EU Bans Risky AI Systems

EU Bans Risky AI Systems
Photo by Farah Almazouni / Unsplash

The European Union's Artificial Intelligence Act (EU AI Act), enacted on February 2, 2025, represents a watershed moment in global AI governance. As the world’s first comprehensive regulatory framework for artificial intelligence, it establishes stringent prohibitions on high-risk applications while aiming to foster innovation and protect fundamental rights. This in-depth analysis explores the Act’s core provisions, enforcement mechanisms, and far-reaching implications for businesses and society.

The EU AI Act: Comprehensive Regulation for a Safer, Transparent, and Trustworthy AI Ecosystem
In August 2024, the European Union introduced the EU Artificial Intelligence Act, marking a significant leap in the regulation of AI technologies. As the world’s first comprehensive AI law, the EU AI Act is poised to shape how artificial intelligence is developed, deployed, and governed across industries. It aims

Prohibited AI Practices: Safeguarding Fundamental Rights

The EU AI Act bans AI systems deemed to pose "unacceptable risks" to human rights, safety, and democratic values. These include:

  • Manipulative AI: Systems using subliminal techniques or exploiting vulnerabilities (e.g., age, disability) to distort decision-making[4][13][41].
  • Social Scoring: Evaluating individuals based on behavior, socioeconomic status, or personality traits[1][19][37].
  • Untargeted Facial Recognition: Scraping facial images from the internet or CCTV to build databases[4][6][10].
  • Real-Time Biometric Identification: In public spaces, except for narrowly defined law enforcement emergencies (e.g., terrorist threats)[10][19][40].
  • Emotion Recognition: In workplaces, schools, or public services, unless used for medical/safety purposes[4][6][10].
  • Predictive Policing: Assessing criminal risk based solely on profiling or personality traits[4][10][41].

These prohibitions reflect the EU’s commitment to preventing dystopian applications akin to China’s social credit system[10][19]. Exemptions for law enforcement require judicial approval and strict proportionality[19][40].

Global AI Regulation Wave: How Italy’s DeepSeek Ban Triggered a Worldwide Scrutiny of Chinese AI Models - Germany/ Netherlands/Taiwan
DeepSeek, the Chinese AI startup behind the viral DeepSeek-R1 reasoning model, faces escalating global scrutiny as regulators worldwide raise concerns over data privacy, cybersecurity, and compliance with local laws. Following Italy’s decisive ban, multiple countries and organizations have launched investigations or imposed restrictions, signaling a tightening regulatory environment for

Enforcement and Penalties: A Deterrent Framework

Non-compliance triggers severe consequences:

  • Fines: Up to €35 million or 7% of global annual turnover for prohibited AI violations[1][5][10]. Lesser breaches (e.g., inadequate documentation) face penalties up to €15 million or 3% of turnover[5][45].
  • Governance: National authorities oversee enforcement, supported by the European AI Office[3][17][26].
  • Extraterritorial Reach: Applies to non-EU companies if their AI outputs affect EU citizens[1][8][34]. Providers outside the EU must designate local representatives[1][17].

Notably, enforcement powers for prohibited practices began on February 2, 2025, while penalties take effect August 2, 2025[3][10]. This phased approach allows organizations time to adapt but underscores urgency in removing banned systems[3][45].

AI governance laws, frameworks, and technical standards from around the world
Navigating the Complex Landscape of AI Governance: A Global Overview As artificial intelligence (AI) continues to transform industries and societies, the need for robust governance frameworks has never been more critical. Across the globe, governments, international organizations, and standards bodies are introducing laws, frameworks, and technical standards to ensure AI

Implementation Timeline: Balancing Compliance and Innovation

The Act’s rollout occurs in stages:

  • February 2025: Prohibited practices banned; AI literacy mandates begin[3][9].
  • August 2025: General-purpose AI (GPAI) rules and penalties enforced[3][45].
  • August 2026: Full implementation for high-risk systems (e.g., medical devices, critical infrastructure)[1][19][45].

This timeline aims to mitigate disruption while prioritizing immediate action against the riskiest AI applications[3][45]. For example, companies like Uber and Lyft must register high-risk AI systems (e.g., driver-routing algorithms) in public databases by 2026[14].


AI Literacy and Corporate Accountability

Article 4 mandates that providers and deployers ensure staff achieve "sufficient AI literacy," including understanding risks, opportunities, and ethical implications[3][9][31]. While flexible in implementation, companies must document training programs to avoid penalties[9][31]. This requirement extends to third-party contractors, broadening compliance responsibilities[3].


Global AI Law Snapshot: A Comparative Overview of AI Regulations in the EU, China, and the USA
As artificial intelligence (AI) continues to revolutionize industries worldwide, governments are racing to establish legal frameworks to regulate its development, deployment, and risks. The European Union (EU), China, and the United States (USA) have each taken unique approaches toward AI regulation, reflecting their economic priorities, governance philosophies, and risk mitigation

Global Impact: The Brussels Effect in Action

The EU AI Act is poised to influence global norms, much like the GDPR:

  • US Compliance: Major tech firms (e.g., Google, Microsoft) signed the voluntary EU AI Pact to align early, though Meta and Apple abstained[10][27].
  • Innovation Concerns: Critics argue compliance costs may disadvantage SMEs, while proponents highlight incentives for trustworthy AI development[12][46][48].
  • Systemic GPAI Models: Providers like OpenAI must conduct adversarial testing, assess cybersecurity risks, and report energy consumption for models exceeding 10²⁵ FLOPs[5][26].

The Act’s risk-based framework has already inspired similar proposals in Canada, Brazil, and Singapore[27][49]. However, its "Brussels Effect" may be less pronounced in sectors like defense, where national security exemptions apply[14][46].


Challenges and Future Outlook

  • Ambiguities: Key definitions (e.g., "manipulative techniques") await Commission guidelines[4][13].
  • Innovation Balance: Startups fear compliance burdens, though the Act exempts R&D-focused AI[1][46].
  • Global Alignment: Divergences from US sectoral approaches risk fragmentation[8][27][46].

The European AI Office will play a pivotal role in updating prohibited practices and issuing codes of conduct[4][26]. Meanwhile, the pending AI Liability Directive aims to simplify compensation for AI-related harms[5][28].


The European Parliament Adopts the Artificial Intelligence Act: A Milestone for AI Regulation
In a historic move, the European Parliament took a giant leap in the regulation of artificial intelligence (AI) on June 14, 2023, by adopting the groundbreaking Artificial Intelligence Act. This act is a comprehensive and ambitious regulation aimed at harmonizing rules for AI across the European Union (EU), with a

The EU AI Act distinguishes between high-risk and minimal-risk AI applications through a detailed risk classification framework that considers potential impacts on safety, fundamental rights, and societal well-being. This differentiation drives regulatory obligations, with strict requirements for high-risk systems and minimal oversight for low-impact applications.

Key Differentiators

The regulation uses three primary criteria to separate high-risk from minimal-risk AI:

CriterionHigh-Risk AIMinimal-Risk AI
Impact ScopeAffects health, safety, or fundamental rights (e.g., medical diagnostics, hiring)No significant impact on rights/safety (e.g., spam filters, basic image editors)
Sector InvolvementDeployed in regulated industries (transport, healthcare, law enforcement)Used in non-critical domains (entertainment, basic utilities)
Data SensitivityProcesses biometric, medical, or legally protected dataHandles anonymized/non-sensitive information
Decision InfluenceDirectly impacts human decisions (e.g., job screening, criminal risk assessment)Provides non-binding outputs (e.g., game AI, inventory management suggestions)
Global AI Governance: A Comparative Analysis of the US, EU, and Chinese Approaches
As artificial intelligence (AI) rapidly advances and permeates every facet of our lives, the imperative for robust governance frameworks becomes increasingly apparent. Effective AI governance is essential for ensuring the responsible development and deployment of AI technologies, mitigating potential harms, and harnessing its transformative potential for societal good. This article

High-Risk AI Systems

Definition: AI applications with potential to cause significant harm to health, safety, or fundamental rights 1229.Examples:

  • Medical diagnostic tools (e.g., cancer detection algorithms) 2029
  • Biometric identification systems in public spaces 19
  • AI-powered recruitment platforms assessing job candidates 31
  • Critical infrastructure management (power grids, transportation) 310

Regulatory Requirements:

  1. Pre-market conformity assessments by third parties 1630
  2. Continuous monitoring and post-market surveillance 111
  3. Detailed technical documentation and risk mitigation plans 231
  4. Mandatory human oversight mechanisms 2931
  5. Registration in EU databases for public transparency 221

Minimal-Risk AI Systems

Definition: AI applications with negligible potential for harm, representing most common consumer-facing tools 72528.Examples:

  • Spam filters and email prioritization algorithms 625
  • AI-enabled video game NPCs 27
  • Basic photo/video editing tools (e.g., auto-brightness adjustments) 425
  • Inventory management systems predicting stock levels 24

Regulatory Requirements:

  • No mandatory compliance obligations under the AI Act 221
  • Voluntary adherence to ethical codes encouraged 27
  • Basic transparency encouraged but not required (e.g., disclosing AI use) 2526

Enforcement Contrast

High-Risk:

  • Providers face fines up to €35M/7% global turnover for non-compliance 213
  • Requires appointed EU representative for non-EU companies 226
  • Mandatory incident reporting to national authorities 1131

Minimal-Risk:

  • No penalties for non-compliance 2528
  • No reporting or registration requirements 47
  • Exempt from conformity assessments 2125

This risk-based approach allows the EU to focus regulatory resources on applications with significant societal impacts while fostering innovation in low-risk domains. The classification system adapts through periodic reviews by the European AI Office, ensuring evolving technologies remain appropriately categorized 3031.

Conclusion

The EU AI Act marks a paradigm shift toward human-centric AI governance. By criminalizing manipulative and discriminatory systems while incentivizing transparency, it challenges global tech leaders to prioritize ethics alongside innovation. As the Act’s provisions mature, its success will hinge on balancing rigorous enforcement with adaptability to rapid technological change. For businesses, proactive compliance—not just risk mitigation—may emerge as a competitive advantage in the age of trustworthy AI.

In-Depth Analysis of the Florida Digital Bill of Rights (FDBOR)
In Addition to COPPA and KOSA for Child Safety BillsIn the digital era, the safety of children on the internet has become a paramount concern, prompting significant legislative and policy-driven conversations. The recent move by the US Senate Judiciary Committee to summon top tech CEOs for a hearing on their

For further analysis of AI regulations, explore our coverage of the US AI Bill of Rights and China’s generative AI rules.

Citations:
[1] https://www.ibm.com/think/topics/eu-ai-act
[2] https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
[3] https://www.jdsupra.com/legalnews/the-eu-ai-act-prohibited-practices-and-1555572/
[4] https://www.mayerbrown.com/en/insights/publications/2025/01/eu-ai-act-ban-on-certain-ai-practices-and-requirements-for-ai-literacy-come-into-effect
[5] https://www.lewissilkin.com/en/insights/2024/09/25/ed-eu-ai-act101-an-in-depth-analysis-of-europes-ai-regulatory-framework
[6] https://www.ibm.com/think/insights/what-eu-ai-act-changing-businesses
[7] https://artificialintelligenceact.eu/high-level-summary/
[8] https://www.atlanticcouncil.org/blogs/geotech-cues/eu-ai-act-sets-the-stage-for-global-ai-governance-implications-for-us-companies-and-policymakers/
[9] https://www.jdsupra.com/legalnews/upcoming-eu-ai-act-obligations-9410001/
[10] https://siliconangle.com/2025/02/02/eu-now-enforcing-ai-act-banning-high-risk-ai-systems/
[11] https://cacm.acm.org/research/the-eu-ai-act-and-the-wager-on-trustworthy-ai/
[12] https://wwws.law.northwestern.edu/research-faculty/clbe/events/standardization/documents/nizza_assessing_impact_ai_act_innovation.pdf
[13] https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240408-prohibited-ai-practices-a-deep-dive-into-article-5-of-the-european-unions-ai-act
[14] https://www.brookings.edu/articles/the-eu-ai-act-will-have-global-impact-but-a-limited-brussels-effect/
[15] https://www.ey.com/en_ch/insights/forensic-integrity-services/the-eu-ai-act-what-it-means-for-your-business
[16] https://kpmg.com/xx/en/our-insights/eu-tax/decoding-the-eu-artificial-intelligence-act.html
[17] https://www.hklaw.com/en/insights/publications/2024/03/the-european-unions-ai-act-what-you-need-to-know
[18] https://www.thomsonreuters.com/en-us/posts/corporates/forum-eu-ai-act-impact/
[19] https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
[20] https://www.whitecase.com/insight-alert/long-awaited-eu-ai-act-becomes-law-after-publication-eus-official-journal
[21] https://www.simmons-simmons.com/en/publications/clyimpowh000ouxgkw1oidakk/the-eu-ai-act-a-quick-guide
[22] https://www.kearney.com/service/digital-analytics/article/what-is-the-eu-ai-act-and-why-is-it-important
[23] https://www.isaca.org/resources/white-papers/2024/understanding-the-eu-ai-act
[24] https://cetas.turing.ac.uk/publications/eu-ai-act-national-security-implications
[25] https://thoropass.com/blog/compliance/eu-ai-act/
[26] https://www.nccgroup.com/us/the-eu-ai-act-pioneering-the-future-of-ai-regulation/
[27] https://www.atlanticcouncil.org/blogs/geotech-cues/eu-ai-act-sets-the-stage-for-global-ai-governance-implications-for-us-companies-and-policymakers/
[28] https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-european-union
[29] https://cacm.acm.org/research/the-eu-ai-act-and-the-wager-on-trustworthy-ai/
[30] https://www.hoganlovells.com/en/publications/global-impact-of-the-eu-ai-act-for-health-stakeholders
[31] https://www.mayerbrown.com/en/insights/publications/2025/01/eu-ai-act-ban-on-certain-ai-practices-and-requirements-for-ai-literacy-come-into-effect
[32] https://iapp.org/resources/article/global-ai-governance-eu/
[33] https://www.deloitte.com/lu/en/Industries/investment-management/perspectives/european-artificial-intelligence-act-adopted-parliament.html
[34] https://kpmg.com/us/en/articles/2024/how-eu-ai-act-affects-us-based-companies.html
[35] https://www.morganlewis.com/pubs/2024/07/the-eu-ai-act-is-here-10-key-takeaways-for-business-and-legal-leaders
[36] https://www.michalsons.com/blog/eu-ai-act-case-studies/66422
[37] https://about.citiprogram.org/blog/an-overview-of-the-eu-ai-act-what-you-need-to-know/
[38] https://cdp.cooley.com/eu-ai-act-does-it-affect-your-organization-or-not/
[39] https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/artificial-intelligence-act-meps-adopt-landmark-law
[40] https://www.advarra.com/blog/understanding-the-impact-of-the-new-eu-artificial-intelligence-act-on-clinical-research/
[41] https://www.holisticai.com/blog/prohibitions-under-eu-ai-act
[42] https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/tech-regulatory-policy-developments/eu-ai-act.html
[43] https://www.nature.com/articles/s41746-024-01232-3
[44] https://www.skadden.com/insights/publications/2024/06/quarterly-insights/the-eu-ai-act-what-businesses-need-to-know
[45] https://www.ibm.com/think/insights/what-eu-ai-act-changing-businesses
[46] https://www.brookings.edu/articles/the-eu-ai-act-will-have-global-impact-but-a-limited-brussels-effect/
[47] https://kennedyslaw.com/en/thought-leadership/article/2024/2025-global-ai-governance-takes-shape-what-to-expect-from-the-eu-and-us/
[48] https://wwws.law.northwestern.edu/research-faculty/clbe/events/standardization/documents/nizza_assessing_impact_ai_act_innovation.pdf
[49] https://europeanleadershipnetwork.org/commentary/the-eus-artificial-intelligence-act-a-golden-opportunity-for-global-ai-regulation/
[50] https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

Read more