On 2 August 2025, new provisions of the <span class="news-text_italic-underline">European Union’s Artificial Intelligence Act</span> (the “<span class="news-text_medium">EU AI Act</span>”) entered into force, marking a decisive moment in the regulation of AI. As the world’s first comprehensive legal framework for AI, the EU AI Act sets out obligations for businesses, oversight bodies and Member States. These measures are reshaping how AI is developed, deployed and governed across Europe and they have implications for companies worldwide. This article outlines the key provisions that took effect this month and their significance for legal and compliance professionals.
The EU AI Act represents the most ambitious attempt yet to regulate AI in a holistic manner. Unlike earlier initiatives, which focused narrowly on data protection or sector-specific rules, the EU AI Act takes a broader, risk-based approach to regulating AI technologies across industries. Its scope extends from banning manipulative or exploitative practices, to imposing detailed obligations on high-risk AI systems and creating oversight structures to ensure compliance.
The EU AI Act officially came into force on 1 August 2024, but implementation has been deliberately staggered over a three-year period. This phased approach reflects the complexity of AI technologies and the need for businesses and regulators alike to adapt. The first year saw bans on unacceptable AI practices and the creation of codes of practice for providers and deployers. Now, with the 2 August 2025 milestone, the EU AI Act moves into a more operational phase, introducing enforcement powers, governance measures and penalty regimes.
A defining feature of the 2025 milestone is the role of notified bodies. These are independent organisations designated by Member States to assess whether high-risk AI systems comply with the EU AI Act. These bodies will provide third-party oversight, ensuring businesses meet transparency, safety and accountability requirements.
Alongside this, provisions on governance (Chapter VII), confidentiality (Article 78) and penalties (Articles 99–100) now apply. Most notably, financial penalties for non-compliance are enforceable as of this date, creating strong incentives for companies to align with the framework without delay.
General-purpose AI (“<span class="news-text_medium">GPAI</span>”) models, trained on massive datasets and capable of serving multiple functions, receive special transitional treatment. Any GPAI model already on the market before 2 August 2025 has until 2 August 2027 to achieve full compliance. This two-year grace period recognises the scale and complexity of adapting such models but also signals that regulation of even the most advanced AI will not be optional.
The EU AI Act also places significant obligations on Member States. By the August deadline, each Member State was required to:
These obligations ensure the EU AI Act is not merely a legal framework on paper but is actively supported by national infrastructure and enforcement.
Where codes of practice for GPAI providers are not finalised or are deemed inadequate, the European Commission may step in to issue binding rules. This safeguard ensures continuity and consistency of regulation, even if industry-led approaches fall short. In parallel, the Commission must now begin its annual review of prohibited AI systems, with the first review deadline set for 2 August 2025. This mechanism ensures the legislation can evolve to address emerging risks and technologies.
The August 2025 developments mark a turning point in the regulatory landscape for AI in Europe. For businesses, this means compliance must move from planning to action. The risk of financial penalties, reputational damage and market restrictions is now tangible. At the same time, companies that embrace compliance may benefit from greater trust and competitive advantage in an environment where accountability is becoming central to innovation.
