What is the AI Act?
Introduction
Section titled βIntroductionβπ― Learning goals
- Understand why the EU AI Act was created and what it aims to protect
- Know who and what is regulated, and what is explicitly out of scope
- Understand the difference between an AI system and a general purpose AI model (GPAI)
The EU AI Act consists of 113 articles, 13 annexes, and 180 non-binding recitals β all designed to strengthen the internal market and support innovation, while protecting health, safety, and fundamental rights. The Act is heavily inspired by product safety regulation.
Why do we need it?
Section titled βWhy do we need it?βEuropeans have some AI worries.
- Three-fourths of EU public sector workers worry about AI manipulation elections
- 80% of Norwegians are worried about not knowing what is true or AI
Globally, more people are now concerned than excited, and this trend is particularly seen in Sweden.
The EU canβt regulate trust. But it can regulate safety, and set strict requirements for the systems that pose inherently high risks.
Before the AI Act, more than half of Europeans did not think current rules effectively regulated AI. The Act was designed to fill the gaps left by existing product safety and digital platform laws, which were not written with AI systems in mind and were not adequately addressing AI-specific risks.
Who and what is regulated?
Section titled βWho and what is regulated?βThe AI Act regulates:
- People or organizations using AI in a professional context
- Those that develop an AI system or a general purpose AI model (GPAI)
- Both public and private organizations, including public authorities
- Regardless of whether payment is involved β if you make your AI system available to others in the EU for free, you are still a provider
- Regardless of whether your AI system was on the market before the AI Act came into force
Jurisdictionally: if an organization (public or private) is in the EU, or if the output of their AI system is in the EU, or if the affected persons are in the EU.
The Act is not yet included in the EFTA agreement, so it is not enforced in Norway. Norway is expected to make it national law. The GDPR was included in Norwegian law within a month of becoming EU law.
Timeline
Section titled βTimelineβSome parts are already enforced, like the prohibition on unacceptable AI systems, the requirement for AI literacy, and requirements for general purpose AI models added to the market after August 2025.
Remaining requirements are under negotiation, but will likely begin being enforced in 2026, specifically transparent requirements.
What isnβt regulated?
Section titled βWhat isnβt regulated?βIf you are using an AI system for a βpurely personal non-professional activityβ β like an app that takes a picture of the contents of your fridge and gives you easy recipe ideas β you are not regulated, because you are not a deployer. There probably isnβt a deployer in this case, only you as the user, and the provider of the system.
If you use Intric, we assume you are using it for work purposes, and your employer is the deployer. You should not use Intric for personal purposes.
Some exceptions, which are not regulated by the Act:
- AI used only for research
- AI being developed, but not yet put on the market or being used
- AI for national defence (think: weapons and the military)
For examples of specific AI systems that wouldnβt be regulated, see the out-of-scope section in Risk classes.
AI system versus general purpose AI model (GPAI)
Section titled βAI system versus general purpose AI model (GPAI)βThe AI Act was almost finished before ChatGPT launched β and the Commission had to scramble to figure out how to incorporate large language models and other types of generative AI. The Act was never supposed to classify types of AI technologies, but suddenly, there was a very accessible and very popular new technology that behaved differently than almost all other AI systems, because it was intended to not be limited to a certain set of behaviors or outcomes.
The Act decided to differentiate between AI systems β which are classed according to unacceptable or high risk levels β and general purpose AI models, or GPAIs.
An AI system is the broadest term. A GPAI specifically refers to a model that is intended to be general purpose β to competently perform a wide range of tasks regardless of the way the model is placed on the market, and can be integrated into a variety of downstream systems or applications. In practice, GPAIs capture most large language models (like the ones underpinning Intric), because LLMs are intended for the user to be able to do a wide range of tasks. GPAIs are the only types of specific systems mentioned in the AI Act β aside from these, the Act managed to be technology-agnostic.
A general purpose AI system is an AI system that is based on a GPAI. This term isnβt used that much in the Act, but it is defined in the beginning.
Examples:
- ChatGPT is a GPAI, and because itβs a GPAI, itβs also an AI system.
- A machine learning algorithm used by the tax authorities to decide whether your tax return can be automatically accepted or flagged for human review, is an AI system. It is not a GPAI, because the algorithm was specifically trained and tested to do a distinct task.
- An AI agent is an AI system. Most agents will also be GPAIs, because of their intended level of autonomy, or in other words, ability to competently perform a wide range of activities.
Key takeaways
Section titled βKey takeawaysβ- The AI Act exists to protect health, safety, and fundamental rights β not to classify all AI systems
- It applies to anyone using AI in a professional context, regardless of payment or whether the system predates the Act
- It is already partially enforced, with more requirements expected from 2026
- GPAIs (like the models powering Intric) are the only specific type of AI technology singled out in the Act; all other regulation is technology-agnostic
Test your knowledge
4 questions Β· 100% correct to pass Β· Review your answers when done