Skip to content

EU AI Act

Also known as: AI Act

Updated 9 July 2026 Reviewed by Teemu Malinen

What is EU AI Act?

The EU regulation that sorts AI systems into risk tiers, each with its own obligations: a banned tier, a high-risk tier with strict duties, a transparency tier, and minimal risk for the rest. Most business uses fall in minimal risk. The duty you cannot skip is knowing where yours lands. In force since 2024, phased through 2027.

Why it matters

A common misread is that this law targets the companies building AI, so an ordinary business that merely uses a few tools assumes it is off the hook. It is not. The rules reach the organisation deploying a system, not only the one that made it, and the duties that attach depend on what the system is used for rather than how advanced it is. That is the part that catches teams out. A low-key tool bought to screen job applicants can carry heavier obligations than a flashy assistant used to draft emails, purely because of where it sits in someone’s life.

In practice

The first real task is an inventory. A company lists every AI system it builds, buys or embeds, then works out what each one is actually used for, because that use is what decides the duties. Most turn out to carry little. The value of the exercise is finding the few that carry a lot before a regulator or a customer does.

Otto Sunnari, Sales and partnerships at Sofokus

Ready to start leveraging AI?

Call, email, or book a time straight from my calendar.

Otto Sunnari

Sales and partnerships