EU’s Landmark Law to Regulate AI Clears Final Hurdle

The European Union’s AI Act received final approval from member countries on Tuesday, establishing a groundbreaking benchmark for AI laws in Europe and across the globe. The Act, which comes into effect next month, follows the political agreement reached between member states in December 2023.

“This landmark law, the first of its kind in the world, addresses a global technological challenge that also creates opportunities for our societies and economies,” Belgian digitization minister Mathieu Michel said in a statement.

According to the European Commission, the legislation was developed using a “risk-based approach” where AI products are categorized based on their level of potential risk to society.

Under the new law, AI systems are divided into three risk categories — unacceptable, high, and low or general-purpose AI models.

AI systems (unacceptable risk) that can be used for social scoring and cognitive behavioral manipulation have been outrightly banned under the new law, as they can be a threat to people’s fundamental rights, safety, health, and the rule of law itself.

High-risk AI systems (models used in critical sectors and by law enforcement agencies for identification and other purposes) will face stricter transparency regulations, including human oversight.

General purpose AI (GPAI) models, like chatbots, will have lighter transparency requirements.

Although the law will officially take effect in 2026, bans on AI systems posing unacceptable risks will be enforced six months after the regulation comes into force. Regulations for general-purpose AI systems will apply after 12 months, while rules for high-risk AI systems will be implemented after 36 months.

The Act has also established a structure to penalize AI product companies for non-compliance. In addition, a new governance architecture will be implemented to oversee the AI Act and enforce it.

“Companies outside the EU who use EU customer data in their AI platforms will need to comply,” lawyer Patrick van Eecke told Reuters after the Act was passed. “Other countries and regions are likely to use the AI Act as a blueprint, just as they did with the GDPR.”