AIcompetent.nl
The courseFor teamsAI ActAboutFAQs & HelpBlogMy AccountView Course

EU regulation

The EU AI Act, clearly explained

The world's first broad AI law touches every organisation that develops, procures or deploys AI, even if you 'only use ChatGPT'. Here's what you need to know and what to arrange now.

View the courseSchedule an introduction

A risk-based law

Instead of regulating AI as such, the AI Act looks at what you do with it. The higher the risk to people, the stricter the requirements. That's why every AI system is sorted into one of four risk categories.

The law distinguishes providers, who build or market a system, from deployers, who put it to use in a professional context. Both have obligations, even if you only use AI.

The four risk categories

Banned

Unacceptable risk

Social scoring, manipulative AI that exploits vulnerable groups, and real-time biometric identification in public spaces. Simply banned since February 2025.

Strict requirements

High risk

AI in recruitment, credit scoring, education, medical devices and critical infrastructure. Requires risk management, data quality, human oversight, transparency and logging.

Transparency duty

Limited risk

Chatbots, deepfakes and AI-generated content. You must make clear that the user is talking to AI or that an image is synthetic.

No extra duties

Minimal risk

Spam filters and AI in games. No specific obligations, but the general AI literacy duty still applies.

EU regulation

Article 4: the AI literacy duty

Since 2 February 2025, Article 4 of the AI Act requires organisations to ensure an adequate level of AI literacy among everyone who works with AI. This applies to every organisation, regardless of risk category.

Adequate means matched to the role. A data scientist needs a different level than a receptionist. Our course covers this literacy duty and provides proof of training per employee.

Become AI Act-compliant

The deadlines you need to know

2 Feb 2025

The ban on unacceptable-risk AI and the AI literacy duty (Article 4) apply.

2 Aug 2025

Rules for general-purpose AI models (such as GPT, Claude and Gemini) apply.

2 Aug 2026

Most obligations for high-risk AI apply.

2 Aug 2027

Final extension for high-risk AI in regulated products, such as medical devices.

What to do: a five-step plan

The AI Act doesn't punish using AI. It punishes thoughtless use of AI.
  1. 1

    Inventory every AI system your organisation uses, including the free tools employees found themselves.

  2. 2

    Categorise each system against the four risk categories.

  3. 3

    Train employees on AI literacy and document who completed what.

  4. 4

    Set up policy and an AI register: who may do what, with which data, and who checks?

  5. 5

    Create an incident procedure for errors, hallucinations or data leaks via AI.

Start now, not in August

An AI register, policy and training program take months to build. Our course covers the Article 4 literacy duty and gives you a template to inventory and categorise your systems.

Start the courseRead the full explainer on the blog