When does the EU AI Act take effect?

The Act entered into force in August 2024. Key dates: Feb 2025 (prohibited AI), Aug 2025 (GPAI rules), Aug 2026 (high-risk obligations), Aug 2027 (full enforcement).

Does the EU AI Act apply to UK companies?

Yes, if your AI system is used by or affects people in the EU. The Act has extraterritorial scope similar to GDPR — location of company doesn't matter, location of impact does.

What are the penalties for non-compliance?

Up to €35 million or 7% of global annual turnover for prohibited AI violations. Up to €15 million or 3% for other breaches. SMEs face proportionally lower caps.

How long does a compliance assessment take?

A typical AI system inventory and initial risk classification takes 2–4 weeks. Full compliance implementation including governance framework and documentation takes 2–6 months depending on complexity.

Do I need a compliance officer for AI?

The EU AI Act doesn't mandate a specific role, but companies deploying high-risk AI should designate clear accountability. Many organisations are creating AI Compliance Officer or AI Ethics Lead positions.

What's the difference between AI governance and AI compliance?

AI governance is the internal framework (policies, processes, roles) for responsible AI use. AI compliance is meeting specific legal requirements like the EU AI Act. Good governance makes compliance easier.

EU AI Act Compliance & AI Governance

The EU AI Act is now in force. Is your AI compliant? Digital Colliers provides end-to-end AI governance support — from risk assessment to ongoing monitoring.

€35M Maximum Penalty

For prohibited AI practices under the EU AI Act — up to 7% of global annual turnover.

Aug 2025 GPAI Obligations Begin

General-purpose AI providers must comply with transparency and documentation requirements.

78% Not Yet Prepared

Of EU companies have not started their AI compliance journey. Early movers gain competitive advantage.

What Is the EU AI Act?

The EU AI Act is the world's first comprehensive artificial intelligence regulation. It establishes a risk-based legal framework for AI systems across the European Union. The regulation applies to any company deploying AI that affects EU citizens — including non-EU companies. As AI regulation in Europe evolves, organisations must understand their obligations and act now to ensure compliance.

Key Compliance Deadlines

Feb 2025

Prohibited AI practices banned — social scoring, manipulative AI, and real-time biometric surveillance.

Aug 2025

GPAI rules take effect — transparency, documentation, and copyright compliance for general-purpose AI providers.

Aug 2026

High-risk AI obligations begin — conformity assessments, risk management, and human oversight requirements.

Aug 2027

Full enforcement — all remaining provisions apply, including penalties for non-compliance.

The Four Risk Categories

Unacceptable Risk

Social scoring, manipulative AI, real-time biometric surveillance in public spaces.

Banned — these AI practices are prohibited under the EU AI Act.

High Risk

HR recruitment, credit scoring, education assessment, law enforcement, healthcare diagnostics, critical infrastructure.

Strict obligations — conformity assessments, risk management systems, human oversight, data governance, and technical documentation.

Limited Risk

Chatbots, emotion recognition systems, deepfake generators.

Transparency obligations — users must be informed they are interacting with AI.

Minimal Risk

AI-powered spam filters, AI in video games, inventory management systems.

No specific obligations — voluntary codes of conduct encouraged.

How We Help You Achieve Compliance

Digital Colliers provides end-to-end EU AI Act compliance support. From initial risk assessment to ongoing governance — we help you navigate every requirement.

📋

AI System Inventory & Classification

Audit all AI systems across your organisation and classify them against EU AI Act risk categories. Identify which systems require conformity assessments and prioritise compliance efforts.

🔍

Risk Assessment & Gap Analysis

Structured AI risk assessment against EU AI Act requirements. Identify gaps in documentation, human oversight, and data governance. Receive a clear remediation roadmap.

🏛️

AI Governance Framework Setup

Build your internal AI governance framework: policies, roles, approval workflows, and monitoring processes. Establish clear accountability for AI compliance across your organisation.

📄

Technical Documentation

Prepare comprehensive technical documentation for high-risk AI systems: risk management plans, data quality protocols, testing procedures, and human oversight documentation.

🏅

Conformity Assessment Support

Guide you through the conformity assessment process — self-assessment for most systems, third-party assessment for biometric and critical infrastructure AI.

📡

Ongoing Monitoring & Audit

Continuous monitoring, periodic audits, and regulatory change tracking. AI systems must remain compliant as they evolve — we help you maintain compliance over time.

Who Needs to Comply?

AI Providers

Companies that develop and place AI systems on the market. Providers bear the primary compliance burden — including conformity assessments and technical documentation.

AI Deployers

Companies that use AI systems in their operations. Deployers must ensure proper human oversight, monitor system performance, and maintain usage logs.

Importers & Distributors

Companies that bring AI systems into the EU market. They must verify that providers have completed conformity assessments and that systems carry proper CE marking.

Non-EU Companies

Any company whose AI system affects EU citizens — regardless of where the company is based. The EU AI Act has extraterritorial scope, similar to GDPR.

Industries Most Affected

Financial Services

Credit scoring, fraud detection, and algorithmic trading all fall under high-risk classification. AI compliance for financial services is critical.

AI compliance for financial services →

Healthcare

AI-powered diagnostics, treatment recommendations, and patient triage systems require rigorous conformity assessments and human oversight.

Healthcare AI compliance →

Manufacturing

Safety-critical AI in production lines, quality control, and predictive maintenance falls under high-risk obligations when affecting worker safety.

Manufacturing AI governance →

HR & Recruitment

AI used in hiring, performance evaluation, and workforce management is explicitly classified as high-risk under the EU AI Act.

Why Digital Colliers for AI Compliance?

Technical + Regulatory Expertise

We combine deep AI engineering knowledge with regulatory understanding. Our team doesn't just advise — we implement the technical controls and documentation required for compliance.

European Team, DACH & Nordics Focus

Our consultants understand the European regulatory landscape, including GDPR interplay with the AI Act. We serve clients across the DACH region, Nordics, and UK.

Strategy to Implementation Under One Roof

From compliance assessment to governance framework to technical implementation — no handoffs between firms. Starts with our AI consulting process.

Starts with our AI consulting process →

100+ AI Specialists

Scale your compliance team with dedicated specialists who understand both the technical and regulatory dimensions of AI governance.

Scale your compliance team →

Frequently Asked Questions

Get Your AI Compliance Assessment

Start with a clear picture of where your AI systems stand under the EU AI Act. Our compliance assessment gives you a risk classification, gap analysis, and concrete action plan. No commitment required.

Book your assessment Already building AI? See our AI implementation services.