Beginner

EU AI Act — What You Need to Know

⏱ ~40 Duration · 9 Module
Why this matters

The EU AI Act (Regulation 2024/1689) has been in force since August 2024. The AI Literacy obligation (Art. 4) has been applicable since 2 February 2025 — now, not only from August 2026. From August 2026, high-risk obligations and regulatory oversight will take effect. Lack of knowledge is no protection: fines of up to 35 million euros or 7% of the worldwide annual turnover are possible. Comprehensive knowledge protects your company.

What you will learn

You are familiar with the four risk classes of the EU AI Act, understand which obligations apply from 2025 and 2026, and can assess whether an AI system in your organization falls under high-risk requirements.

Video

Why do we need AI regulation? — Janelle Shane (TED, 12 Min)

Perfect introduction: Janelle Shane demonstrates with real examples why uncontrolled AI leads to unexpected results — and why the EU AI Act is precisely necessary for this reason.

Lesen

The Law and Its Logic

~15 Min

The EU AI Act — Fundamentals

Key Points

Regulation (EU) 2024/1689 — effective since 1 August 2024. The world's first comprehensive AI law. It applies to everyone deploying AI in the EU — regardless of where the AI was developed.

The Principle: The riskier, the stricter

The EU AI Act is risk-based. Not all AI is equally dangerous. A spam filter is different from a system that decides on creditworthiness.

Unacceptable Risk  →  PROHIBITED
High Risk          →  Strict Obligations + Approval
Limited Risk       →  Transparency Obligation
Minimal Risk       →  Few Restrictions (Majority of all AI)

Timeline — what applies when?

Date Regulation
August 2024 Law effective
February 2025 Prohibited practices apply
August 2025 Rules for AI foundation models (GPT, Claude etc.)
February 2025 AI Literacy Obligation (Art. 4) + Prohibited Practices (Art. 5)
August 2026 High-risk Obligations + Regulatory Supervision/Enforcement
August 2027 Transition periods for some product categories

Who is affected?

Role Definition Example
Provider Develops AI and brings it to market AI startup, software provider
Operator Deploys AI in their own operations Your company
Affected Person Impacted by AI decisions Applicant, borrower, patient

As a company, you are generally an operator — with specific obligations.

Penalties

Violation Maximum Penalty
Prohibited Practices (Art. 5) 35 million EUR or 7% of annual turnover
High-risk Requirements 15 million EUR or 3% of annual turnover
False Information 7.5 million EUR or 1.5% of annual turnover

Next: Risk Classes in Detail →

Quiz

Quick Check: The Law

1. For whom does the EU AI Act apply?

2. From when does the AI literacy obligation apply (Art. 4 EU AI Act)?

Lesen

The 4 Risk Classes

~15 Min

The 4 Risk Classes in Detail

Class 1 — Prohibited (since February 2025)

Eight practices are absolutely prohibited:

Prohibited Practice Why
Subliminal Manipulation Violates Autonomy
Exploitation of Vulnerabilities Vulnerable Groups
Social Scoring by Authorities Violation of Fundamental Rights
Predictive Policing (Individuals) Presumption of Innocence
Biometric Mass Surveillance Disproportionate
Emotion Recognition at Work/School Manipulation Potential
Biometric Categorization (Origin etc.) Discrimination Risk
Creation of Facial Databases through Scraping Data Protection

Practice Check: Is your company planning any of these? → Stop immediately. No transition period.

Class 2 — High Risk (fully from August 2026)

AI in these areas is automatically considered high-risk:

Area Typical Applications
Employment Applicant Selection, Performance Evaluation, Termination
Basic Services Credit Granting, Social Benefits, Insurance
Education Admission Decisions, Exam Evaluation
Critical Infrastructure Electricity, Water, Transport
Law Enforcement Risk Assessment, Evidence Evaluation
Migration Visa Decisions, Border Control
Justice Judicial Support

What operators of high-risk systems must do:

  1. Establish a risk management system
  2. Document data management practices
  3. Create technical documentation
  4. Activate automatic logging
  5. Ensure human oversight
  6. Guarantee accuracy, robustness, cybersecurity
  7. Train employees ← this course fulfills Art. 4

Class 3 — Limited Risk (Transparency)

AI interacting with humans must disclose its identity.

Specifically:

  • Chatbots must identify as AI
  • AI-generated texts/images/videos must be labeled
  • Deepfakes must be marked as such

Immediate action required for companies with AI chatbots — these obligations already apply.

Class 4 — Minimal Risk

Spam filters, product recommendations, AI in video games — largely unregulated. Voluntary codes of conduct recommended, no legal obligations.

Quick Test: Which Class Applies to Your System?

Question 1: Does the application fall under Annex III (High-Risk Areas)?
  → YES: High-risk obligations from August 2026
  → NO: Proceed to Question 2

Question 2: Does the AI interact with humans or generate visible content?
  → YES: Transparency obligation (Class 3)
  → NO: Minimal Risk (Class 4)

Unsure? → Seek legal advice. The costs are low compared to the fines.

Back: The Law | Next: What It Means for You →

Praxisfall

Case Study: The New HR Tool

Situation

Your company purchases an AI tool that evaluates employee performance and provides salary increase recommendations. The provider says: "It's just a decision support tool, not real AI."

Does this fall under the EU AI Act — and if so, which class?
Lösung anzeigen

Yes — and High Risk (Annex III: Employment).
"Decision support" is not a free pass.
If AI influences employment decisions — no matter how it is packaged — it is considered high-risk.
Obligations: risk assessment, documentation, human oversight, employee training. Before deployment, not afterwards.

Häufige Fehler:
✗ The provider believes that it is 'not real AI'.
The Act defines AI technically — not the provider. Have questionable statements reviewed by the competent authority.
Merke

Risk classes at a glance

  • Verboten: Social Scoring, Emotionserkennung Arbeit/Schule, Massenüberwachung
  • Hochrisiko: Beschäftigung, Kredit, Bildung, Infrastruktur, Justiz
  • Begrenztes Risiko: Chatbots müssen sich als KI zu erkennen geben
  • Minimal: Spam-Filter, Empfehlungen — kaum Pflichten
Lesen

What it means for me

~10 Min

What the EU AI Act Means for Your Company

Immediate Need for Action — Now, Not 2026

Some obligations already apply:

Obligation Effective Since For Whom
Avoid prohibited practices Feb. 2025 All
Chatbot labeling requirement Aug. 2026* Operators
Employee training (AI Literacy) Aug. 2026 All operators
High-risk documentation Aug. 2026 High-risk operators

*technically fully effective from Aug. 2026, preparation recommended now

Your Obligations as an Operator

Step 1: Inventory Which AI systems does your company use? Complete for each system:

  • Name and purpose of the system
  • Provider
  • Affected groups
  • Risk class (→ Quick Test Module 2)

Step 2: Prioritize High-risk Systems For each high-risk system by August 2026:

  • Establish a risk management system
  • Review Data Protection Impact Assessment (DPIA)
  • Document human oversight
  • Train employees

Step 3: Demonstrate AI Literacy Art. 4 obliges operators to ensure that employees possess “sufficient AI competence”. This course + assessment = your proof.

Rights of the Affected Parties

When AI makes decisions about your customers, employees, or applicants:

Right Basis What Affected Parties Can Request
Transparency Art. 13 EU AI Act Explanation of AI function
Human Review GDPR Art. 22 Review by a person
Information GDPR Art. 15 What data was processed
Rectification GDPR Art. 16 Correction of incorrect data

Three Questions for Purchasing AI

Before your company buys or licenses an AI system:

  1. “How do you explain an erroneous decision?” — No explanation model = no purchase.
  2. “What training data did you use and on what legal basis?” — Lack of legal basis burdens you as the operator.
  3. “Who is liable for discrimination by your system?” — “The customer” is not an answer.

Back: Risk Classes | Start Assessment →

Reflexion

Your AI systems

Which AI systems does your company use — and into which risk class do they fall?

Consider: application tools, chatbots, credit/scoring systems, recommendation algorithms...

Beispiele:
  • HR-System mit KI-Unterstützung → wahrscheinlich Hochrisiko
  • Kundenservice-Chatbot → begrenztes Risiko (Offenbarungspflicht)
  • Produktempfehlungen im Shop → minimales Risiko
Wird nur in deinem Browser gespeichert.
Merke

Here's what you take away

  • Feb 2025: AI Literacy (Art. 4) + Verbote (Art. 5) gelten jetzt
  • August 2026: Hochrisiko-Pflichten + behördliche Aufsicht starten
  • Strafen: bis 35 Mio EUR oder 7% Umsatz
  • Kernfrage: Fällt mein System unter Hochrisiko?
  • Hochrisiko: erst prüfen, dann einsetzen
  • Chatbots: müssen sich als KI zu erkennen geben

Ready for the assessment?

Course completed! Start assessment.

Start assessment →
Next Course
Understanding AI Bias & Fairness
How biases enter AI systems — and how to identify them.