The EU AI Act is the world's first comprehensive law on artificial intelligence. It concerns not only those who build AI, but also companies that use it. For most businesses it's worth understanding the main points – even if the impact is smaller than the headlines suggest.
A risk-based regulation
The law divides AI use into levels by risk. Some applications are banned, one category is classed as high risk with strict requirements, some fall under lighter transparency rules, and the great majority sit under minimal risk with few or no special rules.
The logic is simple: the greater the potential impact on people, the stricter the requirements.
What it means for ordinary use
For most companies using AI for productivity, analysis or go-to-market, the requirements are modest. They mainly concern transparency – being clear about when content is AI-generated and when someone is interacting with an AI system.
It's use in areas such as recruitment, credit assessment and the like that may be classed as high risk and therefore carry heavier requirements for documentation and control.
The timeline and how to prepare
The rules take effect in stages: banned applications first, then rules for general-purpose models, and the requirements for high-risk systems later, through 2026 and 2027.
A sensible first step is to take stock of where you actually use AI, assess the risk level for each case, and document it. Most of it is easy to handle if you start in time.
This is an overview, not legal advice – but it gives a picture of what you should keep track of. We're happy to help map your use.