EU AI Act Bans AI With 'Unacceptable Risks'

The first requirements of the EU AI Act are now legally binding, including certain AI use cases deemed ‘unacceptable’ being banned and staff at companies providing or using artificial intelligence requiring sufficient literacy. 

On 2 February 2025 the first compliance deadline passed for the Act, a first-of-its-kind AI regulatory framework that formally entered into force in August 2024. It addresses the risks of AI and aims to position Europe as a leading player in the technology’s development, setting out a clear set of risk-based rules for AI developers and deployers around development, use and application. 

The passing of the first compliance deadline means that companies must now comply with the restrictions set out around AI literacy as well as AI systems considered ‘a clear threat to the safety, livelihoods, and rights of people’, which are now prohibited. 

If they don’t, or if they commit any future breaches, they face fines of as much as 35 million euros or 7% of their global annual revenue – whichever amount is higher. 

What is the AI Act? 

The AI Act ensures that Europeans can trust AI and is part of a wider package of policy measures supporting the development of trustworthy AI in the EU around innovation, collaboration, investment and regulation. 

The pace of development and innovation in AI in recent years means that adoption has outpaced legislation in many cases, with companies often responsible for ensuring AI is used safely and responsible. 

Most AI systems pose limited to no risk and can contribute to tackling complex challenges and advancing society, says the European Commission. However certain systems bring risks that, if unaddressed, can cause undesirable consequences to people and businesses. 

To mitigate this, the Act follows a risk-based regulatory framework that tailors the level of regulation to the perceived risk that different AI applications pose to society. 

In practice this framework dictates that, once an AI system comes to market it must undergo conformity assessments and comply with EU requirements. It is then registered in the EU’s database and a declaration of conformity signed. Any substantial development changes to the AI system means it must undergo the process again.

Effective regulation: A risk-based approach

The AI Act defines risks under four categories: minimal or no risk, limited risk, high risk and unacceptable risk.

High-risk applications face stringent obligations, including thorough risk assessment and mitigation protocols, high-quality data rules to minimise the risk of discriminatory outcomes, and high levels of robustness, cybersecurity and accuracy. 

Examples of high-risk use cases include critical infrastructure, medical applications, hiring and recruitment, essential private and public services like credit scoring law enforcement, and education. 

The rules that came into power on 2 February concern AI systems considered to be the highest level, or ‘unacceptable’ risk.

Here, the AI Act bans eight practices: 

• AI that exploits vulnerabilities like age, socioeconomic status or disability. 
• AI that deploys purposefully manipulative or deceptive techniques to inform decision making.
• AI that predicts people committing crimes based on their appearance. 
• AI used for social scoring.
• AI that commits the untargeted scraping of facial images from the internet or CCTV.
• AI that tries to infer people’s emotions in education institutions and the workplace.
• AI that uses biometrics to infer people’s characteristics.
• AI that collects real-time biometric data in public spaces for the purposes of law enforcement.

Gen AI is categorised as a form of ‘general-purpose’ AI in the Act. This classification encompasses tools designed to perform a wide array of tasks at a level comparable to or surpassing human capabilities.

For these kinds of AI systems, the Act imposes requirements including adherence to EU copyright law, issuance of transparency disclosures regarding model training methods, and implementation of adequate cybersecurity protections. The rules become applicable on 2 August 2025.

The rules for high-risk AI systems embedded into regulated products have an extension transition period until 2 August 2027.

Explore the latest edition of AI Magazine and be part of the conversation at our global conference series, Tech & AI LIVE. 

Discover all our upcoming events and secure your tickets today.

AI Magazine is a BizClik brand