EU AI Act — definition

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, adopted in 2024 and phased in through 2027. It classifies AI systems into four risk tiers — unacceptable, high, limited, and minimal — and imposes obligations (conformity assessments, transparency notices, human oversight) proportional to risk. High-risk systems in healthcare, finance, employment, and critical infrastructure face the strictest requirements.

Canadian and global enterprises selling AI-powered products or services into the EU must comply with the Act's requirements for their risk tier. General-purpose AI (GPAI) models above a 10^25 FLOP training threshold face additional systemic-risk obligations. Non-compliance can attract fines up to €35 million or 7% of global annual turnover.

Related terms

AI Compliance — AI compliance is the demonstrable conformance of AI deployments to applicable laws and standards — GDPR, PIPEDA, the EU AI Act, NIST AI RMF, ISO/IEC 42001, sector-specific rules in healthcare, finance, and government.

AI Governance — AI governance is the system of policies, controls, and accountabilities that determines what AI is allowed to do inside an organization, who approves AI deployments, how AI decisions are audited, and how risk is managed.

NIST AI RMF — The NIST AI Risk Management Framework (AI RMF) is the US voluntary framework for managing AI risk, organized around four core functions: Govern (policies and culture), Map (context and risk identification), Measure (analysis and assessment), and Manage (prioritization and treatment).