If you build or deploy AI systems that touch EU users, the EU AI Act now shapes your technical roadmap. The regulation is in force, several deadlines have passed, and fines scale to 7% of global turnover. Here is what matters for engineering teams.
Four risk tiers decide your workload
Every AI system falls into one of four categories. Prohibited systems, such as emotion recognition at work or social scoring, have been banned since 2 February 2025. High-risk systems, including AI used in hiring, credit scoring and biometric identification, need conformity assessments, technical documentation, logging, and human oversight controls. Limited-risk systems like chatbots carry transparency duties: users must know they are talking to a machine, and AI-generated content needs labels. Minimal-risk systems such as spam filters have no mandatory obligations.
GPAI rules are already live
Since 2 August 2025, providers of general-purpose AI models must document architecture, training data, compute used, and intended use cases. Models trained above 10^25 FLOPs are presumed to carry systemic risk and face adversarial testing, cybersecurity duties, and incident reporting to the European AI Office.
The deadline everyone gets wrong
Many teams still plan around August 2026 for high-risk compliance. That date moved. Under the Digital Omnibus package approved by the European Parliament in June 2026, stand-alone high-risk systems now have until 2 December 2027, because the harmonised standards from CEN-CENELEC were not ready. The full breakdown of the updated EU AI Act timeline explains each phase: https://seers.ai/blogs/https-seers-ai-blogs-eu-ai-act-business-compliance/
Where to start
Inventory every model and system you run, tag each with a risk tier, and get your documentation pipeline in order. Compliance also depends on how your product collects and handles user data. Tools like Seers AI handle the consent management layer, so your team can focus on the model side.
Top comments (0)