2 April 2025 / Data Protection

EU AI Act: summary – what businesses need to know

Data Protection

+37052000777

Artificial intelligence is now the main force of business in Europe, defining its operation, competition, and growth. But while the influence of AI continues to grow, the consideration for general regulation also increases.

What’s demanded is the EU AI Act, a pioneering legislative framework that places itself as the first law based on artificial intelligence in the world. It’s no longer just a legal update for companies from every industry; it’s a strategic juncture. Whether your company is engaged in developing AI tools or merely using them in its operations, knowing what the EU AI Act represents for your business is a matter of compliance, competitiveness, and preparedness for the future.

What is the EU AI Act, and why is it important?

The EU AI Act (formally known as the Artificial Intelligence Act (AIA)) is the European Union’s response to artificial intelligence’s growing influence and potential risks. This new legislation, approved by the European Parliament in 2024 and expected to take full effect by 2026, sets out a harmonised legal framework for developing, deploying, and using AI across the EU.

The European Union AI Act aims to balance innovation with fundamental rights, such as data protection, privacy, non-discrimination, and safety. It introduces a risk-based approach to AI regulation, which means that AI systems will be categorised by their potential impact on individuals and society. But beyond compliance, this regulation is a signal to businesses: ethical, transparent, and accountable AI will become a baseline expectation, not a bonus feature.

What are the four risk categories of the AIA?

One of the core elements of the artificial intelligence law (AIA) is its classification system. The Act divides AI systems into four risk categories, each with distinct requirements:

Unacceptable risk – AI systems that pose a clear threat to safety, livelihoods, or rights (e.g., social scoring by governments) will be outright banned.
High risk – AI used in critical infrastructure, recruitment, credit scoring, education, law enforcement, and health. These systems will be subject to strict obligations around transparency, documentation, risk assessment, and human oversight.
Limited risk – AI systems that interact with humans, such as chatbots or emotion-recognition tools. These will require transparency measures (e.g., disclosing that users are interacting with AI).
Minimal risk – applications like AI-enabled spam filters or recommendation engines. These will remain largely unregulated.

Understanding where your product or service fits within this framework is crucial. Many organisations may not realize that the tools they use daily could fall under the high-risk category and, therefore, require compliance with new technical and legal standards.

What is the impact of the European AI Act on businesses?

The European AI Act’s impact on businesses varies depending on their role in the AI value chain—developers, deployers, or users. However, all companies using or building AI technologies in the EU must assess their exposure.

Key areas of impact include:

Compliance costs: high-risk AI providers will need to implement robust risk management systems, maintain detailed technical documentation, and undergo regular conformity assessments.
Governance and legal accountability: senior management will likely need to be more involved in AI oversight to meet the transparency and human oversight standards outlined in the AI law.
Data and privacy management: compliance with the EU AI regulation also requires compatibility with GDPR and other data protection laws.
Innovation and competitiveness: while the regulation could increase short-term costs, it may also build long-term trust and market advantage, especially for companies leading in ethical AI development.

It’s also critical for multinationals to understand how the AI law applies extraterritorially. If your company is based outside the EU but markets or deploys AI systems within EU territory, you’re still subject to the Act.

Who needs to comply with the EU AI Act?

Businesses across multiple sectors should assess their risk exposure and readiness. Those most affected include:

Tech companies and AI developers.
Banks and financial institutions (e.g., AI used in credit scoring or fraud detection).
Healthcare providers (e.g., diagnostic algorithms).
Manufacturers (e.g., AI in robotics or quality control).
Retail and e-commerce (e.g., personalised pricing engines or recommendation algorithms).

Even organisations that use AI developed by third parties are not exempt. Under the EU AI regulation, deployers of high-risk systems also share responsibility for ensuring compliance.

What should businesses do now to prepare?

With final implementation on the horizon, now is the time to act. Here are five strategic steps businesses should take:

Map your AI systems – identify all AI tools in use across your organization and classify them according to the AIA risk tiers.
Conduct a gap analysis – compare your current systems and processes against the obligations set out in the EU AI Act summary.
Establish AI governance structures – appoint responsible officers, set up documentation processes, and integrate AI risk management into your compliance framework.
Train staff and raise awareness – legal, compliance, IT, and product teams all need to understand the implications of the European Union AI Act.
Work with legal advisors and technical experts – ensure that your technical documentation, risk assessments, and transparency requirements are accurate and up to date.

Proactive preparation today will ensure compliance and build trust, reduce risk, and create a competitive edge in the evolving AI regulatory landscape.

When will the EU AI Act come into force?

The EU AI Act entered into force in mid-2024 with phased implementation:

Banned practices: will be prohibited shortly after the regulation is published in the Official Journal.
High-risk AI compliance: full obligations will likely apply 24 months after the Act’s entry into force (by 2026).
Voluntary codes for non-high-risk systems: may be introduced earlier to encourage best practices.

Organisations should begin preparing now to ensure timely compliance and avoid legal or operational risks once the Act is fully in effect.

Why the EU AI Act could set the global standard

Already, countries such as Canada, Brazil, and the United States are watching or have drafted legislation of their own. Therefore, compliance with the Artificial Intelligence Act AIA might even be a competitive edge set beyond the EU. In addition, clients, consumers, and partners are increasingly worried about AI transparency and fairness. Timely compliance is not just about dodging fines; it’s also about enhancing your brand.

The EU AI Act summary isn’t just a legal update – it’s a roadmap for responsible innovation. Businesses that treat this moment as a chance to lead, not just comply, will be better positioned to win trust, secure partnerships, and future-proof their operations in an AI-driven world. Final thoughts? AI compliance is a great business opportunity.

At Motieka & Audzevičius, we confidently help companies navigate emerging regulations like the European AI Act. Whether you are sure of what the EU AI law means for your operations or products, our legal experts are at your service every step of the way.

Name	Provider	Purpose	Expiration
rc::a	google.com	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent
rc::b	google.com	This cookie is used to distinguish between humans and bots.	Session
rc::c	google.com	This cookie is used to distinguish between humans and bots.	Session

Name	Provider	Purpose	Expiration
_ga	google.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_gat	google.com	Used by Google Analytics to throttle request rate.	1 day
_gid	google.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day
_fbp	facebook.com	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months
bcookie	linkedin.com	Used by the social networking service, LinkedIn , for tracking the use of embedded services.	2 years
bscookie	linkedin.com	Used by the social networking service, LinkedIn, for tracking the use of embedded services.	2 years
d/px	adsymptotic.com	Collects data on visitors' preferences and behaviour on the website. This information is u sed make content and advertisement more relevant to the specific visitor.	Session
fr	facebook.com	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 years
lidc	linkedin.com	Used by the social networking service, LinkedIn , for tracking the use of embedded services.	1 day
lissc	linkedin.com	Used by the social networking service, LinkedIn, for tracking the use of embedded services.	1 year
NID	google.com	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.	6 months
tr	facebook.com	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	Session
UserMatchHistory	linkedin.com	Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.	29 days
lang	linkedin.com	Remembers the user's selected language version of a website.	Session
lang	linkedin.com	Set by LinkedIn when a web page contains an embedded "Follow us" panel.	Session