Blog
GenAI & the EU AI Act: What to Do Now
MAY 19 '25
bracketlab GmbH

GenAI & the EU AI Act: What to Do Now

The EU AI Act is here—and it changes everything for enterprises using generative AI. This article breaks down key obligations, risk categories, and next steps for CIOs and digital leaders to stay compliant and competitive.

GenAI & the EU AI Act: What to Do Now
Generative AI is transforming how organizations operate—but regulation is catching up fast. The EU AI Act, now in force with phased enforcement through 2026, introduces sweeping obligations for how AI is developed, deployed, and governed. For CIOs, CTOs, and digital leaders, the window to act is now. Unlike GDPR, which focused on personal data, the AI Act classifies AI systems by risk—unacceptable, high, limited, or minimal—and applies strict rules accordingly. High-risk systems (e.g., in recruitment or healthcare) must meet extensive requirements: from data governance and human oversight to security testing and audit logs.
1.
Where does GenAI fit? It’s not automatically high-risk—but it’s far from unregulated. The Act introduces a new category for general-purpose AI (GPAI) models like those powering text, code, and image generation. These models face transparency obligations, copyright safeguards, and, in some cases, systemic risk controls if deemed high-impact. Enterprises using GenAI—especially from third-party vendors—must now scrutinize model documentation, training data summaries, and compliance disclosures. Transparency also applies to your outputs. AI-generated content must be clearly labeled, and any customer-facing interactions with AI must be disclosed. This affects not only IT but also marketing, HR, and legal teams. It’s a cross-functional effort.
So, what should IT leaders do next?
  1. Map your AI use cases and classify them by risk.
  2. Engage vendors to ensure they’re AI Act-ready.
  3. Strengthen governance by building or updating your AI oversight framework.
  4. Invest in AI literacy across technical and business teams.
We’re supporting enterprise leaders through this transition with expert-led AI workshops—designed to upskill your teams and certify your readiness under the EU AI Act. The bottom line? Compliance isn’t just a legal checkbox—it’s a foundation for trustworthy, scalable AI adoption. By getting ahead of the Act now, leaders can reduce risk, boost internal confidence, and build long-term advantage.

Sources

European Commission. “AI Act Overview.” https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
European Parliament. “EU AI Act: First Regulation on Artificial Intelligence.” https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
KPMG. “Decoding the EU Artificial Intelligence Act.” February 2024. https://assets.kpmg.com/content/dam/kpmg/xx/pdf/2024/02/decoding-the-eu-artificial-intelligence-act.pdf