AI Act: What it means for businesses

What is the AI Regulation?

The Artificial Intelligence Regulation (AI-VO), also known as the AI Act, is the world's first comprehensive law regulating AI systems. It applies directly in all EU member states – no implementation into national law is required.

The AI Regulation pursues four key objectives: 

• Protection of fundamental rights and the safety of EU citizens
• Monitoring and Regulation of AI use in businesses
• Creation of a safe innovation framework for European AI developments
• Strengthening consumer and business trust in AI technologies

Which AI systems does the regulation affect?

The AI Act defines an AI system as “a machine-based system designed to operate with varying degrees of autonomy and that can adapt after deployment. It infers from received inputs how outputs (predictions, content, recommendations, or decisions) are generated.”

Risk-based classification of AI systems

The stringency of regulation depends on the risk potential of the AI system. The regulation divides AI into four categories:

1. AI with unacceptable risk: Prohibited

AI systems that pose a clear threat to fundamental rights are prohibited in the EU since February 2025. These include:

• Social scoring by public authorities ‍
• Real-time biometric remote identification in public spaces (with few exceptions) ‍
• Emotion recognition in the workplace or educational institutions

2. High-risk AI systems: Strict regulation

High-risk AI systems are used in critical areas, such as:

• Human resources: AI-powered applicant management systems ‍
• Healthcare: AI diagnostics ‍
• Critical Infrastructure: Control of energy or traffic networks ‍
• Law Enforcement & Justice: Risk assessment in legal proceedings

Example: A software company developing an AI-based recruiting tool must conduct conformity assessments and create technical documentation.

3. AI with limited risk: Transparency obligations

AI systems such as Chatbots or Deepfake generators may be used, provided users are clearly informed that they are interacting with an AI.

4. AI with minimal risk: No specific requirements

AI systems like spam filters or AI-powered video games are not subject to special requirements.

Using AI safely in the enterprise

Unsure what the AI Act means for your company and your AI projects? Certified experts from Proliance show you how to implement AI systems safely. Get clear, actionable recommendations and pragmatic advice on the AI Act.

Request a free AI consultation

When does the AI Regulation come into force?

The AI Regulation came into force on August 1, 2024 . However, there are staggered transition periods:

What requirements does the AI Act place on companies?

The AI Regulation primarily targets providers (developers of AI systems), operators (companies that use AI systems), and importers of AI systems.

Key requirements:

1. Risk assessment and risk management

Companies must conduct a comprehensive risk assessment conduct and document their AI systems:

Companies must conduct a comprehensive risk assessment and document:

• What risks arise from the use of the AI system?

• What measures are taken to minimize these risks?

• How is the system monitored and updated?

2. Transparency Requirements

Users must be clearly informed that they are interacting with an AI system, especially with chatbots or systems that detect emotions or biometric data use.

3. Documentation and Record-Keeping

Companies must keep detailed records of development, training, data sources, changes, and incidents.

Special Regulations for High-Risk AI Systems

High-risk AI systems are subject to particularly stringent requirements. Companies must ensure that these systems

✅ Robust and secure are

✅ The do not violate users' fundamental rights

‍✅ Undergo a strict conformity assessment

✅ Human oversight enable (Human-in-the-Loop)

Compliance under the AI Act

The conformity assessment is a central component of the AI Regulation. Providers or operators of high-risk AI systems must demonstrate that their systems meet the requirements.

Steps for compliance:

1. Risk classification: Is your AI system classified as high-risk?

2. Create technical documentation

3. Implement a quality management system

‍4. External audit (if required)

5. Affix CE marking

6. Registration in EU database

Enforcement of the Regulation and impending penalties

For the monitoring and enforcement of the AI Act, each EU member state, including Germany, must establish or designate a national supervisory authority. In Germany, the Federal Network Agency (Bundesnetzagentur) is designated as the center for coordination and competence, and as the market surveillance and notifying authority.

What penalties do companies face for violating the AI Act?

The Fines are based on the GDPR:

Challenges and Criticism of the AI Regulation

The AI Regulation aims to create a secure framework. However, there are some criticisms:

1. Unclear risk classification: Many companies are unsure whether their AI systems are considered high-risk.

2. High bureaucratic burden: Particularly SMEs are concerned about the documentation and auditing requirements.

3. Stifling innovation: Strict regulations could disadvantage European companies in global competition.

Outlook: What's next for the AI Regulation and AI Act

With the AI Act, the European Union has taken an important step to make the use of AI safer and more responsible.

For companies, this means:

✅ Act now: Don't wait until 2026
✅ Consult experts: AI Compliance is complex
✅ Leverage synergies: Think integrated: GDPR, NIS2, AI Act
✅ Document centrally: Compliance platforms save up to 70% time