AI Act: Which artificial intelligence actors and systems are affected?
Summary
- The scope of the IA Regulation
- Which AI systems are affected by the AI Act?
- Who are the actors involved?
- What obligations depending on the profile and level of risk?
- Conclusion: prepare now for the AI Act
1. The scope of the IA Regulation
Adopted in 2024, the AI Act, or European regulation on artificial intelligence, marks a turning point for digital governance in Europe. It aims to regulate all AI systems placed on the market or used in the European Union, whether designed locally or abroad.
The AI Act applies:
- To all AI systems marketed, deployed or used within the EU;
- To European and non-European actors as long as their systems are accessible on European territory;
- To any organization (public or private), whatever its size.
Exclusions: military uses, non-commercial research systems, and certain intergovernmental cooperation outside the EU are excluded from the scope of the regulation.
2. Which AI systems are affected by the AI Act?
The AI Regulation classifies artificial intelligence systems into four risk levels, with varying obligations:
| Risk level | Examples | Applicable regime |
|---|---|---|
| ❌ Unacceptable risk | Cognitive manipulation, biometric mass surveillance, social scoring | Prohibited |
| ⚠️ High risk | Recruitment, health care, justice, security, education, critical infrastructure | Strictly regulated |
| i️ Limited risk | Chatbots, generative AI, conversational assistants | Mandatory transparency |
| ✅ Minimal risk | Video games, filters, recreational AI | Free use |
Note: Also included are general purpose models (Foundation Models) like GPT, when used for commercial purposes or integrated into high-risk systems.
3. Who are the actors involved?
The AI Act introduces an extensive chain of responsibility with multiple actor profiles:
- Supplier: Develops or has developed an AI system and brings it to market under its brand. He is the main regulatory manager of the system.
- Deployer: Uses an AI system under its own authority (e.g. a company that integrates an AI tool into its HR processes). He is responsible for compliant and secure use.
- Importer: Introduces to the European market an AI system designed abroad.
- Distributor: Makes an AI system available on the market, without being the author.
- Agent: Represents a non-European supplier to facilitate regulatory compliance.
🔍 Good to know: In an AI project, several actors can be involved: it is essential that their roles and responsibilities are contractually defined.
4. What obligations depending on the profile and level of risk?
The level of risk of the AI system determines regulatory obligations.
For high-risk system vendors:
- Implementation of an AI risk management system;
- Creation of complete technical documentation;
- Use of quality learning data;
- Establishment of human supervision mechanisms;
- Logging of system activities;
- Declaration of conformity and CE marking;
- Registering the system in an EU database.
For deployers:
- Use in accordance with the instructions provided;
- Guarantee of effective human control;
- Continuous monitoring and reporting of incidents;
- Verification of the quality of input data;
- Implementation of appropriate organizational measures.
The regulation also requires continuous updating of systems and rigorous monitoring throughout their life cycle.
5. Conclusion: prepare now for the AI Act
The AI Act will sustainably transform the artificial intelligence landscape in Europe, imposing rigor, transparency and accountability on all links in the AI chain. More than a constraint, it is a strategic opportunity to structure your AI projects around ethical and reliable principles.
For businesses and administrations, comply quickly is essential to limit legal risks, preserve user confidence, and differentiate yourself on the market.
