	Test against risk management measures
Residual risk	Ensure residual risks are acceptable

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Conformity Assessment #

Obligation:

Conformity Assessment

enacted

Effective:

Aug 2, 2026

Risk tier:

high-risk

Scope:

providers

Requirements

Requirement	Details
Conformity assessment	Must undergo before placing on market
CE marking	Required for high-risk AI
Quality management	Must establish quality management system
Documentation	Maintain technical documentation

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Record-Keeping & Automatic Logging (Article 12) #

Obligation:

Record Keeping

enacted

Effective:

Aug 2, 2026

Risk tier:

high-risk

Scope:

providers, deployers

high-impactupcoming

Requirements

Requirement	Details
Automatic logging	High-risk AI systems must log events automatically throughout lifecycle
Traceability	Logs must enable risk identification and post-market monitoring
Deployer monitoring	Logs must support operational monitoring by deployers (Article 26(5))
Immutable storage	Logs must be stored tamper-evident and immutable
Biometric ID specifics	Remote biometric systems must log period of use, reference database, input data, and verifying personnel

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover