EU AI Act — Risk tiers → duties
- Unacceptable: banned uses (e.g., social scoring, real-time biometric ID).
- High-risk: allowed with strict controls—risk mgmt, data governance, human oversight, logging, CE-mark/QMS, post-market monitoring.
- Limited: transparency only (disclose AI interactions; label deepfakes).
- Minimal: no mandatory duties (voluntary codes).
Why it matters now
- In force: 1 Aug 2024; prohibitions Feb 2025; GPAI rules Aug 2025; most high-risk duties Aug 2026.
- Penalties up to €35m/7% (prohibitions) and €15m/3% (other breaches).
- Public sector/public services using high-risk AI: Fundamental Rights Impact Assessment (FRIA) required.