On February 2, 2025, the EU AI Act’s first provisions took effect. By August 2025, the full regulatory framework was active. It’s the world’s first comprehensive AI law, and its impact extends far beyond European borders. Any company serving EU customers must comply—which means Google, OpenAI, Anthropic, Meta, and thousands of startups worldwide are now operating under European rules whether they like it or not.
What the AI Act Actually Requires
The Act classifies AI systems by risk level. Unacceptable risk systems (social scoring, real-time biometric surveillance in public) are banned outright. High-risk systems (hiring tools, credit scoring, medical devices, law enforcement) face strict requirements: mandatory risk assessments, human oversight, transparency documentation, data governance standards, and ongoing monitoring.
General-purpose AI models like GPT-5 and Claude face additional obligations: publishing training data summaries, conducting adversarial testing, reporting serious incidents, and implementing copyright compliance measures. Companies that violate the Act face fines up to 7% of global revenue—for a company like Google, that’s potentially $20 billion.
The Brussels Effect
Just as GDPR became the de facto global privacy standard, the AI Act is becoming the global AI regulation template. Companies find it impractical to maintain separate AI systems for EU and non-EU markets. Instead, they’re building compliance into their core products—which means EU standards apply everywhere. Canada, Brazil, Japan, and India are all developing AI regulations modeled partly on the EU framework.
Industry Impact
- Compliance costs. Large companies are spending $50-200 million annually on AI Act compliance. Startups face disproportionate burdens—the fixed costs of compliance documentation, risk assessment, and monitoring infrastructure don’t scale down well.
- Innovation effects. Some companies are avoiding high-risk AI applications entirely rather than navigating compliance. Others are finding that the Act’s requirements (documentation, testing, monitoring) actually improve their products.
- Open source tension. The Act’s requirements for general-purpose AI create challenges for open-source model developers who can’t control how their models are used downstream.
The US Response
The United States has responded with a patchwork of executive orders and sector-specific guidance rather than comprehensive legislation. This creates regulatory arbitrage: some AI applications face stricter rules in the EU, others in the US. Companies must navigate both simultaneously. The lack of US federal AI legislation is increasingly seen as a competitive disadvantage, not an advantage—uncertainty is worse than clear rules.
By 2027, most major economies will have AI-specific regulation. The EU’s first-mover advantage means its framework will disproportionately shape what those regulations look like globally.