Question 1

What is the EU AI Act?

Accepted Answer

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. It establishes harmonised rules for the development, marketing, and use of AI systems within the European Union, taking a risk-based approach.

Question 2

When does the EU AI Act take effect?

Accepted Answer

The AI Act entered into force on 1 August 2024, with requirements applying in phases. Prohibited practices: 2 February 2025. AI literacy and GPAI: 2 August 2025. Most high-risk requirements: 2 August 2026. Some Annex I systems: 2 August 2027.

Question 3

Who does the EU AI Act apply to?

Accepted Answer

The AI Act applies to providers, deployers, importers, distributors, and manufacturers of AI systems — regardless of where they are based — if their AI system is placed on the EU market or its output is used in the EU.

Question 4

Does the AI Act apply to companies outside the EU?

Accepted Answer

Yes. If a company provides or deploys an AI system placed on the EU market, or if the output of its AI system is used within the EU, the AI Act applies. This extraterritorial scope is similar to the GDPR.

Question 5

What types of AI systems are covered?

Accepted Answer

The AI Act covers software that generates outputs such as predictions, recommendations, decisions, or content, including machine learning, deep learning, logic-based, and statistical approaches. It does not cover traditional software operating on purely pre-defined rules.

Question 6

What are the four risk levels in the AI Act?

Accepted Answer

Unacceptable risk (prohibited), High risk (strict requirements), Limited risk (transparency obligations), and Minimal risk (no specific obligations).

Question 7

How do I determine if my AI system is high-risk?

Accepted Answer

Check if your system is listed in Annex III (biometrics, critical infrastructure, employment, education, law enforcement, public services) or is a safety component of a product covered by Annex I EU legislation.

Question 8

What AI practices are prohibited?

Accepted Answer

Prohibited practices include social scoring, real-time remote biometric identification in public spaces (with narrow exceptions), exploiting vulnerabilities of specific groups, subliminal manipulation, emotion recognition in workplaces and education, and untargeted facial image scraping.

Question 9

What is a General-Purpose AI (GPAI) model?

Accepted Answer

A GPAI model is an AI model trained on broad data at scale that can perform a wide range of tasks. Providers must provide technical documentation and comply with EU copyright law. Models posing systemic risk face additional obligations.

Question 10

What is the difference between a provider and a deployer?

Accepted Answer

A provider develops an AI system and places it on the market. A deployer uses an AI system professionally. Most companies buying AI tools are deployers. Provider obligations are more extensive; deployer obligations focus on oversight, risk assessment, and transparency.

Question 11

What are the main obligations for deployers of high-risk AI?

Accepted Answer

Deployers must use the system per instructions, ensure human oversight, monitor operations, conduct FRIA where required, keep logs, inform affected persons about AI use, and register in the EU Database if applicable.

Question 12

What is a Fundamental Rights Impact Assessment (FRIA)?

Accepted Answer

A FRIA is a mandatory assessment for certain deployers of high-risk AI (public bodies, banking, insurance, critical infrastructure). It evaluates the impact on fundamental rights before deployment.

Question 13

What is AI Literacy and who needs it?

Accepted Answer

AI Literacy (Article 4) requires all providers and deployers to ensure their staff has sufficient skills and knowledge to make informed decisions about AI systems. This applies from 2 August 2025 and is not optional.

Question 14

What are the penalties for non-compliance?

Accepted Answer

Prohibited practices: up to EUR 35 million or 7% of global turnover. High-risk violations: up to EUR 15 million or 3%. Incorrect information: up to EUR 7.5 million or 1%. The higher amount applies in each tier.

Question 15

Do I need to register my AI system in the EU Database?

Accepted Answer

Yes, if you are a provider of a high-risk AI system listed in Annex III, or a deployer that is a public authority. Registration must happen before the system is placed on the market or put into service.

Question 16

How do I start preparing for the EU AI Act?

Accepted Answer

Step 1: Inventory all AI systems. Step 2: Classify each system's risk level. Step 3: Identify your role (provider/deployer). Step 4: Map obligations and deadlines. Step 5: Implement compliance measures. AI and Shine automates all steps in one platform.

Question 17

What documents do I need for compliance?

Accepted Answer

Depending on role and risk level: AI inventory register, risk classification records, FRIA, data governance documentation, human oversight procedures, incident reporting procedures, AI literacy training records, transparency notices, post-market monitoring plan, and conformity declaration.

Question 18

How long does it take to become compliant?

Accepted Answer

With AI and Shine, most companies complete initial compliance setup in 2-4 weeks. Without a dedicated tool, the process typically takes 3-6 months and requires significant legal resources.

Question 19

Can I use AI and Shine if I'm not a legal expert?

Accepted Answer

Absolutely. AI and Shine is designed for business operators, not lawyers. The platform guides you through each step in plain language, automatically classifies AI systems, generates compliant documents, and provides clear recommendations.

Question 20

How does AI and Shine help with AI Act compliance?

Accepted Answer

AI and Shine provides an all-in-one compliance platform: automated AI inventory and risk classification, document generation, governance dashboard, AI literacy training course, continuous monitoring, and multi-language support.

EU AI Act — Frequently Asked Questions

What is the EU AI Act?

When does the EU AI Act take effect?

Who does the EU AI Act apply to?

Does the AI Act apply to companies outside the EU?

What types of AI systems are covered?