The EU AI Act is the European Union's regulation governing artificial intelligence, and the first comprehensive AI law anywhere. Formally Regulation (EU) 2024/1689, it sets obligations according to how much risk an AI system poses, and it applies to organizations far beyond Europe: any company that puts an AI system on the EU market or whose AI output is used in the EU falls within its scope. It is phasing in from 2025, and the obligations on high-risk systems are the most demanding, including requirements for accuracy, robustness, and cybersecurity that connect directly to security testing.
Because it is a regulation rather than a directive, the AI Act applies directly across all member states without national transposition, much like the GDPR. That gives it broad and uniform reach. This article explains how the risk tiers work, what providers and deployers of high-risk systems must do, the timeline for the obligations, and the penalties for getting it wrong. We turn these requirements into concrete engineering work through our EU AI Act compliance service.
The AI Act is a risk-based law: rather than regulating all AI the same way, it sorts AI systems into tiers and applies obligations proportionate to the risk each tier poses to health, safety, and fundamental rights. The heaviest obligations fall on high-risk systems, lighter transparency duties apply to certain others, and most everyday AI faces few or no specific obligations. A separate set of rules applies to general-purpose AI models, the large foundation models that power many downstream applications.
The Act also defines roles. A provider develops an AI system or places it on the market; a deployer uses an AI system in a professional capacity. Obligations differ by role, and a single organization can be both, for example if it builds an AI system and also uses it. Knowing which role you play for each system is the starting point for compliance.
The Act's structure rests on four tiers of risk.
The AI Act does not ask whether you use AI. It asks what your AI could do to people if it goes wrong, and scales the obligations to that answer.
If you provide a high-risk AI system, the obligations are substantial and ongoing. The core requirements include the following.
That final requirement is where the AI Act meets security testing. Demonstrating robustness and cybersecurity means testing the system against adversarial conditions, which is exactly what AI red teaming and AI penetration testing provide. The evidence those tests produce supports the conformity the Act requires.
The Act places specific obligations on providers of general-purpose AI (GPAI) models, the foundation models that many applications build on. All GPAI providers face transparency and documentation duties, including a summary of training data and respect for copyright. Models judged to pose systemic risk, the most capable models, face additional obligations including model evaluation, adversarial testing, and incident reporting. If you build on top of a foundation model rather than training your own, these obligations mainly shape the models you can rely on, but they matter for understanding the supply chain you depend on.
The AI Act applies in stages rather than all at once, giving organizations time to prepare for the heavier obligations.
The phased timeline is an opportunity, not a reason to wait. High-risk obligations take time to meet, and building the risk management, documentation, and testing now avoids a scramble later. Preparation also tends to improve security regardless of the deadline.
The AI Act backs its obligations with significant fines, tiered by severity. Breaching the prohibitions on unacceptable-risk practices carries the highest penalties, up to 35 million euros or 7 percent of worldwide annual turnover, whichever is higher. Other breaches of obligations carry lower but still substantial maximums, and providing incorrect information to authorities carries its own tier. As with the GDPR, these are ceilings, and the actual penalty depends on the nature and gravity of the breach, but the scale signals that the Act is meant to be taken seriously.
The AI Act is binding law, but it does not work in isolation. The NIST AI Risk Management Framework, explained in our NIST AI RMF guide, provides a voluntary, practical way to do the underlying risk work. ISO/IEC 42001 offers a certifiable AI management system. Many organizations use the AI RMF and ISO 42001 to structure the work and treat the AI Act as the binding obligation they must meet, and we describe how this connects to a broader program in AI governance: framework, documentation, and how to start. Aligning the three avoids duplicated effort.
Yes. Like the GDPR, it has extraterritorial reach. It applies to providers that place AI systems on the EU market and to situations where the system's output is used in the EU, regardless of where the provider is based.
Four: unacceptable risk (prohibited practices), high risk (the heaviest obligations), limited risk (transparency duties such as disclosing AI use), and minimal risk (most AI, with no specific obligations). Obligations scale with the tier.
High-risk systems must achieve accuracy, robustness, and cybersecurity appropriate to their risk. Demonstrating this means adversarial testing and evaluation, which is where AI red teaming and penetration testing produce the necessary evidence.
It phases in from 2025. Prohibitions applied first in early 2025, general-purpose AI obligations followed in 2025, and the bulk of high-risk obligations apply across 2026 and 2027. Building now avoids a later scramble.
The EU AI Act turns AI governance from good practice into legal obligation, and its security requirements connect directly to testing. If you build or deploy AI that may be high-risk, see our EU AI Act compliance service and book a scoping call to map your obligations and the work to meet them.