The European Union has cleared the final political step for its flagship artificial intelligence law. With the Council of the European Union giving its approval, the EU AI Act is set to move from legislative negotiation into publication, entry into force and phased implementation.
The measure is designed around risk. Instead of treating every AI system the same way, it sorts uses into categories that carry different obligations for developers and deployers seeking access to the EU market.
A risk-based rulebook for artificial intelligence
The Council of the European Union described the EU AI Act as “ground-breaking” and said that “as the first of its kind in the world, it can set a global standard for AI regulation.” The European Parliament had already approved the legislation in March.
The Council’s approval means the legislation will be published in the Official Journal of the European Union in the coming days. The law would then come into force across the EU 20 days afterward.
That does not mean every requirement applies immediately. The rules will be introduced in phases. Some provisions will only become applicable after two years, or even longer.
At the center of the law is a classification system. Uses that present the greatest concerns face the strongest restrictions, while lower-risk tools are subject to lighter duties.
What the EU AI Act bans and controls
The law bans a small group of “unacceptable risk” uses. The source identifies cognitive behavioral manipulation and social scoring as examples of AI use cases that are prohibited outright.
It also defines “high-risk” uses. These include biometrics and facial recognition, as well as AI used in areas such as education and employment.
For app developers, the practical effect is market access. Developers of high-risk systems will need to register those systems and meet risk and quality management obligations before they can enter the EU market.
Other AI applications fall into a different tier. Chatbots are cited as an example of “limited risk” systems, which face lighter transparency obligations.
The structure is intended to separate uses that may require strict oversight from those that can be governed with disclosure and transparency requirements. That distinction is the defining feature of the EU AI Act.
Generative AI gets its own category
The law also responds to the rise of generative AI tools by creating rules for “general-purpose AIs” (GPAIs). The source gives the model underpinning OpenAI’s ChatGPT as an example.
Most GPAIs will face only limited transparency requirements. A smaller subset will face tougher regulation if they pass a certain compute threshold and are considered to pose a “systemic risk.”
This approach means the law does not treat every general-purpose model as equally risky. The stricter requirements are reserved for systems that meet the source’s stated conditions: a certain compute threshold and a systemic risk designation.
Mathieu Michel, Belgian secretary of state for digitization, framed the adoption as both a regulatory and economic milestone. In his statement, he said: “The adoption of the AI act is a significant milestone for the European Union.”
He also said the law addresses “a global technological challenge that also creates opportunities for our societies and economies,” and emphasized “trust, transparency and accountability” while supporting innovation.
New bodies will oversee application
The EU AI Act creates a new governance structure for artificial intelligence. One central piece is an enforcement body within the European Commission called the AI Office.
The law also establishes an AI Board made up of representatives from EU member states. Its role is to advise and assist the Commission in applying the AI Act consistently and effectively.
The source compares this structure to the role played by the European Data Protection Board in steering application of the GDPR. The Commission will also create a scientific panel for oversight support and an advisory forum to provide technical expertise.
These bodies matter because the law will not operate only as a written statute. Its real-world effect will depend on interpretation, enforcement and technical guidance as the phased rules begin to apply.
Standards, sandboxes and existing laws
Standards bodies are expected to play a key role in determining what AI app developers must do. The law follows the EU’s established approach to product regulation, where standards help translate legal requirements into practical expectations.
The source notes that industry attention may shift from lobbying against the legislation to shaping the standards that will apply to AI developers. That makes the standards process a major next arena for the EU AI Act.
The law also encourages regulatory sandboxes. These are intended to support development and real-world testing of novel AI applications.
Even with the EU AI Act in place, AI developers may still face other legal obligations. The source identifies copyright legislation, the GDPR, the bloc’s online governance regime and various competition laws as existing frameworks that may already apply.
The final approval therefore does not create the EU’s only legal framework for AI. It adds the bloc’s first comprehensive artificial intelligence regulation to a wider set of rules that can already affect developers, platforms and AI applications.