CanIPhish Logo
Language Color Theme

What is the EU AI Act?

The EU AI Act is the world's first comprehensive law governing artificial intelligence. Created by the European Union, it sets rules for how AI systems are developed, deployed, and used, with the goal of keeping people safe and protecting their rights.

What is the main purpose of the EU AI Act?

View Options Again

Why the EU AI Act was created

AI increasingly affects important decisions in daily and working life. It can influence hiring, lending, education, online content, and other outcomes that affect people directly. The Act introduces guardrails to help ensure these systems are fair, trustworthy, transparent, and accountable.

Why does the EU AI Act matter to businesses and workers?

View Options Again

Who the EU AI Act applies to

The EU AI Act applies to organizations building or using AI in the EU. It can also apply to organizations outside the EU if their AI systems are used by people inside the EU. For many businesses, location alone does not remove responsibility.

Is the following statement True or False:
The EU AI Act only applies to organizations physically based in the EU.

View Options Again

A Risk-Based Approach

Not all AI systems are treated the same under the Act. It groups AI systems into four categories: unacceptable risk, high risk, limited risk, and minimal risk. This approach matches obligations to the level of potential harm, rather than treating every AI tool identically.

What is the purpose of the AI Act's risk-based approach?

View Options Again

The Four Risk Categories

The Act sorts AI systems into four categories based on their potential to cause harm. Let's explore what each category means.

Unacceptable Risk (Banned)

AI systems threatening fundamental rights or human safety. This includes government-run social scoring, manipulative AI targeting vulnerable groups, biometric categorization to infer sensitive traits (like sexual orientation), and certain real-time biometric identification in public spaces.

High Risk (Strict Regulation)

AI used in critical areas such as healthcare, employment, education, critical infrastructure, law enforcement, and administration of justice. These systems face mandatory conformity assessments, rigorous risk management, data governance requirements, and oversight by human reviewers before hitting the market.

Limited Risk (Transparency)

Systems like conversational chatbots, Generative AI (e.g., text-to-image), and emotion recognition systems. They require basic transparency disclosures—developers must clearly notify users when they are interacting with AI so individuals can make informed decisions.

Minimal Risk (Unregulated)

Widely used, low-impact AI systems such as video games, spam filters, or basic inventory management. These constitute the vast majority of AI systems today and face no specific legal obligations under the Act, although voluntary adherence to ethical AI guidelines is encouraged.

Which example best matches a limited-risk AI system under the training material?

View Options Again

Transparency and Human Oversight

People should know when they are interacting with AI or viewing AI-generated content. This includes disclosing chatbot interactions and labeling deepfakes. For high-risk systems, organizations must also ensure human oversight, so people can monitor outcomes, intervene, and override decisions when needed.

Is the following statement True or False:
For high-risk AI systems, the Act requires that people can monitor outcomes and override the system's decisions when necessary.

View Options Again

AI Literacy and Business Impact

The Act requires organizations to make sure staff understand the AI they work with. This means meaningful training, not a box-ticking exercise. Businesses should also recognize the stakes: fines can reach 35 million euros or 7 percent of global revenue, whichever is higher.

Which statement about the EU AI Act is correct?

View Options Again

Key Takeaway

The EU AI Act is designed to make AI safe, transparent, and accountable. For the general workforce, the essentials are understanding what the Act is, why it exists, when it may apply, how the risk categories work, and why transparency, human oversight, and AI literacy matter in everyday business use.