EU AI Act (Reg. 2024/1689) · Risk tiers, GPAI, timeline

§ I · The regulation

What the AI Act actually is, in plain English.

The EU Artificial Intelligence Act: Regulation (EU) 2024/1689: is the world's first horizontal, comprehensive AI law. It was published in the Official Journal on 12 July 2024, entered into force on 1 August 2024, and applies in stages: prohibitions and AI literacy from 2 February 2025; GPAI obligations from 2 August 2025; most high-risk system obligations from 2 August 2026; Annex I high-risk products from 2 August 2027. It is a regulation, not a directive: directly applicable in all 27 Member States without national transposition, with enforcement under both national authorities and a centralized European AI Office.

The Act is structured around four risk tiers plus a separate regime for general-purpose AI models. Prohibited practices (Article 5) cover eight families: social scoring, untargeted facial-image scraping, manipulative AI exploiting vulnerabilities, real-time remote biometric ID in public for law enforcement (with narrow exceptions), emotion recognition in workplace and education, and several others. High-risk systems (Articles 6-49) are the bulk of the regulation: AI systems falling under Annex III (eight use-case domains: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice/democracy) or AI systems acting as safety components of products covered by Annex I product-safety legislation. Limited risk (Article 50) covers transparency obligations for chatbots, emotion-recognition systems, biometric categorization, and AI-generated/manipulated content. Minimal risk covers everything else: with voluntary code-of-conduct encouragement.

Then there's general-purpose AI (GPAI, Articles 51-55): the foundation-model regime added late in negotiations after ChatGPT changed the political landscape. GPAI providers face baseline obligations (technical documentation, copyright policy, training-data summary). GPAI models with systemic risk: the threshold is computational power, currently 10²⁵ FLOPs: face additional obligations around model evaluation, adversarial testing, incident reporting, and cybersecurity.

Two roles matter most for compliance: provider (you place the AI system on the EU market or put it into service under your own name) and deployer (you use it in the course of professional activity). Distributors, importers, authorized representatives are also defined and carry obligations. The role determines the obligations: getting role classification right is the first compliance task we run.

Senior practitioner's note

Tiering is everything.

Clients arrive convinced their entire AI portfolio is high-risk; or convinced none of it is. Both are wrong. The real answer comes from a deliberate Article 6 / Annex III walk-through, system by system, with role classification per system. Get the tier right and the rest of the program is tractable. Get it wrong and you've either missed a high-risk system (regulatory exposure) or paid for conformity work you didn't owe (cost theater).

§ II · Tier check

Where does your AI fall?

Three questions to first-pass tier any AI system. Real classification needs a deliberate Article 6 / Annex III analysis: this gives you the orientation.

Interactive · 3 questions

EU AI Act tier check

1. What does the AI system do?

2. Where do you place it on the market or put it into use?

3. Are you the provider, deployer, or both?

Answer above: we’ll give you a first-pass risk tier and the obligations that follow.

§ III · The four tiers

Prohibited · High · Limited · Minimal.

Plus GPAI as a parallel regime. Each tier has a different shape of obligation; misreading the tier is the most expensive mistake in the program.

Article 5Eight prohibited practices

Outright bans, in force since 2 February 2025. If you do these, no documentation or conformity assessment helps: the practice itself is unlawful in the EU. Most clients aren't doing these; the work is verifying none of your products drift toward them.

Art. 5(1)(a)

Subliminal / manipulative techniques

AI deploying subliminal techniques beyond awareness or purposefully manipulative/deceptive techniques causing significant harm.

Art. 5(1)(b)

Exploiting vulnerabilities

Exploiting vulnerabilities of persons due to age, disability, or socio-economic situation, causing significant harm.

Art. 5(1)(c)

Social scoring

Social scoring by public authorities or on their behalf leading to detrimental treatment.

Art. 5(1)(d)

Predictive policing (individual-based)

Risk assessment of natural persons to predict criminal offences based solely on profiling/personality traits.

Art. 5(1)(e)

Untargeted facial-image scraping

Creating/expanding facial-recognition databases via untargeted scraping from the internet or CCTV.

Art. 5(1)(f)

Emotion inference (workplace / education)

Emotion-recognition AI in workplaces and education, except for medical/safety reasons.

Art. 5(1)(g)

Biometric categorization (sensitive)

Categorizing natural persons by sensitive attributes (race, political opinion, religion) inferred from biometrics.

Art. 5(1)(h)

Real-time biometric ID in public

Real-time remote biometric identification in publicly accessible spaces for law enforcement, with narrow exceptions and prior judicial authorisation.

Articles 6-49High-risk: the heart of the regulation

Two routes into high-risk: (a) safety components of products under Annex I product-safety law (machinery, medical devices, toys, lifts, etc.) requiring third-party conformity already; (b) AI systems used in one of the eight Annex III domains. Each high-risk system carries the full obligation stack: risk management, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy/robustness/cybersecurity, QMS, registration in the EU database.

Annex III ¶1

Biometrics

Remote biometric ID, categorization by sensitive attributes, emotion recognition.

Annex III ¶2

Critical infrastructure

Safety components for road traffic, water, gas, heating, electricity, digital infrastructure.

Annex III ¶3

Education & vocational training

Access/admission, evaluation/grading, monitoring of prohibited behavior during tests.

Annex III ¶4

Employment & HR

Recruitment, screening, promotion, termination, task allocation, performance monitoring.

Annex III ¶5

Essential services

Eligibility for public-assistance benefits, credit scoring, life/health insurance pricing, emergency dispatch.

Annex III ¶6

Law enforcement

Risk assessment of victimization, polygraph-equivalents, evidence reliability assessment, profiling of natural persons.

Annex III ¶7

Migration & border

Polygraph-equivalents, risk assessment, examination of asylum/visa applications, identification at borders.

Annex III ¶8

Justice & democratic processes

AI assisting judicial authorities; AI influencing voter/election outcomes.

Article 50Limited risk: transparency obligations

Tier-3 systems aren't restricted: they have to be honest. Inform the human they're interacting with AI; label deepfakes and synthetic content; disclose emotion-recognition and biometric-categorization use. Cheap to comply with, expensive to ignore.

Art. 50(1)

Chatbots / AI interactions

Inform humans they're interacting with AI: unless obvious or law-enforcement exception applies.

Art. 50(2)

Synthetic content marking

GPAI providers must mark output as artificially generated/manipulated in machine-readable form (watermarking).

Art. 50(3)

Emotion / biometric-cat disclosure

Deployers must inform persons exposed to emotion-recognition or biometric-categorization systems.

Art. 50(4)

Deepfake disclosure

Deployers of deepfake content must disclose: with art / journalistic carve-outs.

Tier 4Minimal risk: everything else

Spam filters, AI in video games, inventory management, basic recommendation systems: the long tail. No obligations beyond general law (GDPR, product safety, consumer protection). The Commission encourages voluntary codes of conduct (Article 95) and the AI Pact for early adopters.

Art. 95

Codes of conduct

Voluntary application of high-risk requirements to non-high-risk systems.

AI Pact

Early-adoption initiative

Commission-led initiative for organizations to commit to AI Act compliance early. Reputational benefit, no legal effect.

Articles 51-55GPAI: the foundation-model regime

Two GPAI categories. Baseline GPAI providers must produce technical documentation, an information package for downstream providers, a copyright-compliance policy, and a sufficiently detailed summary of training data. GPAI with systemic risk: presumed when training compute exceeds 10²⁵ FLOPs: carries additional obligations: model evaluation, adversarial testing, serious-incident reporting to the AI Office, cybersecurity protections.

Art. 51

Classification of GPAI with systemic risk

Compute-threshold trigger (10²⁵ FLOPs) plus Commission designation power based on capabilities and impact.

Art. 53

GPAI provider obligations (baseline)

Technical doc, info to downstream providers, copyright policy, training-data summary.

Art. 55

GPAI systemic-risk obligations

Model eval, red-teaming/adversarial testing, serious-incident reporting, cybersecurity, post-market monitoring.

Art. 56

Codes of practice (GPAI)

Codes of practice (the General-Purpose AI Code of Practice) operationalize GPAI obligations until harmonized standards exist.

§ IV · High-risk obligations

The provider stack: Articles 8-15.

If you're a provider of a high-risk AI system, the Articles 8-15 stack is the work. Not optional, not tier-able down. The good news: ISO 42001 and NIST AI RMF cover ~60-70% of the substance with the right scoping.

Article	Obligation	What 42001/RMF gives you
Art. 9	Risk management system across the AI lifecycle	42001 Clause 6 + Annex A.5/A.6 covers most. Layer FRIA on top.
Art. 10	Data & data governance: quality, bias, representativeness	42001 A.7 + RMF Map 4 + Measure 2.
Art. 11	Technical documentation (Annex IV)	42001 A.6.2.7 strongly aligned. Annex IV is more prescriptive on layout.
Art. 12	Record-keeping / event logging	42001 A.6.2.8.
Art. 13	Transparency & information to users	42001 A.8.2 + RMF Govern 5.
Art. 14	Human oversight	RMF Govern 4 + Manage 2 + 42001 A.9.
Art. 15	Accuracy, robustness, cybersecurity	RMF Measure 2 (T.1, T.3) + 27001 controls. Often the largest gap.
Art. 17	Quality management system (QMS)	42001 clauses 4-10 directly: the closest 1:1 mapping in the regulation.
Art. 26	Deployer obligations: oversight, monitoring, FRIA	42001 A.9 + 42005 impact assessment guidance.
Art. 27	Fundamental Rights Impact Assessment (FRIA)	Net-new for many. Required for public bodies and some private deployers in Annex III ¶5(b)/¶5(c) categories.

Two registrations matter: EU database for high-risk AI systems (Article 71) before placing on the market, and conformity assessment certificate (where applicable) signed by a notified body. Self-declared CE marking is the path for most Annex III systems; third-party conformity is reserved for biometric ID and Annex I product-safety integration cases.

§ V · GPAI specifics

If you ship a foundation model.

GPAI is a separate regime layered on top of risk-tier obligations. If you train and place on the EU market a GPAI model: meaning a model with significant generality and competently performing a wide range of distinct tasks: you owe the Article 53 baseline regardless of how downstream actors use it. The threshold for systemic risk: currently 10²⁵ FLOPs of training compute: triggers Article 55 obligations: model evaluation, adversarial testing, serious-incident reporting to the AI Office within prescribed windows, cybersecurity protections aligned to state-of-the-art.

The General-Purpose AI Code of Practice: published by the AI Office: operationalizes these obligations until harmonized standards land. Adherence to the Code of Practice creates a presumption of conformity. For non-systemic GPAI, the obligations are narrower: technical documentation, information to downstream providers, copyright policy aligned to Article 53(1)(c), and a sufficiently detailed summary of training-data content using the AI Office template.

Open-source GPAI gets a partial carve-out: Article 53(2) exempts GPAI provided under free and open-source license except for the copyright-policy and training-data-summary obligations: which apply regardless: and excluding any model classified as systemic-risk.

§ VI · Conformity routes

Self-declaration or notified body.

Most Annex III systems use Annex VI: internal controls / self-declared conformity. Biometric high-risk systems and Annex I product-safety integrations require Annex VII: third-party assessment by an EU-notified body.

Most Annex III systems

Self-declared (Annex VI)

Provider attests conformity via internal controls. Affix CE mark. Register in EU database. Maintain QMS, technical documentation, post-market monitoring. No notified body involvement: provider liability stays with provider.

IssuerProvider self-declaration
Notified bodyNone
QMS basisISO 42001 strongly recommended
DocumentationAnnex IV technical doc maintained
RegistrationEU database (Art. 71)
CE markingYes, by provider
Effective from2 August 2026 (most Annex III)

Biometric · Annex I integrations

Notified body (Annex VII)

Required for high-risk biometric systems and AI integrated as safety components of Annex I products already requiring third-party assessment. Notified body audits QMS and assesses technical documentation. Issues EU technical documentation assessment certificate.

IssuerNotified body audits, provider declares
Notified bodyEU NANDO-listed body
QMS basisISO 42001 + 27001 typical
DocumentationAnnex IV reviewed by NB
RegistrationEU database (Art. 71)
CE markingYes, with NB number
Effective from2 August 2026 (Annex III biometric) / 2 August 2027 (Annex I)

§ VII · The clock

The 2025-2027 deadline cliff.

The AI Act phases in across three years. Each milestone has different scope; running compliance against the wrong milestone is a common, costly mistake.

1 Aug 2024

Entered into force

Regulation in force across the EU. No obligations active yet, but the clock starts.

2 Feb 2025

Prohibitions + AI literacy

Article 5 prohibitions binding. Article 4 AI-literacy obligations on providers and deployers (basic AI training for staff).

2 Aug 2025

GPAI & governance

GPAI provider obligations (Art. 53/55) effective. AI Office, Member-State authorities operational. Penalties applicable.

2 Aug 2026

High-risk (Annex III)

Most high-risk obligations active: Annex III systems, FRIA where applicable, EU database registration, technical documentation, post-market monitoring.

2 Aug 2027

High-risk (Annex I)

High-risk AI as safety component of Annex I products. The longest runway: product-safety integration is the hardest path.

§ VIII · How Nexurion runs it

Tiering first. Stack the standards underneath.

Every Nexurion AI Act engagement starts with a per-system Article 6 / Annex III analysis. We classify role (provider / deployer / both / distributor / importer / authorized representative), establish per-system tier, and produce a one-page tier register that drives everything downstream: obligations, conformity route, FRIA applicability, registration timing, post-market monitoring cadence. See methodology »

Where a system tiers as high-risk, we layer ISO 42001 as the QMS spine (Article 17), NIST AI RMF as the substantive risk methodology (Articles 9-15), and ISO 27001 as the security baseline (Article 15). Where harmonized standards land: we monitor the OJEU listing under standardization request M/593: we map them in. The result: one evidence library covering 42001, 27001, and AI Act in a single audit-room.

For GPAI clients, we sit on the General-Purpose AI Code of Practice working tracks and translate into operational tasks: documentation templates, training-data summary scaffolds, copyright-policy alignment to Article 53(1)(c), incident-reporting playbooks to the AI Office for systemic-risk providers.

Engagement structure

Independent of the notified body. By policy.

Conformity assessment under Annex VII requires a notified body listed in the EU NANDO database. We are not a notified body and never will be: the same conflict-of-interest reasoning that keeps us out of CB work applies here. We work alongside the NB of your choice, or refer to candidates with active AI Act schemes and clean track records.

§ IX · Where engagements stall

Six places an AI Act program goes sideways.

The Act is dense, the deadlines stagger, the AI Office guidance is still emerging. The failure modes are predictable.

01 / Wrong tier

"It's limited risk, surely."

Optimistic tiering is the most expensive bet in AI compliance. An Annex III ¶4 (employment) system tiered as limited-risk is a regulatory exposure with a ceiling of €15M or 3% turnover (Art. 99(4)). Tier deliberately, document the analysis, defend it.

02 / Wrong role

Treating OpenAI as your provider.

If you fine-tune, substantially modify, brand under your name, or use it for an Annex III purpose: you may yourself become the provider for AI Act purposes (Art. 25). Provider obligations don't shift back upstream.

03 / Skipping FRIA

Article 27 doesn't apply to us.

FRIA: Fundamental Rights Impact Assessment: applies to public bodies AND to private deployers of high-risk Annex III ¶5(b)/¶5(c) systems (essential public services, credit-scoring, life/health insurance pricing). Read Article 27 carefully; the scope is broader than first read.

04 / Database registration miss

A high-risk system not in Article 71.

Pre-market registration in the EU database is not optional. Missing it is enforceable and visible: the database is partly public. We bake registration into the launch-readiness checklist.

05 / Documentation drift

Annex IV docs at launch, not at change.

Annex IV technical documentation is a living artifact. Substantial modifications (Art. 25(1)(b)) re-trigger conformity. Treat docs as code: checked in, reviewed, regenerated at material change.

06 / GPAI denial

"Our model is fine-tuned, not GPAI."

Fine-tuning a foundation model with significant compute or making it «substantially modified» can move you under the GPAI provider regime. The Code of Practice clarifies; we run the analysis at scoping.

§ X · Fines & enforcement

The penalty ladder.

Penalties scale by severity and by undertaking turnover. Whichever amount is higher applies. SMEs and start-ups get proportionality consideration but not exemption.

Article	Violation type	Maximum fine
Art. 99(3)	Prohibited practices (Art. 5)	€35M or 7% global annual turnover
Art. 99(4)	Most other obligations (Art. 6-50, deployer/provider/etc.)	€15M or 3% global annual turnover
Art. 99(5)	Supplying incorrect info to authorities	€7.5M or 1% global annual turnover
Art. 101	GPAI-specific fines (by AI Office)	€15M or 3% global annual turnover
National law	Member-State penalties (additional)	Set by Member State: some go higher for criminal exposure

Enforcement is split. National competent authorities run market surveillance, investigations, and most penalties for high-risk and prohibited-practice violations. The AI Office runs GPAI enforcement directly. The AI Board coordinates across Member States. Expect early enforcement to focus on prohibited practices, GPAI documentation completeness, and high-risk systems whose providers haven't completed Annex IV technical documentation by their applicable date.

§ XI · Cross-mapping

AI Act against the rest of the AI stack.

The AI Act references existing standards heavily and presumes harmonized standards will fill in. Until they land, the practical mapping below tells you what you can reuse.

Framework	Coverage of AI Act obligations	What's still missing
ISO/IEC 42001	~60%: QMS (Art. 17), risk mgmt (Art. 9), data gov (Art. 10), tech doc (Art. 11), logging (Art. 12), transparency (Art. 13).	FRIA (Art. 27), conformity assessment, EU database registration, GPAI obligations, post-market monitoring specifics.
NIST AI RMF	~50% conceptual: Govern/Map/Measure/Manage feeds Articles 9, 10, 13, 26, 27.	RMF is voluntary, US-origin, no conformity weight. Use as substance under 42001 shell.
ISO 27001:2022	~30%: Article 15 cybersecurity, parts of Article 17 QMS infrastructure.	AI-specific risks, AI lifecycle, FRIA, conformity assessment.
GDPR	~25%: data protection by design (Art. 25), DPIA (Art. 35) feeds AI Act FRIA.	Most AI Act obligations are non-privacy. Run separately, share controllers/processors.
OECD AI Principles	~70% conceptual: trustworthy AI characteristics align directly.	Principles only; no operational conformity.
Harmonized standards (EN ISO/IEC 42001 et al.)	Pending OJEU listing: will provide presumption of conformity for specific Articles when published.	Watch CEN-CENELEC JTC 21 deliverables and OJEU 2026 listings.

§ XII · 2026 outlook

What's actually moving in 2026.

2026 is the year the high-risk regime activates for Annex III. Expect:

Harmonized standards landing. CEN-CENELEC JTC 21 deliverables under standardization request M/593 begin OJEU citation. EN ISO/IEC 42001 expected as a primary harmonized standard providing presumption of conformity for QMS obligations.
Code of Practice maturity. The General-Purpose AI Code of Practice second-iteration cycle. Adherence becomes the de-facto compliance route for GPAI until a harmonized standard exists.
Early enforcement signals. National competent authorities begin first investigations: expect priority on prohibited practices, GPAI training-data-summary completeness, and database-registration gaps.
Annex III delegated acts. The Commission can amend Annex III via delegated acts (Art. 7): watch for additions in HR, education, finance.

Read our deeper take in Field Notes Vol. IV: "What 2026 enforcement actually looked like, by Member State."

§ XIII · Pairs with

AI Act never stands alone.

In order of how often the question comes up alongside it.

QMS spine

ISO/IEC 42001

Article 17 QMS: the closest 1:1 mapping in the regulation. Run as your audit-able shell.

→

Methodology

NIST AI RMF

Substantive risk content for Articles 9, 10, 13, 26, 27. Reuse RMF artifacts.

→

Security floor

ISO 27001:2022

Article 15 cybersecurity baseline. Run as parallel cert under shared evidence.

→

Privacy bridge

GDPR

DPIA feeds FRIA (Art. 27). Coordinate DPO and AI compliance lead from day one.

→

US bridge

SOC 2 Type 2

For US enterprise procurement of EU-AI-Act-compliant products. Different audience, same evidence.

→

If health AI in US

HIPAA

Annex III ¶5 essential services / health adjacencies. Different jurisdiction, parallel obligations.

→

§ XIV · FAQ

Frequently asked.

Does the AI Act apply to us if we're not in the EU? +

Probably yes. Article 2 extends the regulation to providers placing AI systems on the EU market or putting them into service in the EU, and to deployers established in the EU, and to providers/deployers established outside the EU when the output of the AI system is used in the EU. Like GDPR Article 3, the reach is extraterritorial.

Are we a provider or deployer? +

Article 3(3) defines provider and Article 3(4) defines deployer. You can be both for the same system. Substantial modification of an upstream provider's system, branding it under your name, or using a GPAI for an Annex III high-risk purpose can shift you into provider status: Article 25 covers role transitions. We run this analysis at scoping.

When do we actually need to comply? +

Depends on tier and category. Prohibitions: 2 Feb 2025. GPAI: 2 Aug 2025. Most high-risk (Annex III): 2 Aug 2026. Annex I product-safety integrations: 2 Aug 2027. Article 113 has the full schedule. See our timeline »

Do we need a notified body? +

Most Annex III high-risk systems use Annex VI: self-declared conformity. Notified-body assessment (Annex VII) is required for biometric high-risk systems and AI integrated as safety components of Annex I products that already require third-party assessment. Otherwise, internal QMS + technical documentation + CE marking, attested by you.

Can ISO 42001 get us most of the way there? +

Yes: for most high-risk obligation domains, 42001 covers ~60%. Specifically QMS (Art. 17), risk mgmt (Art. 9), data gov (Art. 10), technical doc (Art. 11), logging (Art. 12), transparency (Art. 13), human oversight (Art. 14). Net-new beyond 42001: FRIA (Art. 27), EU database registration, conformity assessment route execution, GPAI obligations.

What's a FRIA and do we need one? +

Fundamental Rights Impact Assessment (Article 27). Required for: public bodies deploying high-risk AI; private deployers of high-risk Annex III ¶5(b) (essential services credit-scoring) and ¶5(c) (life/health insurance risk assessment). FRIA evaluates impacts on persons, addresses risks, sets oversight measures. Often runs alongside or downstream of GDPR DPIA.

Are we a GPAI provider if we fine-tune Llama? +

Maybe. GPAI is defined in Art. 3(63). Substantial modification or significant additional training of a foundation model can make the fine-tuner a GPAI provider. The Code of Practice has guidance. Below the systemic-risk threshold (10²⁵ FLOPs), obligations are narrower: documentation, downstream info, copyright policy, training-data summary.

What's the worst-case penalty? +

Article 99(3): €35M or 7% of total worldwide annual turnover, whichever is higher, for prohibited practices (Art. 5). €15M / 3% for most other obligations. €7.5M / 1% for incorrect information to authorities. SMEs and start-ups get proportionality consideration, not exemption.

§ XV · From the Brief

Field notes on EU AI Act.

Pieces from The Field Notes directly relevant to the regulation.

Vol. I · Field note

Why we tier first and standardize second.

The case for an Article 6 / Annex III analysis before any 42001 work: and the procurement scope it saves.

Coming · Vol. IV

First-year enforcement, by Member State.

What national authorities are testing in 2026: prohibited practices, GPAI doc, registration gaps.

Coming · Vol. V

FRIA in practice.

A working FRIA template, the questions auditors ask, and where DPIA/FRIA stops being copyable.

EU AI Act.