EU AI Act

Jurisdiction:

European Union

phased enforcement

Effective:

Aug 1, 2024

Full enforcement:

Aug 1, 2027

Authority:

European Commission

Official text Verified May 15, 2026

Amendments:

Obligations Covered

AI Literacy & Training Human Oversight Transparency & Disclosure Risk Assessment Conformity Assessment Record-Keeping & Documentation

AI Literacy (Article 4) #

Obligation:

Ai Literacy

enforcing

Effective:

Feb 2, 2025

Risk tier:

all

Scope:

providers, deployers

Requirements

Requirement	Details
Staff AI literacy	Providers AND deployers must ensure sufficient AI literacy for staff dealing with operation and use of AI systems
Context-specific	Training must account for technical knowledge, experience, education, usage context, and affected persons/groups
No method prescribed	Compliance method is flexible; Commission Q&A confirms no strict measurement obligation
AI Office guidance	Commission AI Office published Q&A and repository of AI literacy practices (non-exhaustive, aligned with Article 4)

Penalties

Violation	Fine
Non-compliance	Up to EUR 15M or 3% global turnover (aggravating factor)

Human Oversight (Article 14) #

Obligation:

Human Oversight

enacted

Effective:

Dec 2, 2027

Risk tier:

high-risk

Scope:

providers, deployers

Requirements

Requirement	Details
Effective oversight	High-risk AI must enable oversight by natural persons (Article 14(1))
Understand capabilities	Overseers must understand system capabilities, limitations, and purposes (Article 14(4)(a))
Monitor for anomalies	Must monitor operation and detect unexpected performance, anomalies, and dysfunctions (Article 14(4)(a))
Interpret output	Must be able to correctly interpret output using available tools (Article 14(4)(b))
Override/reverse	Must be able to decide not to use, disregard, override, or reverse AI output (Article 14(4)(c))
Intervene or halt	Must be able to intervene or interrupt system operation via stop button or equivalent halt procedure (Article 14(4)(d))
Address automation bias	Must address risk of automation bias in oversight procedures (Article 14(3))
Competent personnel	Deployers must assign persons with necessary competence, training, and authority (Article 26(2))

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Transparency Requirements #

Obligation:

Transparency

phased enforcement

Effective:

Aug 2, 2025

Risk tier:

all

Scope:

providers, deployers

Requirements

Requirement	Details
Usage disclosure	Deployers must inform users they're interacting with AI
Deepfake labeling	Providers must mark AI-generated content
Technical docs	Providers must document system capabilities and limits

Penalties

Violation	Fine
Prohibited practices	Up to EUR 35M or 7% global turnover
High-risk non-compliance	Up to EUR 15M or 3% global turnover
Incorrect information	Up to EUR 7.5M or 1% global turnover

Risk Management (Article 9) #

Obligation:

Risk Assessment

enacted

Effective:

Dec 2, 2027

Risk tier:

high-risk

Scope:

providers

Requirements

Requirement	Details
Risk management system	Establish and maintain throughout AI lifecycle (Article 9(1))
Identify and analyze	Identify known and reasonably foreseeable risks to health, safety, and fundamental rights during intended use and foreseeable misuse (Article 9(2)(a))
Estimate and evaluate	Estimate and evaluate risks that may emerge under intended use and misuse conditions (Article 9(2)(b))
Post-market evaluation	Evaluate risks based on data from post-market monitoring (Article 9(2)(c))
Risk mitigation	Take appropriate and targeted mitigation measures addressing identified risks (Article 9(2)(d))
Design-based reduction	Eliminate or reduce risks through adequate design and development where technically feasible (Article 9(4)(a))
Residual risk	Ensure residual risks are judged acceptable (Article 9(4)(b))
Testing	Test to ensure consistent performance and compliance; test against risk measures (Article 9(5))
Continuous monitoring	Ongoing performance monitoring throughout the system lifecycle

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Conformity Assessment #

Obligation:

Conformity Assessment

enacted

Effective:

Dec 2, 2027

Risk tier:

high-risk

Scope:

providers

Requirements

Requirement	Details
Conformity assessment	Must undergo before placing on market or putting into service (Article 43)
CE marking	Required for high-risk AI systems once assessment complete (Article 48)
Quality management	Must establish quality management system (Article 17)
Documentation	Maintain technical documentation throughout lifecycle (Article 18)
Annex III phasing	Annex III high-risk systems: 2027-12-02 (deferred from 2026-08-02 by Digital Omnibus, political agreement 2026-05-07, not yet in OJ). Annex I high-risk (safety components covered by other EU product laws, e.g., medical devices): 2028-08-02 (deferred from 2027-08-02)

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover

Record-Keeping & Automatic Logging (Article 12) #

Obligation:

Record Keeping

enacted

Effective:

Dec 2, 2027

Risk tier:

high-risk

Scope:

providers, deployers

high-impactupcoming

Requirements

Requirement	Details
Automatic logging	High-risk AI systems must log events automatically throughout lifecycle
Traceability	Logs must enable risk identification and post-market monitoring
Deployer monitoring	Logs must support operational monitoring by deployers (Article 26(5))
Immutable storage	Logs must be stored tamper-evident and immutable
Biometric ID specifics	Remote biometric systems must log period of use, reference database, input data, and verifying personnel

Penalties

Violation	Fine
High-risk non-compliance	Up to EUR 15M or 3% global turnover