Risk-Based Approach

Unacceptable Risk – Prohibited Applications

• Social scoring of individuals by governments
• Real-time biometric surveillance in publicly accessible spaces
• Emotion recognition in workplaces and educational institutions
• AI manipulation exploiting vulnerabilities of specific groups

High-Risk Applications – Strict Requirements

• Employment decisions including hiring and promotion
• Essential private and public services like credit scoring and benefits
• Law enforcement applications including predictive policing
• Critical infrastructure management and other safety-critical systems

Core Requirements for High-Risk AI

• Risk assessment and mitigation throughout development lifecycle
• High-quality training data to minimize bias and errors
• Technical documentation for regulatory review and audit
• Logging capabilities for traceability and oversight
• Human oversight with appropriate intervention mechanisms
• Robustness, accuracy, and cybersecurity standards

Foundation Model Regulation

• Special provisions for general-purpose AI models
• Evaluation and risk mitigation requirements for model providers
• Transparency obligations regarding training data and capabilities
• Documentation of known limitations and potential misuses

Implementation Timeline

• August 2024: Initial provision entry into force
• August 2025: General-purpose AI model provisions apply
• 2026 and beyond: Full implementation and enforcement

"The EU AI Act establishes a global benchmark for AI regulation, creating a framework where autonomous agents can be deployed confidently while remaining transparent, traceable, and under appropriate human control in sensitive applications."