TLDR: While the European Union’s landmark AI Act continues its phased implementation, with significant provisions for General-Purpose AI (GPAI) and a new penalty regime taking effect in August 2025, concerns are mounting regarding the preparedness of national regulators to effectively enforce its complex provisions. Member States are tasked with designating competent authorities and reporting on their resources, but uncertainties persist regarding the practical application of the enforcement framework.
The European Union’s Artificial Intelligence Act (EU AI Act), hailed as the world’s most comprehensive legal framework for AI, is progressing through its staggered implementation, with key obligations coming into force throughout 2025 and 2026. While the Act officially entered into force in August 2024, its provisions are being applied in phases to allow for adaptation and compliance.
As of February 2, 2025, the first set of provisions took effect, prohibiting certain AI practices deemed manipulative or harmful, such as biometric categorization based on sensitive characteristics and untargeted scraping of facial images from the internet. However, a more substantial wave of obligations, particularly for General-Purpose AI (GPAI) models and the Act’s penalty regime, became applicable on August 2, 2025.
Under these new rules, providers of GPAI models, including large language models like ChatGPT, are now required to evaluate models, assess and mitigate systemic risks, conduct adversarial testing, report serious incidents, ensure cybersecurity, and report on energy efficiency. For GPAI models with systemic risk, defined by high-impact capabilities (e.g., training computation exceeding ten floating point operations), even more comprehensive requirements apply.
Crucially, August 2, 2025, also marked the deadline for EU Member States to designate their national competent authorities, including market surveillance and notifying authorities, responsible for supervising compliance at the national level. Member States were also mandated to report on the financial and human resources allocated to these authorities. However, a significant point of concern is the uncertainty surrounding the practical enforcement of the Act’s penalty regime. While the Act outlines substantial administrative fines—up to EUR 35 million or 7 percent of global annual turnover for prohibited practices, and up to EUR 15 million or 3 percent for other infringements—the actual implementation and enforcement mechanisms at the national level remain unclear in some areas.
To aid compliance, the EU has introduced a Code of Practice on GPAI, a non-legally binding guideline designed to help companies demonstrate adherence to the Act’s requirements on transparency, copyright, and safety. Providers can reference this code in their dealings with the EU’s AI Office, established to oversee the Act’s introduction.
Despite these efforts, the Act has faced criticism from some industry leaders who cite its complexity and potential negative impact on Europe’s economic competitiveness. Calls for regulatory simplification and even a ‘clock-stop’ on implementation have been voiced by leading European companies. This sentiment aligns with broader debates about promoting Europe’s sovereignty in tech infrastructure and finding viable alternatives to US and Chinese AI dominance. The EU’s approach to AI regulation also highlights a divergence from the more hands-off regulatory stance seen in the United States, particularly under the Trump administration’s AI Action Plan.
Also Read:
- Agentic AI Adoption Reaches One-Third Amidst Significant Integration and Governance Hurdles
- Belgium Unveils Comprehensive Ethical Guidelines for AI in Advertising
Looking ahead, the next major set of requirements, particularly for ‘high-risk’ AI systems, is scheduled to apply from August 2, 2026, further expanding the scope of the Act’s influence on various sectors.
