AI News

AI Regulation Crossroads: How the EU’s AI Act Will Reshape Global Tech Development

Regs
Regs

The
EU AI Act entered into full effect in stages beginning in August 2024, making
it the first comprehensive legal framework for artificial intelligence in any
major jurisdiction and the most ambitious attempt yet to bring AI development
and deployment under democratic governance. Its provisions apply not only to
European companies but to any organisation deploying AI systems that affect
people within the EU, giving it a potential reach comparable to the GDPR’s
global impact on data protection practices. Understanding the AI Act’s
requirements, their implications for different categories of AI application,
and the ways in which the regulation is already reshaping how technology
companies develop and deploy AI systems is essential context for anyone
seeking to understand where AI governance is heading
globally.

The AI Act is structured around a risk-based classification system
that assigns AI applications to one of four risk categories, each attracting
different regulatory requirements. Unacceptable risk applications, including
real-time remote biometric identification in public spaces by law
enforcement, social scoring systems operated by public authorities, and AI
systems that exploit psychological vulnerabilities to manipulate behaviour,
are banned entirely. High-risk applications, including AI in critical
infrastructure, education, employment, essential services, law enforcement,
border management, and the administration of justice, face the most extensive
requirements: conformity assessments, transparency obligations, human
oversight requirements, accuracy and robustness standards, and mandatory
post-market monitoring. Limited risk applications, including AI that
interacts with users through chatbot or voice interfaces, require disclosure
of AI involvement. Minimal risk applications face no mandatory requirements
under the Act.

High-Risk Requirements in Practice

The practical implications of high-risk classification are
significant for technology companies and the organisations deploying AI in
covered contexts. A company selling an AI recruitment screening tool to
employers operating in the EU must conduct a conformity assessment demonstrating
that the system meets accuracy requirements across demographic groups,
maintains human oversight of individual hiring decisions, logs its outputs
for post-market monitoring, and provides documentation adequate for
regulatory inspection. These requirements represent substantial compliance
costs that are manageable for large organisations but challenging for smaller
companies that have been building AI products without this compliance
infrastructure.

NHS trusts, local councils, police forces, courts, schools, and
financial services providers operating in the UK that use AI systems
affecting EU residents, or UK organisations that export AI products to the EU
market, face compliance obligations under the AI Act that are driving
significant investment in AI governance infrastructure. The compliance market
for AI Act support, including legal advice, conformity assessment services,
and technical documentation, has grown rapidly since the Act’s passage, with
professional services firms and specialist compliance companies building
practices specifically around AI Act readiness. The European
Commission’s AI Act resource centre
provides the most authoritative
guidance on compliance requirements for different application
categories.

General Purpose AI Provisions

A significant addition to the AI Act during the legislative
process was the inclusion of provisions specifically governing
general-purpose AI models, including large language models with capabilities
above defined thresholds. These provisions reflect the recognition that
frontier AI models are not specific-purpose tools but infrastructure on which
a wide range of applications are built, and that governing only the end
applications without governing the foundation models those applications rely
on creates a significant gap in the regulatory framework.

General-purpose AI models with systemic risk, defined as models
trained on compute above 10^25 FLOPs, face the most demanding requirements:
adversarial testing, incident reporting to the European AI Office,
cybersecurity measures, and energy efficiency disclosure. These requirements
apply directly to the frontier model developers including OpenAI, Google,
Anthropic, and Meta, requiring engagement with European regulators at the
model level rather than only through the downstream applications built on
their models. The practical implementation of these requirements is being
worked out through delegated acts and guidance from the European AI Office,
which was established specifically to oversee general-purpose AI governance
under the Act.

Global Regulatory Spillover

The AI Act is already producing regulatory spillover effects
beyond the EU’s borders through the Brussels Effect, the mechanism by which
stringent EU regulation shapes global practice because companies find it more
efficient to apply EU standards globally than to maintain separate compliance
regimes for different markets. The GDPR’s global impact on data protection practices
provides the clearest precedent. Several major technology companies have
announced that they will apply AI Act high-risk requirements to their AI
deployments globally rather than only in the EU, both to simplify compliance
and to benefit from the reputational signal that meeting the most stringent
available standard provides.

The UK government’s position on AI regulation, which has
emphasised a principles-based, sector-specific approach rather than EU-style
horizontal legislation, creates a regulatory divergence from the EU that may
complicate UK companies’ ability to operate seamlessly in the EU market and
may reduce UK influence over the global regulatory standards that the AI Act
is shaping. The UK
AI Safety Institute
has maintained strong collaborative
relationships with EU counterparts, but the absence of equivalent domestic
legislation is an increasingly visible gap in the UK’s AI governance
framework as the AI Act’s requirements become operational.

What This Means for You

If you live in the EU or use products and services from companies
with EU market presence, the AI Act is already affecting how AI systems that
interact with you are designed, tested, and documented. The transparency
requirements for chatbot interfaces, the human oversight requirements for
high-risk decisions, and the prohibitions on certain AI applications are
shaping your AI experience whether or not you are aware of the regulation.
For UK users and businesses, the AI Act’s indirect effects through market
exposure and supply chain requirements are also significant, even though the
UK has not adopted equivalent domestic legislation. For related analysis, see
our coverage of the
AI Act implementation
and AI
regulatory gaps in the UK
.

The enforcement architecture of the AI Act is one of its most
consequential and most frequently underestimated features. The European AI
Office holds direct enforcement authority over general-purpose AI models and
coordinates national AI authority enforcement on other provisions. Fines of
up to 35 million euros or seven percent of global annual turnover for
violations of prohibited applications, and up to 15 million euros or three
percent for other violations, represent consequences that are significant
even for the largest technology companies. Previous EU technology regulation
including GDPR was criticised for inconsistent enforcement; the AI Act
attempts to address these weaknesses through centralised oversight of the
highest-risk AI categories. Whether enforcement provisions are applied with
the rigour needed to make requirements effective will be the central question
in the years following entry into force. The European
Commission AI Act resource centre
provides authoritative guidance
on enforcement powers and procedures for organisations seeking to understand
their compliance obligations.

 The timeline of AI Act obligations
is also important context for organisations planning their compliance
programmes. The prohibited applications ban took effect in February 2025.
General-purpose AI model obligations became applicable in August 2025.
High-risk AI system obligations apply from August 2026 for most categories.
This phased timeline gives organisations planning time but also means that
full AI Act compliance across all relevant AI systems is a multi-year
programme rather than a single compliance project. Organisations that begin
their AI governance improvement programmes now, building inventories of AI
systems, conducting risk classifications, and developing compliance
infrastructure, will be better positioned to meet requirements as they come
into effect than those that wait until deadlines approach.

About the Author

Stuart Kerr is a technology correspondent at LiveAIWire, covering
artificial intelligence, digital innovation, and the social impact of
emerging technologies. Follow LiveAIWire for daily analysis at liveaiwire.com.