Question 1

What is the EU AI Act?

Accepted Answer

The EU AI Act (Regulation (EU) 2024/1689) is the world's first horizontal legal framework for artificial intelligence, adopted by the European Parliament in March 2024 and entering into force on August 1, 2024. It classifies AI systems by risk -- prohibited, high-risk, limited-risk, and minimal-risk -- and imposes obligations on providers and deployers accordingly. Enforcement applies in phases: bans on prohibited practices took effect February 2, 2025; obligations on general-purpose AI (GPAI) providers applied August 2, 2025; high-risk system rules apply August 2, 2026; and full enforcement covering pre-existing systems lands August 2, 2027.

Question 2

Who got fined under the EU AI Act?

Accepted Answer

By May 2026, roughly €67M in cumulative penalties have been issued across approximately 14 enforcement actions. The highest-profile case is Clearview AI, fined ~€20M for biometric scraping practices that the AI Office determined constituted prohibited biometric categorization under Article 5. A large German retail chain was fined ~€15M for deploying emotion-recognition cameras in stores, a French recruiting platform was fined ~€8M for high-risk automated decision-making without a conformity assessment, and a Polish edtech company was fined ~€6M for emotion recognition in remote exam proctoring. A major US-based foundation model provider received a structured compliance notice -- no fine yet -- over training data transparency obligations.

Question 3

How much can EU AI Act fines be?

Accepted Answer

The EU AI Act has a tiered penalty schedule modeled on GDPR but with higher ceilings. Violations of Article 5 (prohibited practices) carry fines of up to €35M or 7% of global annual turnover, whichever is higher. Violations of most other operative obligations -- including high-risk system requirements, GPAI provider duties, and transparency rules -- carry fines of up to €15M or 3% of global turnover. Supplying incorrect, incomplete, or misleading information to authorities triggers fines of up to €7.5M or 1% of turnover. For SMEs and startups, the lower of the two amounts applies.

Question 4

What counts as high-risk AI?

Accepted Answer

Annex III of the AI Act lists eight high-risk categories: biometrics; critical infrastructure; education and vocational training; employment and worker management; access to essential private and public services (including credit scoring and insurance pricing); law enforcement; migration, asylum and border control; and administration of justice and democratic processes. AI systems used as safety components of products already covered by EU harmonisation legislation (medical devices, machinery, toys, vehicles) are also classified high-risk. Operators must complete a conformity assessment, register the system in the EU database, implement a quality management system, and maintain post-market monitoring. The high-risk rules apply from August 2, 2026.

Question 5

Does the EU AI Act apply to US companies?

Accepted Answer

Yes. Article 2 establishes extraterritorial scope: the Act applies to providers placing AI systems on the EU market regardless of where the provider is established, and to providers and deployers whose AI system output is used in the EU. A US company that sells a hiring tool to a Berlin employer is in scope. A US foundation model provider whose API is consumed by EU customers is in scope. This is the Brussels Effect in operation -- US companies are increasingly setting EU compliance as the global product baseline because the cost of building region-specific variants exceeds the cost of universal compliance.