The EU AI Act course, in 6 modules.

About 3 hours to go from "I've heard of it" to "I can classify a system, identify the obligations and launch the compliance effort". Each module ends with a memo and a trap to avoid.

Module 1 · ~25 min

Understanding the AI Act: origins and scope

Why this regulation?

Proposed by the European Commission in April 2021, adopted in June 2024 and published in the Official Journal of the EU on 12 July 2024, Regulation (EU) 2024/1689 - the AI Act - entered into force on 1 August 2024. Its goal: ensure that AI systems placed on the European market are safe and respect fundamental rights, while supporting innovation (regulatory sandboxes, SME measures). It is a regulation: it applies directly in all Member States, with no national transposition.

What is an "AI system"?

Article 3 adopts the OECD definition: a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness, and that infers from the input it receives how to generate predictions, content, recommendations or decisions that can influence physical or virtual environments. The key word is infer: plain software running on fixed rules is not an AI system within the meaning of the regulation.

The operators in the value chain

OperatorDefinitionExample
ProviderDevelops an AI system or has one developed, and places it on the market under its own name or trademark.Vendor of CV-screening software.
DeployerUses an AI system under its own authority in a professional context.HR department using that software to recruit.
ImporterEstablished in the EU, places on the market a system from a third-country provider.EU subsidiary distributing a US tool.
DistributorMakes a system available on the market without being its provider or importer.Reseller, B2B marketplace.
Authorised representativeRepresents a third-country provider in the EU.Authorised representative appointed by written mandate.

Beware of the change of role (Art. 25): a deployer that puts its trademark on a high-risk system, substantially modifies it or repurposes its intended use becomes a provider, with all the associated obligations.

Extraterritorial scope

Like the GDPR, the AI Act reaches beyond EU borders: it covers providers placing systems on the Union market wherever they are established, and third-country providers and deployers whenever the system's output is used in the EU.

What falls outside the regulation

  • Exclusively military, defence or national security uses;
  • Scientific research and development prior to placing on the market;
  • Purely personal, non-professional use;
  • Models released as open source - unless they are high-risk, prohibited, subject to transparency obligations, or GPAI models with systemic risk.
Memo

Regulation (EU) 2024/1689 · in force since 1 August 2024 · directly applicable, no transposition · OECD definition ("infer") · 5 operators: provider, deployer, importer, distributor, authorised representative · extraterritorial like the GDPR.

Trap

"We don't build AI, so we're not affected." If you use a scoring SaaS, a customer chatbot or a "smart" HR tool, you are a deployer - and Article 4 (AI literacy) already applies to you.

Module 2 · ~30 min

Prohibited practices and risk classification

The 4 risk levels

The entire mechanics of the regulation rest on classifying the use case (not the technology):

  1. Unacceptable riskprohibited practice (Art. 5);
  2. High risk → strict requirements and conformity assessment (Chapter III, Annexes I & III);
  3. Transparency risk → disclosure obligation (Art. 50);
  4. Minimal risk → no specific obligation, voluntary codes of conduct.

Prohibited practices (Art. 5) - applicable since February 2025

  • Subliminal or manipulative techniques that materially distort behaviour and cause significant harm;
  • Exploitation of vulnerabilities (age, disability, social or economic situation);
  • Social scoring leading to unjustified or disproportionate detrimental treatment;
  • Individual predictive policing based solely on profiling or the assessment of personality traits;
  • Untargeted scraping of facial images (internet, CCTV) to build facial recognition databases;
  • Emotion recognition in the workplace and in education (except for medical or safety reasons);
  • Biometric categorisation to infer sensitive attributes (opinions, sexual orientation, race…);
  • Real-time remote biometric identification in publicly accessible spaces for law enforcement purposes - except in strictly framed cases (victims, imminent threat, serious crimes) with prior authorisation.

High risk: two entry doors

Annex I - the system is a product (or a safety component of a product) already covered by Union harmonisation legislation: medical devices, machinery, toys, lifts, aviation, automotive…

Annex III - the system falls within one of 8 sensitive areas:

  1. Biometrics (remote identification, categorisation, non-prohibited emotion recognition);
  2. Critical infrastructure (energy, water, traffic…);
  3. Education and vocational training (admission, assessment, exam proctoring);
  4. Employment and HR (recruitment, CV screening, promotion, termination, task allocation);
  5. Essential private and public services (credit scoring, life and health insurance pricing, social benefits, emergency calls);
  6. Law enforcement;
  7. Migration, asylum and border control;
  8. Administration of justice and democratic processes.

To apply this classification in practice - decision flowchart, closed questions and a downloadable template sheet - use the dedicated page: classifying an AI system.

The Art. 6(3) filter: an Annex III system escapes the high-risk classification if it only performs a narrow procedural task, improves the result of a prior human activity, or detects patterns without replacing human assessment - but you must document that analysis and register the system. A system that profiles natural persons always remains high-risk.

Case study

A bank deploys: (1) a customer routing chatbot → transparency (Art. 50); (2) credit scoring for loan decisions → high risk (Annex III, point 5) + FRIA; (3) OCR for reading bank details → minimal risk; (4) a tool analysing the "emotional engagement" of employed advisers → prohibited practice (Art. 5).

Memo

4 levels · Art. 5 = 8 families of prohibitions, since 2 February 2025 · high risk = Annex I (products) or Annex III (8 areas) · documented Art. 6(3) filter · profiling always stays high-risk.

Trap

Classifying the technology instead of the use case. The same language model is minimal risk in a spell checker, high risk in CV screening, prohibited in a social scoring system.

Module 3 · ~35 min

High-risk AI systems: the 7 requirements

Chapter III, Section 2 imposes seven families of requirements on high-risk systems. They fall first on the provider, who must demonstrate them before placing the system on the market:

Art.RequirementIn practice
9Risk management systemIterative process across the entire lifecycle: identify, estimate and treat risks, test the measures.
10Data and data governanceTraining, validation and test datasets that are relevant, representative and as error-free as possible; bias examination.
11Technical documentationComplete file (Annex IV) demonstrating conformity, kept up to date, available to the authorities.
12Record-keeping (logging)Automatic recording of events to ensure traceability throughout the system's lifetime.
13Transparency towards deployersClear instructions for use: capabilities, limitations, performance, required oversight.
14Human oversightMeasures allowing people to understand, monitor, disregard an output or stop the system ("stop button").
15Accuracy, robustness, cybersecurityDeclared and consistent performance levels; resilience to errors and attacks (including data poisoning and adversarial examples).

The provider's conformity journey

  1. Put in place a quality management system (Art. 17);
  2. Carry out the conformity assessment (Art. 43) - self-assessment based on harmonised standards in most Annex III cases, or involvement of a notified body (notably biometrics and Annex I products);
  3. Draw up the EU declaration of conformity (Art. 47) and affix the CE marking (Art. 48);
  4. Register the system in the EU database (Art. 49);
  5. Ensure post-market monitoring (Art. 72) and serious incident reporting (Art. 73) - no later than 15 days after becoming aware, with shorter deadlines for the most serious cases.
Memo

7 requirements (Art. 9 to 15): Risks, Data, Documentation, Logs, Transparency, Human oversight, Robustness. Then: QMS → conformity assessment → EU declaration → CE marking → registration → monitoring.

Trap

Believing the CE marking closes the matter. Requirements continue in operation: post-market monitoring, incident management, reassessment after every substantial modification.

Module 4 · ~30 min

Operator obligations and transparency

You are a deployer? Your obligations (Art. 26)

  • Use the system in accordance with the provider's instructions for use;
  • Assign human oversight to people who are competent, trained and vested with the necessary authority;
  • Ensure the relevance of the input data under your control;
  • Monitor operation, suspend use and alert the provider and the authority in case of risk;
  • Keep the automatically generated logs for at least 6 months;
  • Inform workers and their representatives before deploying a high-risk system in the workplace;
  • Inform the people affected by decisions made or informed by the system; individuals have a right to an explanation of individual decisions (Art. 86).

The FRIA (Art. 27)

Before the first use of an Annex III high-risk system, a fundamental rights impact assessment is required from deployers that are bodies governed by public law or private operators providing public services, as well as for credit scoring and life and health insurance pricing: processes in which the system will be used, categories of affected persons, risks of harm, oversight and redress measures. The FRIA complements the GDPR's DPIA; it does not replace it.

Transparency for everyone (Art. 50)

SituationObligationWho
Direct interaction with an AI (chatbot…)Inform the person, unless it is obviousProvider
Synthetic content (text, image, audio, video)Machine-readable marking (watermarking…)Provider
DeepfakeDisclose that the content is generated or manipulatedDeployer
AI-generated text informing the publicDisclose the artificial generation (unless human editorial review)Deployer
Emotion recognition / biometric categorisation (lawful)Inform the exposed personsDeployer
Case study

A local authority deploys a system supporting social housing allocation (Annex III, essential services): instructions followed, staff trained for oversight, FRIA before going live, applicants informed, right to an explanation for refusals, logs kept for 12 months.

Memo

Deployer (Art. 26): instructions · competent oversight · input data · monitoring · logs ≥ 6 months · informing workers and affected persons. FRIA (Art. 27): public sector + credit + life/health insurance. Art. 50: say when it is an AI, mark what it produces.

Trap

Thinking "the provider takes care of everything". The deployer's responsibility is autonomous: a perfectly compliant system that is poorly supervised or used outside its intended purpose engages the deployer - who can even become a provider (Art. 25).

Module 5 · ~20 min

General-purpose AI models (GPAI)

Model ≠ system

A general-purpose AI model (GPT, Claude, Llama, Mistral…) displays significant generality and can be integrated into a variety of downstream systems. Chapter V applies a dedicated regime to it, applicable since 2 August 2025. The system built on that model (your chatbot, your business copilot) remains subject to the risk classification covered in modules 2 to 4.

Obligations for all GPAI providers (Art. 53)

  • Technical documentation of the model (training, testing, evaluations);
  • Information and documentation for downstream providers that integrate the model;
  • A policy to comply with EU copyright law (including the text and data mining opt-out);
  • A sufficiently detailed summary of the training content, using the template published by the AI Office.

Open-source models (published weights and architecture) are exempt from the documentation duties - but not from the copyright policy or the training summary, and never if they carry systemic risk.

Systemic risk (Art. 51 and 55)

A GPAI model is presumed to carry systemic risk when its cumulative training compute exceeds 10²⁵ FLOPs, or upon designation by the Commission. Additional duties then apply: standardised model evaluations, adversarial testing (red teaming), assessment and mitigation of systemic risks, serious incident reporting to the AI Office, reinforced cybersecurity. The GPAI code of practice published in 2025 offers a presumption of conformity while harmonised standards are being developed.

Memo

GPAI since 2 August 2025 · Art. 53: documentation, downstream info, copyright, training summary · 10²⁵ FLOPs → systemic risk (Art. 55: evaluations, red teaming, incidents, cybersecurity) · your system built on a GPAI model is still classified by its use case.

Trap

"We use a large model's API, compliance is their problem." No: integrating a GPAI model into a high-risk use case makes you the provider of the high-risk system, with the 7 requirements of module 3 on your shoulders.

Module 6 · ~25 min

Governance, penalties and the wider regulatory landscape

Who oversees what?

  • AI Office (European Commission): supervises GPAI models, develops codes of practice and guidelines;
  • European AI Board: coordinates the Member States;
  • National authorities: market surveillance and notifying authorities in each Member State - in France, a coordinated multi-authority scheme is taking shape (CNIL, DGCCRF, Arcom… depending on the use case);
  • Regulatory sandboxes (Art. 57): at least one per Member State to test innovation under supervision, by August 2026.

And internally: who does what?

External governance has its internal mirror: executive sponsor, AI governance committee, AI Act lead, DPO/legal, CISO, Data & AI team, business system owners, procurement, HR and internal audit. The missions, required skills and cadence of each body are detailed in the target organisation of the implementation roadmap, and the self-assessment recommends the configuration suited to your size and maturity.

Penalties (Art. 99)

InfringementCap
Prohibited practices (Art. 5)€35M or 7% of worldwide annual turnover
Other obligations (high risk, GPAI, transparency…)€15M or 3%
Incorrect information supplied to authorities€7.5M or 1%

The amount applied is the higher of the two (the lower for SMEs and start-ups). Add product recalls, market withdrawals and reputational damage on top.

The AI Act does not live alone

Text / standardInterplay with the AI Act
GDPRApplies in parallel whenever personal data is involved: DPIA + FRIA, legal basis, minimisation, data subject rights.
NIS2 / DORA / CRACybersecurity of entities and products: converges with Art. 15 (robustness, cybersecurity).
ISO/IEC 42001AI management system (AIMS): the ideal structure to sustain AI Act compliance over time.
ISO/IEC 23894, NIST AI RMFAI risk management methods compatible with Art. 9.
CEN-CENELEC harmonised standards (JTC 21)In preparation: complying with them will grant a presumption of conformity.
Memo

AI Office (GPAI) · AI Board (coordination) · national authorities (market) · penalties 35/7 - 15/3 - 7.5/1 · GDPR always in parallel · ISO/IEC 42001 as the compliance backbone.

Trap

Confusing the AI Act caps (€35M/7%) with the GDPR's (€20M/4%). And forgetting that a single application can trigger both penalty regimes - plus NIS2 for the entity.

What next?