EU AI Act: New Unacceptable Risk Provisions Now in Effect for AI Regulations

The EU AI Act is set to bring significant changes to the artificial intelligence landscape in Europe starting this Sunday, February 2nd. With the introduction of key provisions, including a ban on AI systems deemed to pose an ‘unacceptable risk’, organizations must prepare for compliance to avoid severe penalties.

Key Provisions of the EU AI Act

As of February 2nd, 2025, the following provisions will come into effect:

• Prohibition of Unacceptable Risk AI Systems: The use and marketing of AI systems classified as posing an ‘unacceptable risk’ will be banned within the EU.
• Severe Penalties: Non-compliance could lead to fines up to EUR 35 million or 7% of global annual turnover.
• AI Literacy Requirements: Organizations must ensure their teams are adequately trained in AI technologies.

Prohibited Activities Under the EU AI Act

The EU AI Act outlines several activities that are strictly prohibited, including:

• Use of harmful subliminal and deceptive techniques
• Exploitation of vulnerabilities for harmful purposes
• Unacceptable social scoring systems
• Individual crime risk assessment and prediction (with exceptions)
• Untargeted scraping of online content for facial recognition databases
• Emotion recognition in workplaces and educational settings (with exceptions)
• Biometric categorization to infer sensitive data (with exceptions)
• Real-time remote biometric identification in public spaces for law enforcement (with exceptions)

Global Implications of the EU AI Act

The impact of the EU AI Act extends beyond European borders. Fiona Ghosh, partner at Ashurst, emphasizes that the regulatory framework in Europe will evolve significantly as the AI Act is implemented in stages. This change occurs amidst a backdrop where jurisdictions like the US and UK are moving towards less regulation, potentially leading to a competitive divergence.

Impact on Non-EU Companies

Importantly, the EU AI Act applies to all providers and deployers of AI, irrespective of their location. This means that US-based companies with operations in the EU will need to comply with these regulations, even though the US currently lacks comprehensive federal AI legislation.

As Marcus Evans, partner at Norton Rose Fulbright, explains, “The AI Act has a truly global application. It encompasses organizations using AI in the EU, those providing AI to the EU market, and even companies utilizing AI outputs within the EU.”

Preparing for Compliance

As the February 2nd deadline approaches, it’s crucial for businesses to begin compliance planning. Matt Worsfold, a risk advisory partner at Ashurst, advises organizations to use this deadline as a prompt to develop a compliance strategy. With approximately 18 months until the full Act’s implementation, companies should start cataloging AI systems and identifying relevant use cases.

This preparatory work will likely be time-consuming, as many organizations have been developing AI systems for years without central registers. Extensive collaboration with third parties will also be necessary to ensure compliance.

For more information on the EU AI Act and its implications, visit the European Commission’s official page.