EU AI Act - Official Full Text

Summary

This is the complete, official text of Regulation (EU) 2024/1689, the world's first comprehensive AI legislation. Published in July 2024, the EU AI Act introduces a risk-based regulatory framework that will fundamentally reshape how AI systems are developed, deployed, and monitored across the European Union. The regulation establishes clear obligations for AI providers and deployers, introduces conformity assessments for high-risk systems, and creates significant penalties for non-compliance—up to €35 million or 7% of global annual turnover.

The Four-Tier Risk Framework Explained

The Act's core innovation is its risk-based approach, categorizing AI systems into four distinct tiers:

Prohibited AI Practices include social scoring systems, real-time biometric identification in public spaces (with limited exceptions), and AI that exploits vulnerabilities. These face immediate bans with penalties up to €35 million or 7% of global turnover.

High-Risk AI Systems cover critical applications like medical devices, transportation safety, and employment decisions. These require CE marking, conformity assessments, risk management systems, and human oversight before market entry.

Limited-Risk AI Systems include chatbots and deepfakes, which must provide clear transparency notices to users about AI interaction.

Minimal-Risk AI Systems encompass most other applications with no specific obligations beyond voluntary codes of conduct.

Timeline and Enforcement Roadmap

The Act follows a staggered implementation schedule that organizations must track carefully:

• August 2024: Regulation enters into force
• February 2025: Prohibitions take effect (6 months)
• August 2025: General-purpose AI model obligations begin (12 months)
• August 2026: High-risk system requirements fully applicable (24 months)
• August 2027: Full compliance required for all provisions (36 months)

Each phase brings new compliance obligations, making early preparation essential for affected organizations.

Who this resource is for

AI System Providers developing or placing AI systems on the EU market need the full text to understand technical requirements, conformity assessment procedures, and documentation obligations.

Legal and Compliance Teams at multinational corporations require the complete regulation to draft policies, assess risks, and ensure organizational compliance across all AI deployments.

AI Deployers and Users including employers, financial institutions, and public authorities must understand their obligations when implementing AI systems, particularly around human oversight and impact assessments.

Policy Researchers and Academics studying AI governance need access to the authoritative text to analyze legal implications, compare with other jurisdictions, and track regulatory evolution.

Consultants and Legal Practitioners advising clients on AI compliance must reference the official text when providing guidance on specific requirements, exemptions, and enforcement mechanisms.

What Sets This Apart from Other AI Governance Approaches

Unlike voluntary frameworks or sector-specific guidance, the EU AI Act creates legally binding obligations with significant financial penalties. It's the first regulation to establish technical standards for AI systems at scale, requiring conformity assessments similar to medical devices or automotive safety systems.

The Act also introduces novel concepts like "AI system deployers" as distinct from providers, creating shared responsibility models. Its extraterritorial reach means non-EU companies serving EU markets must comply, making this relevant far beyond European borders.

The regulation's focus on "general-purpose AI models" anticipates future developments, creating obligations for foundation model developers that go beyond traditional software regulation.

Quick Reference: Key Articles to Know

• Articles 5-6: Prohibited AI practices and their exceptions
• Articles 8-15: High-risk AI system requirements and obligations
• Articles 50-55: Transparency obligations for limited-risk systems
• Articles 52-55: Provider and deployer obligations
• Articles 70-73: Penalties and enforcement mechanisms
• Annexes III-IV: Lists of high-risk AI systems (subject to regular updates)

The full text spans 180+ pages with detailed technical annexes that define implementation requirements, making this official source essential for anyone needing precise legal interpretation rather than summaries.