top of page
Search

Is the EU AI working?

The EU AI Act is not yet fully operational as it is being introduced in phases, with some provisions already in force and others only becoming applicable in August 2026.

As a result, we can assess whether it is influencing behaviour, but not whether it is achieving all of its intended outcomes.


There are some benefits:

It has forced AI governance onto the boardroom/ C Suite agenda. AI inventories, risk classifications, impact assessments, and governance reviews are all key to managing the use of AI and this Act has created a framework.  

 

It has established a common European approach providing a single regulatory framework across the EU rather than a patchwork of national rules, giving organisations a clearer direction for compliance.

 

It has influenced global thinking, a bit like GDPR, so this AI Act is already affecting how international organisations design and govern AI systems, even outside Europe.

 

HOWEVER…

Implementation remains confusing and many businesses still struggle to determine whether they are providers, deployers, importers, or distributors, and whether their AI use cases are high-risk. There seems to be a lack of practical guidance.


Enforcement infrastructure is still developing and several Member States have been slow to establish enforcement authorities and practical oversight mechanisms. Much of the enforcement framework is still being assembled.


There are business concerns about innovation as technology companies and industry bodies argue that compliance costs and uncertainty could slow innovation and make Europe less competitive compared with the US and China.


The Act assumes organisations know:

  1. What AI they are using.

  2. Where it is being used.

  3. What risks it creates.

  4. Who is accountable.


In practice, we find that many organisations are still struggling with the first bit. A recurring theme among compliance professionals is that creating an AI asset register is often the hardest part.   


Even though the UK has not adopted the EU AI Act, many UK businesses will still be affected if they:

  • provide AI-enabled products or services into the EU,

  • process EU residents' data,

  • operate in regulated sectors such as financial services, healthcare, HR, or critical infrastructure.


If the measure of success is raising awareness, driving governance, and creating a common framework, then the EU AI Act is already having an impact.

If the measure of success is consistent enforcement, reduced AI harms, and clear regulatory certainty, it is still too early to say. Most of the significant enforcement and high-risk AI obligations only start taking effect from 2026 onwards, so the real test is likely to occur over the next 2–3 years.


For organisations already dealing with GDPR, NIS2, DORA and cyber governance, the AI Act is increasingly looking less like a standalone AI regulation and more like another component of enterprise governance and accountability.


Again, Hail AI Trust Assure ... based on regulator approved GDPR controls

 

 
 
 

Comments

bottom of page