Developing AI systems in the European Union (EU) has become a risky business, well, only if the risk is considered “unacceptable.” On February 2, 2025, the EU Artificial Intelligence Act (AI Act) began enforcing its initial provisions, marking a significant step in regulating AI technologies within the EU. The AI Act introduces a framework to ensure the ethical and safe deployment of AI systems, categorizing them based on risk levels and imposing corresponding obligations.

Key Provisions Now in Effect

The first wave of AI Act provisions and restrictions are now in effect, marking a key milestone in the EU’s regulatory approach to artificial intelligence. While the European Commission has yet to issue detailed guidance on compliance, organizations must now adhere to newly enforced rules on prohibited AI practices and AI literacy requirements.

Prohibited AI Practices Outlined in Article 5

The AI Act explicitly bans certain AI applications deemed to carry “unacceptable risk.” These include:

  • AI systems that manipulate human behavior to the detriment of users.
  • AI systems that exploit vulnerabilities related to age, disability, or socioeconomic status.
  • Social scoring systems by governments.
  • Real-time biometric identification systems in public spaces, with specific exceptions.
  • Facial recognition databases built from scraped online images or security footage.
  • Emotional detection AI in schools and workplaces.
  • Criminal prediction software.

Organizations found deploying such prohibited AI systems within the EU may face fines up to 7% of their annual revenue or 35 million euros, whichever is greater.

With these regulations now in force, businesses operating in the AI space must navigate compliance challenges while awaiting further guidance from the EU Commission.

AI Literacy Requirements

Article 4 of the AI Act mandates that individuals and entities using AI possess sufficient technical knowledge about the AI systems they operate. This includes understanding the functionality, intended use, and potential impacts of the AI to ensure safe and ethical deployment.

Upcoming Provisions

While the initial provisions are now active, additional significant aspects of the AI Act will come into effect on August 2, 2025. These include:

  • Enforcement Authorities: Member state competent authorities will be appointed, gaining regulatory power to issue fines and enforce the regulation.
  • Obligations for General-Purpose AI Providers: Providers of general-purpose AI models will be required to adhere to specific  obligations to ensure compliance with the AI Act.

How BigID Helps Reduce AI Risk

Navigating the complexities of the EU AI Act requires robust data management and compliance strategies. With BigID, organizations can improve their security posture, enable proactive privacy and risk mitigation, and implement risk-based controls. To comply with AI regulations, organizations must have visibility and control of both AI systems and the data accessed by AI systems.

BigID offers solutions to help organizations align with the AI Act’s requirements:

  • Discover and Classify Data: BigID enables automated discovery and classification to build an inventory of data, AI models, and systems, providing organizations with a comprehensive understanding of their AI data landscape.
  • Mitigate Data Risk: By identifying and assessing data associated with AI systems, BigID helps organizations build policies, evaluate potential risks, and implement necessary controls to mitigate them.
  • Achieve Compliance: BigID’s data-centric approach supports proactive management of regulatory compliance, ensuring organizations adhere to the AI Act’s requirements.
  • Secure the AI Data Lifecycle: BigID provides tools to secure the AI data lifecycle, ensuring data protection and compliance throughout the development and deployment of AI systems.
  • Protect & Govern AI: Implement security controls around both data and models, including the ability to alert on high-risk data, revoke permission, and access and remediate high-risk data.

With BigID’s comprehensive data intelligence platform, organizations can effectively manage their AI data, mitigate risks, and ensure compliance with the evolving regulatory landscape established by the EU AI Act.

Get ahead of the AI Act with BigID— talk to our AI experts or take a tour.