One Year of the AI Act: A Compliance Stocktake

eu-ai-act compliance May 13, 2025 · by Marcus Chen

The EU AI Act entered into force on August 1, 2024. We are now nine months in, with the Article 5 prohibitions having been live for three months and the GPAI obligations approaching their August 2 effective date. This is a good moment for a stocktake — what is working, what is not, and what to focus on for the rest of the year.

Article 5: implementation broadly successful

Compliance with the prohibition regime has been broader than I expected when I wrote about the countdown in December. Most of the obvious violations — workplace emotion-inference tools, large-scale facial-image scraping operations targeted at EU users — have been pulled or geofenced. The Commission guidance, finalized in late April after the consultation period, clarified enough of the marginal cases that compliance teams could make defensible classification decisions.

The first formal enforcement decisions are expected late summer. Two patterns to watch:

• One enforcement action against a U.S.-based facial-image scraping operator that has continued to serve EU clients despite formal warnings. This will be the test case for extraterritorial enforcement, and the company has signaled it will challenge personal jurisdiction.
• Multiple actions against EU-based vendors of workplace surveillance tools. These are more likely to settle than to litigate, but their settlement terms will be useful precedent for compliance design.

High-risk regime: behind schedule

The high-risk regime under Articles 8-15 is on a longer timeline — the bulk of obligations land on August 2, 2026 — but the standard-setting work that needs to anchor compliance is behind schedule. CEN-CENELEC's harmonized standards are running approximately four months behind the JTC 21 work program. The AI Office has been candid that the conformity-assessment process is going to lean heavily on internal-control procedures rather than on third-party assessment until standards stabilize.

For deployers, this is mostly a problem deferred to 2026. But two implications now:

1. Risk management documentation should be built against the published draft standards (especially CEN/CENELEC JTC 21 outputs and the corresponding ISO/IEC standards), not against final harmonized standards. The drafts are stable enough for that purpose.
2. The Annex III classification work — assessing which systems are high-risk under the listed use cases — should be done now, not deferred. The classification analysis is independent of the standards work, and getting it wrong on the wrong side is going to be expensive.

GPAI: August 2 is real

The bigger near-term story is the August 2, 2025 effective date for GPAI model obligations. Articles 53 and 55 obligations — technical documentation, training-data summaries, copyright policies, and for systemic-risk models additional safety obligations — become enforceable that day.

The Code of Practice negotiating process has been bumpy. The third draft was published in February to mostly positive industry reception; the fourth and final draft is expected in late June. The substance of the Code has narrowed considerably from early ambitions. It now functions primarily as a structured documentation regime rather than as a substantive safety floor.

What we are advising GPAI providers to focus on in the next ten weeks:

• The training-data summary template, finalized in March, requires more granular disclosure than most providers have prepared for. Expect public-facing summaries that disclose dataset categories, source types, and high-level filtering criteria.
• The copyright policy obligation under Article 53(1)(c) requires demonstrating compliance with EU copyright law, including the TDM exception under Articles 3-4 of the CDSM Directive. Providers who have not built systems for honoring rightsholders' opt-outs are about to have a problem.
• For systemic-risk providers (currently a small handful, all of which we are seeing engage actively): model evaluations under the Code's framework, serious-incident reporting infrastructure, and cybersecurity attestations.

The downstream-deployer puzzle, partially resolved

I flagged in March the puzzle of what GPAI provider obligations mean for downstream deployers who fine-tune or compose. The Commission's April guidance addresses this in a way I find broadly workable. Three key clarifications:

1. A downstream party that fine-tunes a GPAI model for a specific use case is generally a deployer (and possibly a high-risk-system provider, depending on use case), not a GPAI provider. The thresholds in Article 25 for becoming a "provider" by substantial modification are set high enough that ordinary fine-tuning does not trigger them.
2. However, the upstream GPAI provider's documentation obligations under Article 53 explicitly extend to providing downstream parties enough information to support their own compliance. This is the structural compromise that makes the downstream regime workable.
3. For systemic-risk models, the obligations stay with the upstream provider regardless of downstream modifications. Downstream parties cannot launder a systemic-risk model into a non-systemic-risk one through fine-tuning.

What's not working

Honest assessments:

• The AI Office is under-resourced. Headcount has tripled but is still small relative to the regulatory portfolio. Some functions — particularly the systemic-risk evaluation oversight — depend on contracted technical assessors whose recruitment is slow.
• National-authority designation in several smaller member states is incomplete. Nine months in, four member states have not formally designated their market surveillance authorities. Cross-border enforcement coordination is still ad hoc.
• The interaction with GDPR enforcement continues to be confused. The EDPB-AI Office joint guidance promised in late 2024 still has not appeared. Practitioners are operating on a "GDPR wins where there's tension" assumption that is mostly correct but unprincipled.
• FRIA practice is uneven. Where the FRIA obligation applies (largely to public-sector deployers), execution quality varies dramatically by member state, with some authorities providing detailed templates and others providing nothing.

The international dimension

I noted in February that the Brussels-effect dynamic was about to dominate this space. Three months on, that has been true in product design but less true in regulatory adoption elsewhere. Major non-EU jurisdictions are not converging on the AI Act model — Korea's framework Act takes a lighter approach, Japan's voluntary regime continues, and the U.S. state-law landscape is fragmenting in its own direction. Multinational compliance is therefore going to be more, not less, work.

One year on: bottom line

The AI Act is implementable. It is not implementable cheaply, and it is not implementable without serious documentation infrastructure that most companies do not yet have. The August 2025 GPAI deadlines are about to be the next stress test. Use the next eleven weeks well.