UPDATE – MAY 2025: This blog was published prior to the EU AI Act’s formal adoption in March 2024. The law is now in force, with compliance obligations phasing in through 2026. The Act applies to AI systems developed, deployed, or used in the EU—as well as those outside the EU that impact the EU market. BABL AI now offers independent Conformity Assessments and governance audits to help businesses comply with the EU AI Act. BABL AI also offers a course for risk and compliance experts looking to expand their knowledge on the EU AI Act.
ORIGINAL BLOG:
Understanding the EU AI Act: Who Must Comply and Why It Matters
The European Union is once again leading the way in digital regulation with its latest piece of legislation, the Harmonised Rules on Artificial Intelligence, or the EU AI Act. The EU has been on the cutting edge when it comes to digital rights and digital regulations, whether it’s the General Data Protection Regulation (GDPR), passed back in April 2016 which deals with information privacy and human rights, or the Digital Services Act, passed in July 2022 which helps moderate online information and social media content. Now, the EU is working on standards for managing AI systems. The governing body is looking to minimize potential risks and potential harm while ensuring the safety and rights of all humans.
Why the EU Is Regulating AI
There have been several incidents of legal, ethical and biased uses of AI. Companies, journalism outlets, academia, nonprofits and governmental bodies have found bias in AI over the years across the globe. There are several examples over the years, including in 2018 when Microsoft acknowledged that use of AI in its offerings may result in reputational harm or liability. In 2019, Denmark found that its tax fraud detection AI was incorrectly flagging low income and immigrant groups more than native Danes. Even AI-powered tools that were used during the COVID-19 pandemic to help save lives instead raised red flags about privacy and accuracy concerns. AI’s use has only accelerated since these issues and the problems have only increased across the landscape.
How the EU AI Act Took Shape
The EU AI Act was first proposed in April 2021. After several rounds of amendments, a revised version was adopted by the European Council in December 2022, with further refinements through June 2023. The final version passed in March 2024.
The law is now in force, with most compliance obligations set to phase in by 2026. That gives businesses and developers time—but not much—to get ready.
Who Must Comply with the EU AI Act?
One of the most important features of the EU AI Act is its extraterritorial scope. That means it doesn’t just apply to EU-based companies. Here’s who must comply:
-
AI systems developed or deployed in the EU
-
Companies outside the EU whose AI systems are used in the EU market
-
Providers and users based outside the EU if their AI outputs affect individuals, services, or markets in the EU
In short: if your AI touches the EU in any way, you’re likely subject to the Act.
What AI Systems Are Exempt?
The law includes some important exemptions:
-
Research-stage AI systems (as long as they aren’t tested in real-life situations and respect basic rights)
-
Military-only AI applications
-
AI systems used by non-EU public authorities under international agreements
-
Open-source AI components, unless they are general-purpose models (e.g., ChatGPT, DALL·E)
Example: If a pharmaceutical company uses AI in a closed research lab to analyze drug compounds, that system may be exempt until it is deployed or commercialized.
Why Businesses Must Prepare Now
Even if your AI system is still in development, it’s critical to understand where you fall under the Act’s risk classification. High-risk systems—such as those used in employment, education, finance, or healthcare—will require extensive documentation, testing, and Conformity Assessments.
BABL AI Can Help You Comply
BABL AI supports companies globally in preparing for EU AI Act Conformity Assessments, risk classification, and documentation. Contact us to connect with a certified audit expert.