3.1 — Overview and Structure
The EU AI Act (Regulation 2024/1689) was adopted in June 2024 and entered into force on August 1, 2024. It is the world's first comprehensive legal framework for AI, applying to providers, deployers, importers, and distributors of AI systems within the EU market.
The Act uses a risk-based approach with four tiers: Unacceptable Risk (banned), High Risk (heavily regulated), Limited Risk (transparency obligations), and Minimal Risk (no specific obligations). This tiered approach ensures regulation is proportionate to the level of risk posed by the AI system.
Extraterritorial scope: The Act applies not just to EU-based organizations but to any entity placing AI systems on the EU market or whose AI system outputs are used in the EU. This means non-EU companies (including U.S. and Asian tech companies) must comply if they serve EU users — similar to GDPR's extraterritorial reach.
A machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers from the inputs it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. This definition is intentionally broad and aligned with the OECD definition of AI.
The Act distinguishes between several key roles: Providers (develop or place AI on the market), Deployers (use AI systems under their authority), Importers (place non-EU AI on the EU market), and Distributors (make AI available in the supply chain). Each role carries specific obligations proportionate to their relationship with the AI system.