EU AI Act
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive AI law. It regulates AI systems on a risk basis: unacceptable-risk systems are banned, high-risk systems face strict obligations (risk management, data quality, transparency, human oversight), and limited-risk AI is subject to transparency requirements. Violations can incur fines of up to EUR 35 million or 7 % of global annual turnover.
The EU AI Act entered into force on 1 August 2024 and applies in stages: bans on unacceptable practices since February 2025, obligations for general-purpose AI models (GPAI) since August 2025, and most high-risk obligations from August 2026/2027. Risk classes: (1) unacceptable (e.g. social scoring, manipulative systems) — banned; (2) high-risk (e.g. AI in critical infrastructure, applicant screening, creditworthiness) — extensive conformity obligations; (3) limited risk (e.g. chatbots) — transparency duty; (4) minimal risk — no additional obligations. For danad clients deploying Microsoft Copilot, Azure OpenAI or custom enterprise AI, this means use-case classification, documentation, GDPR-compliant data residency and governance via Microsoft Purview and Azure AI Foundry. The AI Act complements — and partly overlaps with — the GDPR.