The European Union is about to enact comprehensive legislation to regulate artificial intelligence (AI), potentially affecting corporations and law firms around the world, including those in the U.S. The legislation, dubbed the AI Act, is set to be voted on by the European Parliament on March 13 and is anticipated to pass without complications. Primary enforcement of the law is likely to begin in 2026, with some provisions taking effect earlier.
The AI Act sorts AI applications by risk and restricts certain uses outright—such as workplace “emotion recognition” systems—which could attract the stiffest fines: 7% of global revenue or 35 million euros (approximately $38 million), whichever is higher.
Although the EU is not the first to legislate AI, the sheer size of its market means the impact of the AI Act will be felt across the globe, influencing how multinational companies handle data and navigate AI. The law will affect businesses operating in the EU’s 27-nation territory and AI system builders anywhere in the world, including the U.S. If a company’s product enters the EU market, it will fall under the AI Act’s scope, necessitating compliance.
With this impending legislation, the EU intends to regulate the riskiest uses of AI. It will ban some types of AI, like those used for subliminal manipulation or social scoring. There will be strict regulations around high-risk functions, such as using AI to screen job applications, and a softer touch applied to limited-risk uses.
Plenary voting is scheduled to take place on March 13, indicating the legal approval and initiation of this legislation.
Following the EU’s 2018 General Data Protection Regulation, the AI Act will require companies operating both within and outside Europe to reshape their respective information management approaches.
Lawyers caution that businesses should start preparing now to meet the AI Act’s requirements, beginning with auditing the ways they currently use AI within their organizations. Provisions for general-purpose AI models will be implemented 12 months after the law takes effect, and most provisions will begin 24 months afterward. Companies found deploying prohibited systems could incur significant fines, and those that don’t prepare may find it difficult to penetrate the EU market with AI systems not conforming to the rules.
Further obligations such as registration requirements will be outlined for companies developing and employing high-risk AI systems. These provisions aim to maintain a record of high-risk AI systems used in the EU market. Critical clarification regarding these obligations is expected to happen over time.
The proposed AI regulations promise to change the business landscape globally and require diligence from companies to ensure compliance. As the reach of AI continues expanding, the EU’s forthcoming rules might become a valuable blueprint for other jurisdictions considering AI regulation.
For more detailed information on the upcoming EU AI Regulation, please see the full report on Bloomberg Law.