Introduction

As artificial intelligence (AI) evolves in front of our eyes from technological invention to the generally available tool that accompanies our day-to-day life, it becomes not only a subject of innovation but an object of governance. The AI phenomenon is a moving target, forcing the law to address its complexity, together with its social, economic, and political implications. The regulation of AI is a global trend, but it is in the European Union that we are witnessing the most dynamic and widely debated process aimed at creating a legal framework and a comprehensive regulatory environment suitable for the algorithmic challenges of today. ¹ The European Union's engagement with artificial intelligence as a distinct object of regulatory attention began in April 2018, when the European Commission published its Communication on Artificial Intelligence for Europe, treating AI as a strategic technology and calling for coordinated investment, ethical reflection, and novel governance. ² The same year saw the establishment of the High-Level Expert Group on AI (HLEG AI), which in April 2019 issued the “Ethics Guidelines for Trustworthy AI,” articulating seven key requirements for lawful, ethical, and robust AI systems. ³ Starting the regulatory process with the definition of the ethical framework meant that European values and principles should be treated as a reference for the future development of AI technologies. At the same time, the European Union believed that, by establishing universal ethical guidelines, it would spread paradigms of human-centred and trustworthy AI throughout the technology industry worldwide. These soft-law principles were supplemented in February 2020 by the White Paper on Artificial Intelligence, proposing a risk-based regulatory approach, and by the Report on the safety and liability implications of AI, which signalled the need for adapting the EU's product safety and civil liability frameworks. ⁴ In April 2021, the Commission submitted the first draft of the Artificial Intelligence Act, introducing a comprehensive horizontal regime for AI based on risk categorisation and conformity assessment obligations. ⁵ This initiated a long and difficult legislative process, marked by extensive debate over definitions, scope, and finally the regulation of general-purpose AI. It culminated in political agreement in December 2023 and the formal adoption in July 2024 of the Regulation (EU) 2024/1689 (the AI Act), establishing the first binding, cross-sectoral AI regulation in the world. ⁶ The formal entry into force of the AI Act (AIA) in August 2024 opened the two-year period during which the provisions of the AI Act will be phased in, indicating that the Regulation shall apply from 2 August 2026. However, the first set of provisions to become fully applicable six months after the AI Act's entry into force (February 2025) are those of general character ⁷ and those prohibiting certain AI practices. ⁸ It reflects the urgency of addressing uses deemed incompatible with Union values. The rules concerning notifying authorities and notified bodies, ⁹ general-purpose AI models, ¹⁰ governance, ¹¹ penalties, ¹² and confidentiality ¹³ follow twelve months after entry into force (August 2025), enabling the European AI Office and providers to establish compliance mechanisms. The core framework regarding high-risk AI systems ¹⁴ and corresponding provisions will be applied thirty-six months after entry into force (August 2027), giving the necessary lead time for harmonised standards, notified bodies, and technical infrastructure to mature. This phased applicability reflects the EU pattern in digital regulation – imposing early prohibitions on unacceptable risks, introducing novel obligations for complex actors, and postponing the most resource-intensive compliance requirements until the regulatory ecosystem is ready.