Question 1

What is the EU AI Act?

Accepted Answer

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive legal framework for artificial intelligence, adopted in June 2024. It establishes harmonised rules for the development, placement on the market, putting into service, and use of AI systems in the European Union. The regulation takes a risk-based approach, classifying AI systems into four categories: unacceptable risk (prohibited), high risk (subject to strict requirements), limited risk (transparency obligations), and minimal risk (no specific requirements). It applies to providers of AI systems placed on the EU market, deployers of AI systems within the EU, and providers and deployers located outside the EU where the AI system output is used in the EU.

Question 2

What are the AI Act risk classification levels?

Accepted Answer

The EU AI Act defines four risk levels. Unacceptable risk AI systems are prohibited outright, including social scoring by public authorities, real-time remote biometric identification in public spaces (with limited exceptions), manipulation through subliminal techniques, and exploitation of vulnerabilities of specific groups. High-risk AI systems must comply with strict requirements before market placement, including those used in critical infrastructure, education, employment, essential services, law enforcement, migration management, and administration of justice. Limited-risk AI systems have transparency obligations, such as chatbots that must disclose they are AI, deepfake generators, and emotion recognition systems. Minimal-risk AI systems like spam filters and AI-enabled video games have no specific requirements. Venvera automates the classification process with a structured assessment that evaluates your AI systems against each category.

Question 3

What are the requirements for high-risk AI systems?

Accepted Answer

High-risk AI systems must satisfy six categories of requirements before being placed on the EU market. Risk management: establish and maintain a risk management system throughout the AI system lifecycle. Data governance: training, validation, and testing data must meet quality criteria including relevance, representativeness, and freedom from errors. Technical documentation: comprehensive documentation enabling assessment of compliance. Record-keeping: automatic logging of events during operation. Transparency: provide clear information to deployers about capabilities and limitations. Human oversight: design for effective human oversight during use. Accuracy, robustness, and cybersecurity: achieve appropriate levels throughout the lifecycle. Additionally, a conformity assessment must be completed before market placement. Venvera provides structured workflows to document and track each of these requirements.

Question 4

What is a Fundamental Rights Impact Assessment (FRIA)?

Accepted Answer

A Fundamental Rights Impact Assessment (FRIA) is required under Article 27 of the EU AI Act for deployers of high-risk AI systems that are bodies governed by public law or private entities providing public services. The FRIA must be performed before putting the high-risk AI system into use and must assess the impact on fundamental rights of individuals and groups affected. This includes evaluating impacts on non-discrimination, privacy, data protection, freedom of expression, human dignity, and access to essential services. The assessment must describe the processes where the AI system will be used, the period and frequency of use, categories of persons likely to be affected, specific risks of harm, human oversight measures, and actions to be taken if risks materialise. Venvera provides structured FRIA templates with scoring matrices for each fundamental right.

Question 5

When do the different parts of the EU AI Act apply?

Accepted Answer

The EU AI Act has a staggered implementation timeline. February 2025: prohibitions on unacceptable-risk AI systems take effect (6 months after entry into force). August 2025: obligations for general-purpose AI (GPAI) models apply, including transparency requirements and rules for GPAI models with systemic risk. August 2026: the full set of requirements for high-risk AI systems listed in Annex III takes effect (24 months after entry into force), including conformity assessments, technical documentation, and post-market monitoring. August 2027: requirements for high-risk AI systems that are safety components of products regulated under existing EU harmonisation legislation (Annex I) take effect. Organisations should start compliance preparations now, particularly for AI system inventories and risk classification.

Question 6

How does the AI Act affect financial services?

Accepted Answer

Financial services are significantly impacted by the EU AI Act. AI systems used for creditworthiness assessment and credit scoring of natural persons are classified as high-risk under Annex III, requiring full compliance with conformity assessment, risk management, data governance, and transparency requirements. AI systems used for risk assessment and pricing in life and health insurance are also high-risk. Additionally, AI systems used in fraud detection, anti-money laundering, and algorithmic trading may fall under high-risk classification depending on their specific use case. Financial institutions already subject to DORA must also consider how their AI-related ICT risk management obligations interact with AI Act requirements. Venvera maps AI Act requirements alongside DORA and other financial regulatory frameworks so you can manage compliance holistically.

Question 7

What are the penalties for AI Act non-compliance?

Accepted Answer

The EU AI Act establishes a tiered penalty structure. For prohibited AI practices (unacceptable risk systems): fines of up to 35 million euros or 7% of total worldwide annual turnover, whichever is higher. For non-compliance with high-risk AI system requirements: fines of up to 15 million euros or 3% of total worldwide annual turnover. For supplying incorrect, incomplete, or misleading information to authorities: fines of up to 7.5 million euros or 1% of total worldwide annual turnover. For SMEs and startups, the lower of the two amounts (fixed or percentage) applies. Member states may also impose additional penalties under national implementation measures. The AI Office, established within the European Commission, oversees enforcement for general-purpose AI models, while national market surveillance authorities handle enforcement for other AI systems.

EU AI ACT COMPLIANCE SOFTWARE: AI SYSTEM CLASSIFICATION AND CONFORMITY ASSESSMENT

AI SYSTEM RISK CLASSIFICATION ACROSS ALL FOUR LEVELS

CONFORMITY ASSESSMENT FOR HIGH-RISK AI SYSTEMS

FUNDAMENTAL RIGHTS IMPACT ASSESSMENT (FRIA)

DATASET DOCUMENTATION AND DATA GOVERNANCE

POST-MARKET MONITORING AND PERFORMANCE TRACKING

SERIOUS INCIDENT REPORTING FOR AI SYSTEMS

EU AI ACT COMPLIANCE: VENVERA VS AD-HOC APPROACHES

FREQUENTLY ASKED QUESTIONS ABOUT THE EU AI ACT

READY TO PREPARE FOR
EU AI ACT COMPLIANCE?