The EU AI Act is the world’s first comprehensive law governing artificial intelligence, and it affects far more organizations than just those based in Europe. If you build, sell, or deploy AI systems used in the EU market, the EU AI Act applies to you. This practical overview explains how it works and what to do about it. The full legal text is maintained at the official EU AI Act resource.
How the EU AI Act Classifies Risk
The EU AI Act takes a risk-based approach. Instead of regulating every system the same way, it sorts AI into tiers and applies obligations proportionate to the potential for harm:
- Unacceptable risk: practices such as social scoring and manipulative systems are banned outright
- High risk: AI used in areas like hiring, credit, education, and critical infrastructure faces strict obligations around data quality, documentation, human oversight, and transparency
- Limited risk: systems such as chatbots must meet transparency requirements so people know they are interacting with AI
- Minimal risk: the majority of AI applications face no new obligations
Who the EU AI Act Affects
The EU AI Act applies extraterritorially. Providers and deployers outside the EU are still covered when their AI systems are placed on the EU market or their output is used within the EU. For multinational enterprises, that means EU AI Act compliance is rarely optional, even from a US or UK base.
Timeline and Phased Application
The EU AI Act entered into force in 2024 and applies in phases. Prohibitions on unacceptable-risk practices came first, obligations for general-purpose AI models followed, and the most demanding high-risk requirements phase in over the following years. The staggered timeline gives organizations runway, but the work to prepare is substantial.
What to Do Now
Treat the EU AI Act as a governance project, not a legal afterthought. Inventory the AI systems you build or use, classify each against the risk tiers, and close the documentation, oversight, and data-quality gaps before deadlines arrive. A structured readiness assessment on the Elevates.AI Launchpad is a practical place to start mapping your exposure.
Frequently Asked Questions
Does the EU AI Act apply to companies outside Europe?
Yes. The EU AI Act applies to any provider or deployer whose AI systems are placed on the EU market or whose output is used in the EU, regardless of where the company is headquartered.
What are the risk categories in the EU AI Act?
The EU AI Act defines four tiers: unacceptable risk (banned), high risk (strict obligations), limited risk (transparency requirements), and minimal risk (no new obligations).
When does the EU AI Act take effect?
The EU AI Act entered into force in 2024 and applies in phases, with prohibitions first, general-purpose AI obligations next, and high-risk requirements phasing in over the following years.


