In 2024, the European Union passed the AI Act — the world's first comprehensive law specifically regulating artificial intelligence. It affects every company that builds or uses AI to serve EU citizens, which means it affects almost every major AI product you've ever used.
Here's what it actually says, in plain English.
The Basic Idea: Risk Levels
The EU didn't try to regulate all AI the same way. Instead, they created a risk-based system with four levels:
Unacceptable risk — Banned entirely. This includes AI used for social scoring by governments (think China's social credit system), real-time facial recognition in public spaces, and AI designed to manipulate people's subconscious behaviour.
High risk — Heavily regulated. AI used in hiring, credit scoring, medical diagnosis, law enforcement, and critical infrastructure. These systems need to pass audits, maintain detailed records, and have human oversight.
Limited risk — Lighter rules. Mostly transparency requirements. If a chatbot is AI, it must tell you it's AI. Deepfakes must be labelled as deepfakes.
Minimal risk — Almost no rules. Spam filters, video game AI, Netflix recommendations. These carry on as normal.
What Does This Mean For You?
If you're a regular person: mostly nothing changes immediately. The biggest practical impact is that AI systems used to make decisions about you — whether you get a job, a loan, or a medical diagnosis — now have to be auditable and explainable.
You'll also start seeing more "this is AI-generated" labels on content, which is genuinely useful.
What Does This Mean For Companies?
Big consequences for anyone building serious AI products. High-risk system developers face fines of up to €30 million or 6% of global turnover for violations — whichever is higher.
That's enough to make even the biggest companies pay attention.
The Timeline
The law passed in 2024 but phases in over several years. The ban on unacceptable-risk AI came first. Rules for high-risk systems follow. Companies have time to adapt — but the direction is clear.
