EU AI Act

Regulation (EU) 2024/1689 of the European Parliament and of the Council

The Artificial Intelligence Act is the world's first comprehensive legal framework for AI systems. It entered into force on 1 August 2024 and applies to any organisation that places an AI system on the EU market or puts one into service within the Union, regardless of where the provider is established.

Full Name and Origin

The EU Artificial Intelligence Act, formally cited as Regulation (EU) 2024/1689, was adopted by the European Parliament and the Council of the European Union and published in the Official Journal on 12 July 2024. It was proposed by the European Commission in April 2021 and negotiated over three years across the co-legislators. The regulation is directly applicable in all EU Member States without requiring national transposition, and it carries extraterritorial reach: providers and deployers outside the EU are bound by it whenever the output of their AI system is used within the Union.

Problem Statement

Before this regulation, no binding legal instrument specifically addressed the risks posed by AI systems. Existing product-safety and data-protection laws (e.g., the Machinery Regulation, GDPR) covered adjacent ground but left gaps around algorithmic transparency, human oversight of autonomous decisions, and accountability for general-purpose AI models. The Act closes those gaps by establishing a horizontal, risk-proportionate framework that spans all sectors.

Structure and Key Articles

The Act contains 13 chapters, 144 articles, and 13 annexes. Its core architecture follows a four-tier risk classification:

Unacceptable risk (Article 5). Eight categories of AI practice are prohibited outright, including subliminal manipulation techniques, social scoring by public authorities, untargeted scraping to build facial-recognition databases, and real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions).
High risk (Articles 6-49, Annexes I and III). AI systems are classified as high-risk through two paths: (a) they serve as a safety component of a product covered by EU harmonisation legislation listed in Annex I (e.g., medical devices, machinery, vehicles) that requires third-party conformity assessment; or (b) they fall into one of eight use-case domains listed in Annex III, including biometric identification, critical infrastructure management, education, employment, law enforcement, and administration of justice. Providers of high-risk systems must implement a quality management system, conduct conformity assessments, register in the EU database, maintain technical documentation, and ensure human oversight capabilities.
Limited/transparency risk (Article 50). AI systems that interact with persons, generate synthetic content, or perform emotion recognition must disclose that fact to the user.
Minimal risk. All other AI systems are unregulated but may voluntarily adopt codes of conduct (Articles 95, 96).

A separate chapter (Chapter V, Articles 51-56) imposes obligations on providers of general-purpose AI (GPAI) models. All GPAI providers must publish training-content summaries, comply with EU copyright rules, and provide technical documentation. Models assessed as posing systemic risk (the threshold is a cumulative compute exceeding 10^25 FLOP) must additionally perform adversarial testing, report serious incidents, and ensure adequate cybersecurity.

Enforcement Timeline

The Act applies in phases, counting from entry into force on 1 August 2024:

2 February 2025 — Prohibitions (Article 5) and AI-literacy obligations take effect.
2 August 2025 — GPAI-model obligations and governance provisions become enforceable; EU AI Office becomes operational.
2 August 2026 — General application date in the current Regulation text, including obligations for high-risk AI systems classified under Annex III. Latest policy update: the 7 May 2026 provisional Digital Omnibus agreement would move stand-alone high-risk AI systems to 2 December 2027 if formally adopted.
2 August 2027 — Current Regulation date for high-risk AI systems that are safety components of products under Annex I harmonisation legislation. Latest policy update: the same provisional agreement would move product-embedded high-risk AI systems to 2 August 2028 if formally adopted.

Penalties range up to 35 million EUR or 7 % of global annual turnover for prohibited-practice violations, down to 15 million EUR or 3 % for other infringements. The EU AI Office, established within the European Commission, supervises GPAI compliance and investigates systemic risks.

Practical Implications for Manufacturers

Industrial AI systems used in safety-critical manufacturing processes are likely to be classified as high-risk under Annex I (machinery, pressure equipment) or Annex III (critical infrastructure). This means manufacturers that deploy AI for quality control, predictive maintenance, or autonomous process adjustments must document the AI system's intended purpose, maintain risk-management processes, implement data-governance measures, and guarantee meaningful human oversight. Conformity assessments and CE marking obligations apply before the system can be placed on the market.

How TIAL Relates

TIAL is designed to operate as the structured execution layer between AI reasoning and industrial action. Its architecture directly addresses several EU AI Act requirements: the typed action schema provides the technical documentation and transparency record required by Articles 11-13; the mandatory human-approval step in the TIAL workflow satisfies the human-oversight obligation of Article 14; and the immutable, cryptographically signed audit trail fulfils the logging and traceability requirements of Article 12. Because every AI proposal in TIAL is a structured, inspectable object rather than opaque free text, deployers can demonstrate compliance with the Act's transparency provisions by design.

Sources

← Back to Documents