In this guide
- EU AI Act compliance checklist for SMEs (free download)
- What is the EU AI Act?Plain-English definition, the risk tiers and who is in scope.
- Does the EU AI Act apply to UK businesses?When post-Brexit UK firms are caught by the Act.
- EU AI Act timeline & key deadlinesEvery phase-in date from 2024 through 2028.
Key facts
| Official name | Regulation (EU) 2024/1689, the ‘Artificial Intelligence Act’ |
|---|---|
| In force | 1 August 2024, with obligations phasing in to 2027–2028 |
| Approach | Risk-based: unacceptable (banned), high-risk, limited-risk, minimal-risk |
| Who it covers | Providers, deployers, importers and distributors — including non-EU firms whose AI output is used in the EU |
| Key date | 2 August 2026 — Article 50 transparency obligations apply |
| Maximum penalty | €35m or 7% of global annual turnover for banned practices |
What does the EU AI Act regulate?
It governs how AI systems are developed, placed on the EU market and used, scaling obligations to risk rather than banning or approving AI wholesale. A short list of practices is prohibited; high-risk uses carry duties such as risk management, data governance, documentation, human oversight and logging; certain systems must be transparent; and most everyday AI has no specific obligations. Read what is the EU AI Act? for the full breakdown.
Who must comply — and does it reach the UK?
The Act applies to providers and deployers, plus importers and distributors, and its reach is extraterritorial. A UK business is in scope if it places AI on the EU market or its AI's output is used in the EU, even with no EU office. See does the EU AI Act apply to UK businesses?
What are the four risk categories?
Unacceptable risk is banned (for example social scoring). High risk covers uses such as recruitment, credit and critical infrastructure, with the strictest duties. Limited risk means transparency obligations under Article 50, such as disclosing AI chat and labelling deepfakes. Minimal risk is everything else, with no specific obligations.
When do the obligations apply?
They phase in: bans and AI-literacy duties from February 2025, GPAI rules from August 2025, transparency from 2 August 2026, and most high-risk obligations across 2027 and 2028 (some provisionally deferred under the Digital Omnibus). The full schedule is on the EU AI Act timeline.
What are the penalties?
Fines are tiered: up to €35m or 7% of global annual turnover for prohibited practices; up to €15m or 3% for most other breaches; with lower caps for SMEs and start-ups.
How do UK businesses get ready?
Start with an AI inventory, classify each system by risk, put proportionate AI governance around the systems that need it, and assemble the procurement-ready evidence buyers expect. You can check your exposure in minutes.
Frequently asked questions
Is the EU AI Act in force?
Yes — it entered into force on 1 August 2024 and its obligations apply in phases through 2027–2028.
What is the most important EU AI Act deadline?
For most organisations, 2 August 2026, when Article 50 transparency obligations and GPAI governance apply.
Does the EU AI Act apply after Brexit?
Yes — it can apply to UK businesses that place AI on the EU market or whose AI output is used in the EU.
What are the penalties for non-compliance?
Up to €35m or 7% of global turnover for prohibited practices; up to €15m or 3% for most other breaches.
What is the first step to compliance?
Build an AI inventory and classify each system by risk — you cannot comply with obligations you have not mapped.
Related guides
Sources
Last updated 19 June 2026.