The EU Artificial Intelligence Act (officially Regulation EU 2024/1689) is the world’s first comprehensive legal framework regulating artificial intelligence. Passed by the European Parliament on 13 June 2024 and in force since 1 August 2024, it sets binding rules for any AI system used — or marketed — in the European Union. The Act classifies AI systems by the risk they pose, bans the most dangerous uses outright, and imposes transparency, documentation, and oversight requirements on the rest.

How the Act works: four risk tiers

The regulation groups AI systems into four categories:

Prohibited (unacceptable risk): Eight practices are banned entirely, including social scoring by governments, real-time biometric surveillance in public spaces, AI that manipulates behavior through subliminal techniques, and emotion recognition in schools and workplaces.

High-risk: AI used in hiring, credit scoring, biometric identification, criminal justice, and critical infrastructure. These systems must pass conformity assessments, maintain documentation, and be subject to human oversight before deployment.

Limited-risk (transparency-required): Chatbots, AI-generated content, and deepfakes. Providers must disclose that users are interacting with AI and label synthetic content appropriately.

Minimal risk: Spam filters, recommendation engines, most consumer AI tools. Few or no regulatory requirements.

What happens on 2 August 2026

The Act has rolled out in phases. Bans on prohibited AI practices took effect in February 2025. On 2 August 2026, the next major milestone arrives: transparency obligations (Article 50) and high-risk AI rules for systems listed in Annex III become enforceable.

Article 50 requires:

  • Chatbot disclosure: Any interactive AI system must clearly inform users they are talking to AI.
  • AI-generated content labeling: Deepfakes, AI-generated images, audio, and video on matters of public interest must be labeled as artificially created — using machine-readable watermarks and secured metadata.
  • Detection infrastructure: Providers must embed technical mechanisms so that labels cannot be easily stripped or removed.

The European Commission has published a practical compliance guide and Code of Practice to help companies prepare.

Who must comply — and yes, that includes non-EU companies

The Act applies wherever AI is used, not just where it is made. Any company that:

  • places an AI product on the EU market,
  • deploys AI whose output is used by people or organizations in the EU, or
  • processes data belonging to EU residents

must comply with the rules relevant to its system’s risk category. There is no geographic carve-out for companies based outside the EU.

High-risk AI providers outside the EU must also appoint an authorized representative inside the EU before bringing their system to market.

Why it matters for Georgia

Georgia is on the EU accession path, and a significant share of Georgian tech companies export software or services to EU customers. Under the Act, a Georgian startup offering an AI-powered HR tool or credit-scoring API to European clients must meet the same high-risk compliance requirements as a company in Berlin or Warsaw.

Even for companies that do not currently serve EU clients, the Act is shaping the global baseline: comparable frameworks are being drafted in the UK, Canada, and Brazil, and major cloud providers are building EU AI Act compliance into their platforms as a default.

Georgian companies planning to expand into European markets should begin auditing their AI systems now — classifying them by risk tier, assembling technical documentation, and identifying whether they need an EU representative. The official AI Act Service Desk offers an article-by-article guide, FAQ, and a compliance checker.

In the news

The August 2026 deadline was covered in our brief EU AI Act Transparency Rules Take Effect in 37 Days. Earlier this month, the Tbilisi UN Forum on AI in Public Governance highlighted how AI regulation is moving up Georgia’s public-sector agenda.

FAQ

Does the EU AI Act apply to a Georgian company that has no EU office?
Yes. The Act’s territorial scope covers any AI system marketed or deployed to users in the EU, regardless of where the provider is incorporated. If your product is used in the EU, you must comply.

What are the penalties for non-compliance?
Fines vary by violation. Prohibited practices can draw fines up to €35 million or 7% of global annual turnover. Violations of other obligations can reach €15 million or 3% of turnover — whichever figure is higher applies.

Do I need to do anything if my AI tool is minimal risk?
Minimal-risk systems (spam filters, simple recommenders) face no mandatory obligations, though voluntary adherence to the Commission’s AI ethics guidelines is encouraged.

When does the full Act apply?
Most high-risk rules are enforceable from 2 August 2026. Rules for AI embedded in physical products (Annex I) come into force in August 2028. For the vast majority of AI systems, the Act is fully applicable from 2 August 2026.