Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Legal

What is EU AI Act?

The European Union's comprehensive regulation on artificial intelligence — the world's first major AI law — that categorizes AI systems by risk level and bans certain uses including real-time biometric surveillance, social scoring, and emotion recognition in workplaces and schools.

Also known as: European AI Act, AI Act, EU Artificial Intelligence Act

The EU AI Act is the world's first comprehensive AI law — and like GDPR before it, it's setting the global standard that other countries will follow.

Risk Categories

The AI Act categorizes AI systems into four risk tiers:

Banned (Unacceptable Risk)

These AI uses are prohibited entirely:

  • Real-time biometric surveillance in public spaces (with narrow law enforcement exceptions)
  • Social scoring by governments (China-style credit systems)
  • Emotion recognition in workplaces and schools
  • Predictive policing based solely on profiling
  • Manipulation of vulnerable groups using AI
  • Scraping facial images from the internet to build recognition databases (Clearview AI model)

High Risk (Strict Requirements)

These must meet transparency, accuracy, and human oversight requirements:

  • AI in hiring and recruitment (resume screening, interview analysis)
  • Credit scoring and financial decisions
  • Law enforcement applications
  • Border control and migration
  • Education (exam scoring, student assessment)
  • Critical infrastructure management

Limited Risk (Transparency Obligations)

  • Chatbots must disclose they are AI
  • Deepfakes must be labeled as artificially generated
  • AI-generated content must be identifiable

Minimal Risk

  • Spam filters, video game AI, etc. — no requirements

Timeline

  • March 2024: EU Parliament approved the AI Act
  • August 2024: Entered into force
  • February 2025: Bans on prohibited AI practices take effect
  • August 2025: High-risk AI rules begin applying
  • August 2026: Full enforcement

Why It Matters Globally

The Brussels Effect

Just as GDPR became the de facto global privacy standard, the AI Act will likely force global compliance. Any company serving EU citizens must comply — which means American, Chinese, and other companies will need to follow EU rules.

What It Bans That Others Don't

  • The US has no federal AI regulation as of 2026
  • China's AI regulations focus on censorship, not privacy
  • The EU is the only jurisdiction to ban real-time biometric surveillance and social scoring

Related Terms

AI Hiring Discrimination

The use of AI in hiring processes that can systematically discriminate against candidates based on protected characteristics inferred from resumes, video interviews, social media, and other data.

AI Surveillance

The use of artificial intelligence to automate and scale surveillance activities including facial recognition, behavior prediction, and communications monitoring.

Automated Decision-Making

The use of algorithms and AI systems to make decisions about individuals — including credit approval, hiring, insurance pricing, benefits eligibility, criminal sentencing, and content moderation — often without human oversight, transparency, or the ability to appeal.

Emotion Recognition Technology

AI systems that claim to detect human emotions from facial expressions, voice patterns, body language, or physiological signals — used in surveillance, hiring, education, and advertising.

Facial Recognition

Technology that identifies or verifies individuals by analyzing facial features from photos or video footage, increasingly used for mass surveillance.

GDPR

The General Data Protection Regulation is a comprehensive data protection law in the European Union that gives individuals control over their personal data. It establishes strict requirements for how organizations collect, process, store, and transfer personal information.

Have more questions?

Use our guided flow to get the right next privacy step for EU AI Act.

Open Guided Flow