News
Stay up to date with Compliance Solutions
EU AI Act: New Obligations and Penalties from August 2025
You must check your AI-Systems following the EU AI Act? This software can help you with all regulations.
Companies Must Adapt Their AI Governance
On 2 August 2025, the next key phase of the EU AI Act came into force. This marks the active enforcement of the AI regulation, including concrete sanctions. Companies, public authorities, and AI developers in the EU must now prepare for expanded obligations and significant fines.
Background
The EU AI Act (Regulation (EU) 2024/1689) was formally adopted in March 2024 and regulates the use of artificial intelligence based on a risk-based tiered approach. While certain AI systems with “unacceptable risk” have already been banned since February 2025, 2 August represents the start of a new phase: Compliance with the regulations will now be actively enforced with clear legal consequences.
The objective of the regulation is to align innovation and competitiveness with core European values such as transparency, data protection, and human rights.
Penalties of up to €35 Million and GPAI Obligations
The regulation provides for fines of up to €35 million or 7% of global annual turnover, whichever amount is higher. Providers of so-called General-Purpose AI (GPAI) models, General Purpose AI-Modellen (GPAI), wie ChatGPT oder Metas LLaMA.
For GPAI systems placed on the EU market from August 2025 onwards, the following new obligations apply:
- Technical documentation and risk assessments
- Disclosure of training data (particularly regarding origins and rights clearance)
- Transparency on energy efficiency
- Adversarial testing and incident reporting
Existing models will benefit from a transitional period until August 2027.
Voluntary Code of Practice as Interim Instrument
To provide guidance for GPAI developers, a voluntary Code of Practice was published on 10 July 2025. Developed by independent experts, this code is intended to facilitate a practical approach to meeting the Act’s requirements. It includes provisions on: a. Vorgaben zu:
- Transparency of training data
- Compliance with EU copyright law
- Cooperation with the newly established EU oversight framework
Simultaneously, new national oversight structures are being established in all EU Member States:
- Market surveillance authorities will monitor compliance with the AI regulation.
- Notified bodies will undertake technical certifications.
At the EU level, the newly created European AI Office will coordinate oversight activities.
HR Departments Particularly Affected
Der EU AI Act betrifft nicht nur Tech-Anbieter, sondern auch den betrieblichen Einsatz von KI, insbesondere in HR-Prozessen. HR departments must now ensure that:
- Hiring and evaluation systems are fair and free from discrimination
- Employees are informed about the use of AI
- Third-party providers of HR-AI solutions comply with legal requirements
- Training and change management measures are effective
Companies should subject existing tools and processes to AI risk assessments and adapt their governance structures accordingly.
Forcast: High-Risk Regulations from 2026
The newly enforced regulations are part of a phased implementation. The next major phase will follow in August 2026, introducing stricter requirements for high-risk AI systems, particularly in sectors such as healthcare, justice, public security, education, and critical infrastructure.
With the entry into force of penalties and GPAI regulations, the EU AI Act enters its operational phase. Companies must now not only monitor regulatory risks but also strengthen internal competencies and governance structures. With this, the EU sets global standards balancing technological openness and a values-based regulatory framework.