The first provisions of the EU AI Act started to apply on 2 February 2025, specifically those related to AI literacy (Article 4) and the prohibited AI practices (Article 5).
What do companies need to do now?
1. Train employees on AI
AI providers and users must take measures to ensure a sufficient level of AI literacy among their staff and other individuals involved in the operation and use of AI systems on their behalf.
The AI Office has clarified that compliance cannot be limited to written instructions – active and continuous training is required, tailored to the context and the specific skills of the individuals involved.
2. Avoid prohibited AI practices
The prohibitions on AI systems that pose an unacceptable risk are now in force. These include:
- Use of subliminal, manipulative, or deceptive techniques
- Exploitation of a person’s vulnerabilities due to age, disability, or specific social or economic conditions
- Social scoring based on behaviour or personal characteristics
- Use of AI for predictive policing (assessing an individual’s risk level)
- Use of facial recognition databases through untargeted scraping
- Emotion recognition in workplaces and educational institutions
- Use of biometric categorisation systems
- Real-time remote biometric identification in publicly accessible spaces
Additionally, the European Commission has published – but not yet adopted – guidelines to help companies interpret these bans and comply with the new AI Act.
What’s next?
The EU AI Act’s sanctions (fines of up to €35 million or 7% of global turnoverwill) will not take effect until 2 August 2025, so businesses still have a few months to ensure compliance with the new Regulation. Is your business ready? Start preparing now to mitigate any risk. Contact us for advice and assistance.
For further information, please contact:
Pietro Pouché, Partner, Herbert Smith Freehills
pietro.pouche@hsf.com
