The EU AI Act is the world's first comprehensive AI law, and one of the most misunderstood. The biggest misconception is that it is a far-off deadline. In reality it phases in over several years, and some duties are already live.
It arrives in waves
Rather than one date, the Act switches on in stages: prohibited uses first, then transparency duties, then the heavier obligations for high-risk systems. The practical effect is that 'we'll deal with it later' is already the wrong answer for some use cases.
- Prohibited practices (e.g. social scoring) are banned outright, first to apply
- Transparency duties for limited-risk systems, such as disclosing AI to users
- High-risk obligations: risk management, documentation, human oversight, logging
- General-purpose model rules layered on top
What most SMEs get wrong
Two things. First, deployers, not just builders, carry obligations: using AI inside your company counts. Second, the duties that bite first are the cheap ones to get right early and painful to retrofit: transparency, record-keeping and human oversight.
How to stay ahead of it
Classify each use case now, keep audit logs from day one, and document who oversees what. Those are exactly the things Pryvan generates and enforces by default, so AI Act readiness becomes a setting rather than a six-month project. Our two-minute AI Act check is a good place to start.