The AI Act: what Europe’s AI law does for you

The world’s first broad AI law bans the creepiest uses outright, chains high-risk systems to human oversight, and phases in through 2027 — here is the citizen’s-eye view.

The AI Act (Regulation 2024/1689) regulates by risk tier. Banned outright (since 2 February 2025): social scoring, emotion recognition at work and school, untargeted face-scraping to build recognition databases, manipulative systems exploiting vulnerabilities, and most real-time remote biometric identification in public — the practices covered in face scanning. High-risk systems — AI deciding on hiring, credit, insurance, essential services, education, border control — carry duties: risk management, human oversight, accuracy, logging; deployment timelines for these were pushed into 2027–2028 by the AI Omnibus (details on What’s changing). Transparency tier: chatbots must reveal they are machines; AI-generated content and deepfakes must be labelled. General-purpose models (the GPT class) owe documentation and copyright-policy duties since August 2025. What it does NOT do: give you individual rights the way the GDPR does — enforcement runs through national market-surveillance authorities and the EU AI Office. Your personal leverage over AI stays GDPR-shaped: Art. 22 human review for decisions, Art. 21 objection for training. The two laws stack — and the GDPR is the one with your name on it.

Verified against the sources above on 18 July 2026. Information, not legal advice.

← Privacy explained📞 Your data protection authority