advanta

HomeGlossaryRegulation

Regulation

P4

EU AI Act

DEFINITION

The EU AI Act is the European Union's regulatory regime for artificial intelligence. Provisional political agreement was reached December 2023, formal adoption proceeded through 2024, and staged enforcement began August 2025. The Act operationalises ISO/IEC 42001's management-system posture for high-risk AI use cases, imposing conformity assessment, post-market monitoring, and incident reporting obligations comparable in posture to medical device regulation. Article 26 places the burden of demonstrating compliance on the deployer of the AI system, not the provider — a structural cornerstone of the Defensibility framework.

Detailed Explanation

The EU AI Act is the European Union’s regulatory regime for artificial intelligence, with provisional political agreement reached in December 2023, formal adoption through 2024, and staged enforcement beginning August 2025. It operationalises an ISO/IEC 42001-style management-system posture for high-risk AI use cases, imposing conformity assessment, post-market monitoring, and incident reporting obligations comparable in posture to medical device regulation.

Article 26 places the burden of demonstrating compliance on the deployer of the AI system, not the provider. This deployer-centric allocation of responsibility is a structural cornerstone of the Defensibility framework: legal and compliance functions that operate AI in EU-touching contexts are responsible for deployer obligations regardless of the vendor’s jurisdiction.

Within this framework, the EU AI Act is the institutional substrate for Class 5 (Regulatory non-compliance) exposure across EU-operating functions. The AI Use Policy (GOV-02) maps each function’s AI posture against the EU AI Act’s risk categorisation, ensuring that high-risk and other regulated use cases are identified, governed, and monitored in line with the Act’s requirements.

Key implication: if your function deploys AI in EU-touching workflows, you carry the primary legal burden for EU AI Act compliance—even when the AI system is sourced from a third-party vendor outside the EU.

Quick Facts

Category

Regulation

Related Pillar

P4 · Governance

Explore Glossary

← All Terms