EU AI Act
The EU AI Act is the European Union's regulation of AI, which sorts systems by risk level and imposes obligations accordingly — banning a few uses outright, heavily regulating 'high-risk' ones, and adding transparency rules for general-purpose models. Like GDPR, its reach extends to anyone serving EU users.
Also known as: AI Act
The EU AI Act is the first broad legal framework for AI. Its core idea is a risk tiering: a small set of uses are prohibited (e.g. social scoring), a defined set of “high-risk” applications (things like hiring, credit, and critical infrastructure) carry strict obligations around data quality, documentation, human oversight, and transparency, and general-purpose/foundation models get their own transparency and disclosure requirements. Lower-risk uses are largely unregulated.
Two things make it matter even for non-EU teams. First, like GDPR, it applies based on whether your system affects people in the EU, not where you’re based — so it has extraterritorial reach. Second, it pushes the governance practices in this glossary (documentation, evaluation, audit trails, human oversight) from optional to, in some cases, legally required. The obligations phase in over time, so the practical move is knowing which risk tier your use case falls into and building the required controls before the relevant deadline.