What is EU AI Act?
The world’s first comprehensive AI law - risk-tiered obligations that make AI governance mandatory.
EU AI Act: definition
The EU AI Act is the first broad legal framework for AI. It sorts systems into risk tiers: unacceptable-risk uses are banned; high-risk systems (in areas like employment, credit, and essential services) must meet strict requirements for risk management, data governance, human oversight, transparency, and logging; limited-risk systems face transparency duties; and minimal-risk systems are largely unregulated. Like GDPR, its reach extends to providers and deployers serving the EU.
- Risk tiers: unacceptable (banned), high, limited, minimal
- High-risk systems require risk management, human oversight, and logging
- Applies to providers and deployers whose AI affects people in the EU
- Substantial penalties for non-compliance, echoing GDPR’s enforcement model
How Fintra handles it
Fintra’s AI governance is built for exactly what the AI Act demands of high-risk systems: human oversight (a named person approves consequential AI actions), logging (every AI decision is recorded as tamper-evident evidence), and transparency (each decision carries its reasoning). For any AI that touches employment, finance, or other regulated domains, that governance is the substrate the AI Act requires.
Worked example
Frequently asked questions
What does the EU AI Act regulate?
It regulates AI systems by risk. It bans unacceptable-risk uses, imposes strict requirements on high-risk systems (in areas like employment, credit, and essential services), sets transparency duties for limited-risk systems, and leaves minimal-risk systems largely free.
What is a high-risk AI system?
One used in a sensitive domain the Act enumerates - such as employment decisions, creditworthiness, or critical infrastructure - where errors can significantly affect people’s rights or safety. These systems must meet requirements for risk management, human oversight, data governance, transparency, and logging.
Does the EU AI Act apply to US companies?
It can. Like GDPR, its obligations extend to providers and deployers whose AI systems are used by or affect people in the EU, regardless of where the company is based. Global companies deploying AI in regulated domains should assume it may apply.
How does Fintra help prepare for the EU AI Act?
Fintra’s AI governance provides the human oversight, decision logging, and transparency the Act requires of high-risk systems - every consequential AI action is approved by a named human and recorded as tamper-evident evidence with its reasoning.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
See how Fintra handles the numbers behind this term
Fintra is the AI Finance Operating System for SMBs - accounting, planning, payroll, equity, and AI governance on one shared data model, with a named human approving anything consequential. Free to start, no card required.
Talk to us