Skip to main content

    We value your privacy

    We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. By clicking "Accept All", you consent to our use of cookies. Read our Cookie Policy to learn more.

    Skip to main content
    Back to Glossary
    framework
    2 min read

    EU AI Act

    The EU AI Act is the first comprehensive AI regulation, establishing risk-based requirements for AI systems sold or used in the European Union.

    The EU AI Act creates a regulatory framework for artificial intelligence, classifying AI systems by risk level with corresponding requirements.

    Risk categories: - Unacceptable Risk (Banned): Social scoring, real-time biometric ID in public - High Risk: Critical infrastructure AI, employment, education, law enforcement - Limited Risk: Chatbots, emotion recognition (transparency required) - Minimal Risk: Most AI applications (no restrictions)

    High-risk AI requirements: - Risk management system - Data governance and quality - Technical documentation - Record-keeping and logging - Transparency to users - Human oversight - Accuracy, robustness, cybersecurity

    Timeline: - Prohibited AI: 6 months after entry into force - High-risk: 24-36 months - Full application: By 2027

    Why It Matters

    The EU AI Act is the world's first comprehensive AI regulation, with fines up to €35 million or 7% of global revenue. It applies to any company whose AI systems are used in or affect people in the EU—regardless of where the company is headquartered. Organizations deploying high-risk AI must implement risk management systems, technical documentation, and human oversight requirements that are already being enforced for prohibited AI categories.

    Key Points

    Risk-based classification approach
    High-risk AI has extensive requirements
    Applies to AI used or sold in EU
    Fines up to €35M or 7% global revenue
    Phased implementation through 2027

    Applicable Compliance Frameworks

    GDPRISO 27001

    Related Terms

    AI Governance

    AI governance is the framework of policies, processes, and controls that ensure AI systems are developed and used responsibly, ethically, and in compliance with regulations.

    ISO 42001

    ISO/IEC 42001 is the international standard for AI management systems, providing a framework for organizations to responsibly develop and deploy artificial intelligence.

    Algorithmic Accountability

    Algorithmic accountability ensures that organizations can explain, justify, and take responsibility for the outcomes of automated decision-making systems.

    Frequently Asked Questions

    Does the EU AI Act apply to US companies?

    Yes, if your AI systems are used in the EU or if you provide AI to EU customers.

    What AI is banned under the Act?

    Social scoring, manipulative AI, real-time biometric ID in public spaces (with exceptions), emotion recognition in workplaces/schools.

    Related Services & Resources

    Service

    Vanta Implementation

    Expert Vanta deployment with 80+ integrations configured in 4-6 weeks

    Learn more
    Service

    Drata Implementation

    Full Drata setup with automated evidence collection and control mapping

    Learn more
    Standard

    SOC 2 Compliance

    Trust services criteria for security, availability, and confidentiality

    Learn more
    Standard

    HIPAA Compliance

    Healthcare data protection requirements for PHI security

    Learn more
    Resource

    SOC 2 Complete Guide

    Everything you need to know about achieving SOC 2 compliance

    Learn more
    Resource

    HIPAA Checklist

    Comprehensive checklist for HIPAA compliance requirements

    Learn more

    Need Help with EU AI Act?

    Our experts can help you understand and implement the right controls for your organization.

    Talk to an ExpertBrowse All Terms