This list of FAQs has been compiled based on queries received during the AI Pact webinars as well as submissions from stakeholders. This list will be updated regularly and as needed.
The EU AI Act is the world's first comprehensive AI law. It aims to promote innovation and uptake of AI, while ensuring a high level of protection of health, safety and fundamental rights, including democracy and the rule of law.
The uptake of AI systems has a strong potential to bring societal benefits, economic growth and enhance EU innovation and global competitiveness. However, in certain cases, the specific characteristics of certain AI systems may create risks related to user safety, including physical safety, and fundamental rights. Some powerful AI models that are widely used could also pose systemic risks.
This leads to legal uncertainty and potentially slower uptake of AI technologies by public authorities, businesses and citizens, due to the lack of trust. Disparate regulatory responses by national authorities could risk fragmenting the internal market.
Responding to these challenges, legislative action was needed to ensure a well-functioning internal market for AI systems and models where both benefits and risks are adequately addressed.
The AI Act applies progressively, with a full roll-out by 2 August 2027.
The prohibitions, definitions and provisions related to AI literacy became applicable on 2 February 2025;
The rules on governance and the obligations for general-purpose AI models became applicable on 2 August 2025;
The obligations regarding high-risk systems listed in Annex III, the transparency requirements (Article 50) as well as the measures in support of innovation will apply as of 2 August 2026. This is also the date when the enforcement of AI Act will start;
The obligations for high-risk AI systems that classify as high-risk because they are embedded in regulated products, listed in Annex I (list of Union harmonisation legislation), will enter into force on 2 August 2027.
The AI Act is designed as a flexible and future-proof regulation that allows to adapt the rules to the rapid pace of technological development, as well as the potential changes in the use of AI systems and emerging risks.
While in general the AI Act can only be amended through the legislative procedure, in certain cases, the Commission is empowered to amend certain parts of the AI Act. For instance, the following parts of the AI Act can be adapted by the Commission:
The list of high-risk use-cases in Annex III. The Commission is obliged to carry out a yearly review to assess if changes to the list are needed.
The threshold above which general-purpose AI models are presumed to have high impact capabilities and are classified as presenting systemic risks.
The Commission also regularly assesses if other changes to the AI Act are needed and reports to the European Parliament and the Council. Such regular evaluation is foreseen directly in the AI Act.
The AI Act does not apply to all AI solutions, but only to those that fulfil the definition of an ‘AI system’ within the meaning of Article 3(1) AI Act.
The AI Act follows a risk-based approach and introduces rules for AI systems based on the level of risk they can pose. Any AI practices with an unacceptable risk to health, safety or fundamental rights enshrined in the Charter of Fundamental Rights are prohibited (e.g. AI systems used to detect emotions of employees at work, except medical and safety reasons; certain social scoring practices). AI systems with high risk for health, safety or fundamental rights need to meet certain requirements to make sure they are safe and trustworthy (e.g. AI systems used at border control management; law enforcement, or autonomous vehicles could be examples of high-risk AI systems). Certain AI systems need to meet transparency requirements (e.g., deep fakes will have to be labelled as AI-generated; chatbots should inform that a person is not communicating with a human). All other AI systems remain unregulated and can be placed on the market, put into service or used in the EU without any requirements – at the time of preparation of the proposal of AI Act, it was estimated that these would be 85%.
The AI Act does not automatically apply to all AI systems placed on the market before its application date. Instead, compliance obligations are phased in depending on the category and whether the system undergoes significant modifications.
The AI Act will apply from 31 December 2030 to AI systems which are components of the large-scale IT systems established by the legal acts listed in Annex X that have been placed on the market or put into service before 2 August 2027. In case such large-scale IT systems are evaluated or the legal acts in Annex X are replaced or amended before 31 December 2030, the AI Act shall be taken into account.
The AI Act will also apply to high-risk AI systems that have been placed on the market or put into service before 2 August 2026 only in case those systems are significantly modified. The AI Act will also apply from 31 December 2030 to high-risk AI systems that have been placed on the market or put into service before 2 August 2026 and are (intended to be) used by public authorities.
Lastly, the AI Act will apply from 2 August 2027 to general-purpose AI models that have been placed on the market before 2 August 2025.
However, the rules on prohibited AI practices (Article 5) apply to all AI systems, without taking into account the date of their placement on the market.
Focusing specifically on the building phase of the AI system, Recital 12 of the AI Act further clarifies that ‘[t]he techniques that enable inference while building an AI system include machine learning approaches that learn from data how to achieve certain objectives, and logic- and knowledge-based approaches that infer from encoded knowledge or symbolic representation of the task to be solved.’ Those techniques should be understood as ‘AI techniques’.
In addition to various machine learning approaches, that are often understood as an AI technique, the second category of AI techniques mentioned in Recital 12 of the AI Act are ‘logic- and knowledge-based approaches that infer from encoded knowledge or symbolic representation of the task to be solved’. Instead of learning from data, these AI systems learn from knowledge including rules, facts and relationships encoded by human experts.
Based on the knowledge encoded by human experts, these systems can ‘reason’ via deductive or inductive engines or using operations such as sorting, searching, matching and chaining. By using logical inference to draw conclusions, such systems apply formal logic, predefined rules or ontologies to new situations. Logic and knowledge based approaches include, for instance, knowledge representation, inductive (logic) programming, knowledge bases, inference and deductive engines, (symbolic) reasoning, expert systems and search and optimisation methods.
The AI Act distinguishes between an AI system, defined in Article 3(1) and a general-purpose AI model defined in Article 3(63).
The AI Act refers to AI models as those that ‘are essential components of AI systems. They do not constitute AI systems on their own. AI models require the addition of further components, such as for example a user interface, to become AI systems. AI models are typically integrated into and form part of AI systems’ (Recital 97). ‘Large generative AI models are a typical example for a general-purpose AI model, given that they allow for flexible generation of content, such as in the form of text, audio, images or video, that can readily accommodate a wide range of distinctive tasks’ (Recital 99).
The AI Act defines an AI system as a ‘machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments’ (Article 3(1), Recital 12).
For more information, please refer to the Guidelines on the definition of an artificial intelligence system.
The AI Act follows a risk-based approach, classifying AI systems into four different risk categories: unacceptable risk, high risk, transparency risk, and minimal to no risk.
For the unacceptable risk category, the AI Act lists specific practices that are prohibited (Article 5 of the AI Act). The high-risk AI systems are defined in accordance with Article 6 of the AI Act in conjunction with Annex I (list of Union harmonisation legislation) and Annex III of the AI Act. Annex III comprises eight areas in which the use of AI can be particularly sensitive and lists concrete use cases for each area that are assessed by the co-legislator as posing significant risks to health, safety and fundamental rights. For certain AI systems where transparency is particularly important, rules on transparency are foreseen. All the other AI systems are considered as “minimal to no risk” AI systems and the AI act does not foresee any obligations for them. Voluntarily, providers of those systems may choose to apply the requirements for trustworthy AI and adhere to voluntary codes of conduct.
Depending on the level of risk, obligations and requirements related to specific AI systems will vary.
Providers of high-risk AI systems need to ensure that their high-risk AI system complies with the requirements of the AI Act before the system is placed on the market or put into service. Examples of such requirements include having a risk management system in place, recording logs, and ensuring qualitative data and data governance, as well as human oversight. In addition, providers will need to register their system in the EU database and accompany the system with instructions for its use for deployers.
Providers of transparency-risk systems, such as chatbots, AI social companions or deep fakes, need to comply with certain transparency obligations. This includes, for example, informing natural persons that they are interacting with an AI system or ensuring that AI generated content can be detected as such. Deployers of systems that can generate or manipulate content need to disclose that the content is generated by AI.
The AI Act does not prescribe obligations for minimal-risk AI systems, but Member States can facilitate the drawing up of voluntary codes of conduct for AI systems that are not high-risk.
In principle, the evolution of an AI system does not have legal implications. However, in the case of high-risk AI systems, such developments should be anticipated and addressed within the risk management framework and related compliance obligations. Where an AI system undergoes substantial modifications, this may give rise to legal consequences, including the need for a renewed conformity assessment under the AI Act.
The AI Act does not require any particular internal governance within the company.
However in line with Article 17(1)(m) the providers of high-risk AI systems should put a quality management system in place, that should include an accountability framework, setting up the responsibilities of the management and other staff with regard to all the aspects related to the quality management system listed in Article 17 of the AI Act.
The EU Funding & Tenders Portal of the European Commission is the central place to find any funding opportunities from the EU, including AI-relevant ones. Of particular interest among the funding programmes are Horizon Europe and Digital Europe Programme. Within Horizon Europe, there are different areas of interest, namely Cluster 4 and the European Innovation Council. Other areas such as the bottom-up European Research Council may be also relevant.
The GenAI4EU flagship initiative offers ample opportunities to develop and deploy trustworthy, generative AI in Europe’s strategic sectors. With nearly 700 million euros committed, there are plenty of opportunities to help Europe become more competitive and innovative. A dedicated website gives an overview of the different call for proposals available under Horizon Europe and the Digital Europe Programme.