EU AI Act
AI-generated The EU AI Act is no longer a thing of the future. It is the world’s first comprehensive legal framework for artificial intelligence - and it affects companies already today.
The decisive point: This isn’t about future innovations. It’s about current use.
What is the EU AI Act?
The EU AI Act is a European regulation meant to ensure that AI is used safely, transparently and responsibly.
Rather than banning AI, the EU AI Act takes a risk-based approach: AI systems are classified by the risk they pose to people and society.
The higher the risk, the stricter the requirements.
Who does the EU AI Act affect?
The EU AI Act applies to:
- Companies based in the EU
- Companies outside the EU if their AI is used within the EU
- Providers and deployers of AI systems
If your company uses, for example:
- ChatGPT or other generative AI tools
- AI in HR, recruiting or performance evaluation
- AI-supported decision-making processes
- Customer-facing AI applications
→ Then you are affected.
The risk categories - explained simply
1. Unacceptable risk
AI systems that manipulate people or violate fundamental rights. These systems are banned.
2. High risk
AI in sensitive areas such as:
- Personnel decisions
- Creditworthiness
- Education
- Healthcare
- Law enforcement
Strict requirements, such as documentation, risk management and human oversight.
3. Limited risk
AI systems with direct interaction with people (e.g. chatbots). Transparency obligations - users must know that they are interacting with AI.
4. Minimal risk
Low-risk applications such as image editing or spam filters. No new obligations, voluntary best practices recommended.
What is changing for companies now
Even before full implementation, you should act now.
What’s expected includes:
- Knowing which AI is in use
- Clear responsibilities
- Understandable internal rules
- Alignment with the GDPR
- Documentation that is auditable
Waiting often leads to higher costs, time pressure and unnecessary risks.
Common misconceptions
“We only use standard tools - this doesn’t affect us.” → Even with third-party tools, the responsibility stays with the company.
“We’ll deal with it later.” → Cleaning up unstructured AI use later is considerably more expensive.
“This is purely a legal topic.” → In practice it is above all a governance and organizational question.
What companies should do now
A pragmatic start:
- Create an AI inventory
- Define responsibilities and decision paths
- Define clear usage rules
- Align AI use with the GDPR & EU AI Act
- Enable teams instead of blocking them
Order first. Then compliance.
Conclusion
The EU AI Act isn’t meant to slow innovation. It rewards companies that use AI consciously and responsibly.
Those who start early win:
- Clarity
- Legal certainty
- Speed
- Trust - internal and external
AI is here to stay. The only question is: chaotic or structured?