- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Experts: Companies ‘underestimate risk’ as first provisions of EU AI Act come into force
By 
Neil Hodge2025-03-18T13:00:00
A European Union-wide ban on AI systems with “unacceptable” risk came into force on Feb. 2 as the first provisions of the EU’s AI Act took effect. Problems persist, however, over what the legislation requires and what corporate practices or uses of data may risk flouting the rules.
The part of the AI Act that has come into effect first concerns technologies that potentially risk causing the greatest harm to consumers. It prohibits systems that could have the intended–or unintended–consequences of undermining fundamental human rights and includes AI systems that exploit vulnerable people; engage in deception, manipulation, or use subliminal techniques; use social scoring for public or private purposes; exploit biometric data in real-time or for categorization purposes; recognize emotions in the workplace; scrape internet or CCTV for facial images to build up or expand databases; and conduct certain types of predictive risk profiling.
The maximum penalty for a breach is €35 million (U.S. $38.2 million) or up to 7 percent of worldwide annual turnover (whichever is higher), though penalties will not apply until Aug. 2 (which gives companies months to prepare and is when the full provisions of the act come into effect).
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumEU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance
Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.
-
PremiumSurvey: Organizations broadly adopting AI, with varied governance
The majority of businesses are using AI and doing so without governance–a compliance gap that poses extreme risks, a new survey by Compliance Week and GAN Integrity found. A webinar will discuss why it is crucial to have AI governance, how to implement it, and what strategies to strengthen programs. ...
-
PremiumGood AI governance starts with proactive, continuous risk assessments
Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.
More from Regulatory Policy
-
Basic PageSEC postpones compliance date for amendments to investment company names rule
Investment companies will have six additional months to comply with an update to the Securities and Exchange Commission rule aimed at making investment fund names more accurate.
-
Premium‘Abject failure’: U.K. lawmakers sounds off on FCA’s failed 'naming and shaming' enforcement
U.K. lawmakers slammed the country’s chief financial regulator’s hopes of “naming and shaming” firms as part of its efforts to beef up enforcement, denting its credibility in the process and questioning the leadership of its chief executive.
-
PremiumJudge to hear arguments for and against CFPB cuts before agency potentially ‘choked out of existence’
The future of the CFPB–and the Trump administration’s efforts to dismantle it–hang in the balance as a federal judge pushed consideration of a request by a federal employees’ union to preserve the agency.