EU AI Act Enforcement Begins: What New Compliance Rules Mean for AI Providers and Global Businesses

COMMENTARY: The EU AI Act and Its Implications

As of August 2, 2025, key provisions of the EU AI Act came into force, imposing strict obligations on providers of general-purpose artificial intelligence (GPAI) models released from that date onward. Non-compliance can result in fines reaching up to €35 million or 7% of a company's annual turnover. This legislation marks a significant move toward establishing clear standards for AI regulation, balancing innovation with necessary risk control.

Providers of GPAI models now must demonstrate adherence to transparency and ethical requirements. This includes proper labeling of manipulated and synthetic AI-generated content, ensuring accessibility, respecting copyright laws, and safeguarding biometric data from improper use or collection. EU member states also have enforcement duties aligned with this deadline, making the August 2025 date a legal milestone rather than an introduction of new rules.

It’s essential to highlight that the August 2025 enforcement applies only to models released after that date. Existing models, such as OpenAI’s ChatGPT, have a two-year grace period to meet compliance standards.

Why AI Compliance Requires Continual Diligence

Compliance with the EU AI Act isn’t a one-time task but an ongoing commitment. The law’s staggered enforcement schedule means companies must prepare for a series of deadlines stretching well into the next decade. AI providers, whether based in the EU or elsewhere, need to stay vigilant as the regulatory landscape evolves.

Many legal teams view compliance as a static goal — a box to check once and then maintain with minimal effort. However, AI’s rapid development and the continuous introduction of new regulations demand sustained attention. Organizations must build flexible processes to monitor, adapt, and respond to emerging legal requirements efficiently.

What’s Next for AI Regulations?

The EU AI Act will continue to expand through 2030 with additional provisions coming into effect over time. Outside the EU, regulatory approaches differ. The United States has adopted a more decentralized and less stringent stance, with federal rollbacks and state-level initiatives filling regulatory gaps.

Other regions are establishing their own frameworks. For example, ASEAN has introduced the ASEAN AI Guide, while Australia and New Zealand utilize existing laws to govern AI applications. Even where regulations are less strict than in the EU, AI developers and users face new compliance challenges that require innovative legal and operational strategies.

Legal professionals must prepare for a future where AI regulatory compliance is a continuous process, demanding proactive management to protect innovation, productivity, and safety.

For those seeking to deepen their expertise in AI compliance and related fields, Complete AI Training offers a range of courses tailored to legal professionals and other specialists.