EU’s AI Act: Regulators Can Ban AI Systems Deemed to Pose Unacceptable Risk

Overview of the EU’s AI Regulatory Framework

As of Sunday in the European Union, the bloc’s regulators can ban the use of AI systems they deem to pose "unacceptable risk" or harm.

First Compliance Deadline for the EU’s AI Act

February 2 is the first compliance deadline for the EU’s AI Act, the comprehensive AI regulatory framework that the European Parliament finally approved last March after years of development. The act officially went into force on August 1; what’s now following is the first of the compliance deadlines.

Understanding the EU’s AI Act

The specifics are set out in Article 5, but broadly, the Act is designed to cover a myriad of use cases where AI might appear and interact with individuals, from consumer applications through to physical environments.

EU’s Approach to AI Regulation

Under the bloc’s approach, there are four broad risk levels: (1) Minimal risk (e.g., email spam filters) will face no restrictions, and the Act stresses that law enforcement can’t make a decision that "produces an adverse legal effect" on a person solely based on these systems’ outputs.

Exceptions for Certain AI Systems

The Act also carves out exceptions for systems that infer emotions in workplaces and schools where there’s a "medical or safety" justification, like systems designed for therapeutic use.

European Commission’s Plans for Additional Guidelines

The European Commission, the executive branch of the EU, said that it would release additional guidelines in "early 2025," following a consultation with stakeholders in November. However, those guidelines have yet to be published.

Uncertainty Around Interactions with Existing Laws

It’s also unclear how other laws on the books might interact with the AI Act’s prohibitions and related provisions. Clarity may not arrive until later in the year, as the enforcement window approaches.

Importance of Understanding AI Regulation

"It’s important for organizations to remember that AI regulation doesn’t exist in isolation," said Sumroy. "Other legal frameworks, such as GDPR, NIS2, and DORA, will interact with the AI Act, creating potential challenges — particularly around overlapping incident notification requirements. Understanding how these laws fit together will be just as crucial as understanding the AI Act itself."