The EU AI Act One Year Later: What’s Changed and What Hasn’t

Compliance Progress and Challenges

One year after implementation, the EU AI Act has fundamentally reshaped how organizations develop and deploy AI systems across Europe. Large enterprises have established compliance frameworks, appointed AI officers, and begun auditing their systems for high-risk applications. However, compliance remains uneven. Small and medium-sized enterprises struggle with documentation requirements and the cost of certification. The fine structure—up to 6% of global revenue for critical violations—has created significant incentive structures, but interpretation of vague terms like “prohibited AI” continues to generate legal uncertainty.

Technical implementation reveals the Act’s ambitious scope: transparent AI systems, explainability requirements, and risk-based categorization have forced organizations to rethink algorithmic governance. Yet three major compliance gaps persist. First, the definition of “high-risk” systems remains contestable across jurisdictions. Second, liability distribution between developers, providers, and deployers remains legally murky. Third, enforcement capacity at national regulators remains underfunded relative to the complexity of AI audit requirements.

Global Regulatory Ripple Effects

The EU AI Act has become a de facto global standard. Companies operating internationally increasingly adopt European compliance as their baseline, extending protections beyond EU borders. This regulatory arbitrage effect creates compliance costs for global players but also establishes Europe as the governance leader. The UK, Canada, and Australia are crafting their own frameworks—most borrowing heavily from EU architecture. Meanwhile, the US approach remains fragmented, with sector-specific regulations and industry self-governance. China’s approach emphasizes state security, creating three distinct regulatory worlds.

What’s Next for AI Governance

The Act’s second-year evolution will focus on enforcement action, precedent-setting cases, and refinement based on real-world implementation. Expect regulatory guidance on foundation models, expanded definitions of transparency requirements, and clarification on international liability chains. The fundamental question remains: can prescriptive regulation keep pace with AI innovation velocity?