AI Act in practice: EU publishes guidelines for companies and authorities

The European Commission has published guidelines on prohibited AI practices to supplement the AI Act (also known as the AI Regulation). The AI Regulation, which is deliberately designed to be technology-neutral, contains a large number of undefined legal terms and poses practical challenges. For this reason, the guidelines contain corresponding examples and explanations to ensure a coherent, effective and uniform application of the AI Regulation. At the same time, they are intended to serve as a guide for the competent authorities when monitoring and enforcing the regulations.

The AI Regulation introduces numerous new requirements for the development, provision, and use of AI systems, depending on their risk classification. The higher the risks to the fundamental values of the EU and society, the stricter the regulatory requirements. The first obligations, including the ban on certain AI practices and the obligation to ensure AI competence, have been in force since February 2, 2025. Full implementation of all provisions is required by August 2, 2026, at the latest.

AI Act creates uncertainty in practice

Article 5 of the AI Regulation regulates the prohibition of certain AI practices. Accordingly, AI technologies that pose an unacceptable risk are not permitted. In practice, the decisive factor is when an AI application falls under this prohibition and when it represents a high but still permissible risk. Targeted measures can be taken to avoid classification as a prohibited AI practice. These include, for example, restrictions on use or the provision of transparent information in the operating instructions.

Prohibited AI practices must always be considered in connection with so-called high-risk AI systems from Article 6 of the AI Regulation. Their use is only permitted under strict conditions. However, the demarcation poses a challenge in practice. The undefined legal terms and open formulations of the regulation are causing uncertainty among operators, as the risk pyramid for AI applications has not yet been clearly defined.

Practical guidance for authorities and companies

Although Article 5 defines certain categories of prohibited AI practices, there is a great deal of room for interpretation, meaning that companies and public authorities are currently faced with the difficult task of determining which AI practices are still permissible as high-risk AI systems and which are prohibited. This is where the guidelines published by the EU Commission come in.

Although the guidelines have already been approved, they have yet to be formally adopted, which will take place once they have been translated into all official EU languages. Companies and public bodies can use the non-binding guidelines to better understand the requirements of the AI Regulation and comply with its provisions. At 140 pages, the practical usefulness of the guidelines may initially be questioned. However, the added value outweighs this, as the document provides numerous diverse example cases, which can be used to better assess a specific case.

The EU Commission's guidelines are not legally binding, but the supervisory authorities will use them to interpret and enforce the regulations. For providers, operators, and users of AI systems, it is therefore a guide to help them deal with the specific requirements at an early-stage and check AI applications for possible violations.

(dmk)