1. Introduction: The New Rules of the Digital Frontier
The rapid advancement of artificial intelligence has brought us to a pivotal moment in technological history. For years, the industry moved at a “breakneck” pace with few societal guardrails, but that era of digital lawlessness has ended. The EU AI Act, Regulation 2024/1689, is no longer a distant proposal; it is a finalized legal reality that sets a global precedent for balancing innovation with fundamental rights.
At its core, this regulation is human-centric. As established in Article 1, the goal is to promote the uptake of trustworthy AI while ensuring a high level of protection for health, safety, and fundamental rights, including democracy, the rule of law, and environmental protection.
According to Recital 6, AI must serve as a tool for people, with the ultimate objective of increasing human well-being. From my research perspective, this is the Act’s most important move: it frames AI governance not only as technical risk management, but as a democratic and institutional responsibility.
2. The “No-Go” Zone: Banning AI That Plays With Your Mind
The Act identifies certain AI practices as unacceptable because of their potential to cause significant harm. These practices are now strictly prohibited across the Union. Two of the most impactful bans focus on subliminal manipulation and social scoring.
The regulation prohibits AI systems that use subliminal components or manipulative techniques to subvert a person’s autonomy. Crucially, for a practice to be illegal under Article 5(1)(a), it must be likely to cause significant harm, which the Act defines as sufficiently important adverse impacts on physical health, psychological health, or financial interests.
The Act also bans social scoring: systems that evaluate individuals over time based on social behaviour in unrelated contexts. This prevents AI from being used as a tool for social control or unjustified detrimental treatment.
The placing on the market, putting into service, or use of an AI system that deploys subliminal, manipulative, or deceptive techniques in a way that materially distorts behaviour and causes or is reasonably likely to cause significant harm is prohibited. — Article 5(1)(a), paraphrased
3. Your Resume and Your Grades: Why Your Life is Now “High-Risk”
Under the new rules, AI is regulated not only by its technical architecture, but by its application. Systems used in education and employment are largely classified as high-risk under Article 6 because they can determine the educational and professional course of a person’s life, as reflected in Recitals 56 and 57.
For researchers, this is a useful example of contextual risk regulation. The same model capability may be low-risk in a casual setting and high-risk when it affects admissions, grades, recruitment, promotion, or dismissal.
The Act also provides a vital derogation in Article 6(3): an AI system in these categories is not high-risk if it performs a narrow procedural task, such as a spell-checker for resumes, or merely improves the result of a previously completed human activity without materially influencing the outcome. This distinction matters because it separates genuinely consequential systems from purely assistive tools.
4. The 1025 Threshold: When a Model Becomes a “Systemic Risk”
The Act introduces specific rules for General-Purpose AI, or GPAI, models. To identify models posing the greatest potential danger, the EU uses a specific technical metric: compute power.
According to Recitals 111 and 112, a GPAI model is presumed to carry systemic risk if the cumulative amount of computation used for its training is greater than 1025 floating-point operations, or FLOPs. Article 3(67) defines FLOPs as a measure of computational performance involving mathematical operations on real numbers.
This threshold is a rebuttable presumption. The Commission can still designate a model as posing systemic risk based on reach, capability, or market impact, even if it falls below the compute threshold. This is how the Act tries to remain future-proof as model architectures and training methods change.
5. The Death of the “Hidden” Bot: Transparency and Deepfakes
To protect the integrity of the information ecosystem, the Act makes hidden AI harder to justify. Article 50 and Recital 134 establish clear transparency obligations.
- User notification: people must be informed when they are interacting with an AI system, such as a chatbot, unless this is obvious from context.
- Deepfake labelling: content that appreciably resembles existing persons or events must be clearly labelled as artificially created.
There is also a carve-out for creativity. Disclosure requirements are limited when content is part of an evidently satirical, artistic, or fictional work, provided the label does not hamper the display or enjoyment of the work itself.
6. The “Human-in-the-Loop” Mandate
A non-negotiable safeguard in the Act is the requirement for human oversight under Article 14. High-risk systems must be designed so that natural persons can oversee their functioning and prevent automation bias: the tendency to over-rely on automated outputs.
Oversight must ensure the system is responsive to the human operator, allowing a person to intervene or stop the system at any time. In biometric identification contexts, Recital 73 points toward enhanced oversight so that consequential action is not taken solely on the basis of system output without separate human verification.
Enhanced human oversight should be provided for biometric identification systems so that no action or decision is taken by the deployer unless the identification has been separately verified and confirmed by at least two natural persons. — Recital 73, paraphrased
Conclusion: A Global Blueprint or a Regulatory Burden?
The EU AI Act is rolling out in stages. Prohibitions on unacceptable AI apply by February 2, 2025. Rules for GPAI models and governance structures follow in August 2025, with the majority of the Act becoming fully applicable by August 2, 2026 under Article 113.
As these dates approach, the industry and research community face the same question from different angles: will these rules foster trustworthy AI that becomes a global gold standard for democratic governance, or will the Brussels Effect create a regulatory burden that slows the innovation it seeks to guide?
The rules of the digital frontier have been rewritten. The challenge now is to innovate within a framework that keeps humanity, and human well-being, at the centre of the frame.