The European AI Act: A Gen AI Expert’s Guide to Compliance and Business Impact

Ali Arsanjani
3 min readJan 31, 2024

As someone who lives and breathes generative AI, I’m fascinated by the possibilities and risks of this technology. The European AI Act is one of the world’s first major attempts to set up a framework for regulating AI systems, and it’s something anyone in the AI space needs to understand. Is it complete? Probably not. Nonetheless it’s a major and significant step in driving much needed legislation in AI. In this blogpost, I’d like to break down what I think this means for those of us building and deploying cutting-edge AI tools.

The Risk-Based Approach: Not All AI is Created Equal

The EU’s not trying to stifle innovation. They get that AI is a broad spectrum. The AI Act takes that into account by dividing the spectrum of efforts into the following categories:

  • Unacceptable Risk: Think Big Brother stuff like real-time facial recognition in public, or AI that judges your social worth. That’s a hard “no.”
  • High-Risk: AI used in sensitive areas like healthcare, transport, or hiring processes is under serious scrutiny — and rightly so!
  • Limited-Risk: Gotta be clear if you’re using chatbots or deepfakes; transparency is key for user trust.
  • Minimal-Risk: Most AI falls here. No specific rules, but don’t be careless — ethical AI is always good business.
Image Generated by Author

High-Risk AI: The Heavy Lifting

If you’re working with high-risk AI, buckle up. Here’s what compliance means:

  • Prove it Works (and is Safe): Conformity assessments before launch are mandatory. Show your work!
  • Quality Control: It’s not just about the code; your whole AI management system needs to be on point.
  • Paper Trails: Documentation is your friend. Prove you thought about design, potential issues, and how it’s used.
  • No AI Black Boxes: Users need to know they’re dealing with AI, and what it’s intended to do.
  • Humans in the Loop: Oversight is key! You can’t just let the AI run wild independently.
  • Built to Last: This means accuracy, robustness, and top-notch cybersecurity.

Beyond Borders: The Act’s Global Reach

This isn’t just an EU thing. If you place high-risk AI on the EU market, you’re affected, even if you’re based elsewhere. Same if you’re an EU-based user of high-risk AI. And anyone whose AI outputs are used in the EU needs to play by the rules. Serious fines for not complying!

Advice from the AI Trenches

  • Take Time to Study It: This law is complex, so take time to really understand it.
  • Know Your AI: Classify the AI you work with — that dictates your actions.
  • Compliance by Design: Build this into your process from day one, not as an afterthought.
  • Stay Ahead of the Curve: More guidance is coming; be ready to adapt.

It’s Not Just About the Law

Compliance is the minimum. Think about the spirit of the AI Act: trustworthy, human-centered AI. We need to be proactive about ethics, not just react to rules. Smart companies will make responsible AI a competitive advantage.

The EU AI Act is a big deal. It’s a sign that lawmakers are paying attention to the power of the tech we build. Let’s thoughtfully engage and look at this as an opportunity to shape the future of AI for the better.

Disclaimer: I’m not a lawyer or a legal counselor!



Ali Arsanjani

Director Google, AI/ML & GenAI| EX: WW Tech Leader, Chief Principal AI/ML Solution Architect, AWS | IBM Distinguished Engineer and CTO Analytics & ML