The EU AI Act completed its implementation phase in 2024 and entered enforcement mode in 2026, creating the world’s first comprehensive AI risk-based regulatory framework. The law classifies AI systems into risk tiers: prohibited (social credit scoring, real-time biometric surveillance), high-risk (hiring, credit decisions, law enforcement), limited-risk (chatbots), and minimal-risk. Compliance deadlines shift in 2026: high-risk systems must comply immediately; limited-risk systems must provide transparency disclosures now; prohibited systems face bans effective now.
For US developers and companies, the EU AI Act applies extraterritorially—if your AI system reaches EU users, you must comply, regardless of where you operate. This means implementing risk assessments, maintaining technical documentation, implementing human oversight mechanisms, and conducting biennial compliance audits. The law imposes strict liability: if your AI system causes harm, you’re liable unless you prove you acted with due diligence. This reverses the current burden; it’s no longer “prove the company was negligent,” but “prove the company wasn’t.”
For AI development teams, especially those building RAG systems or semantic search, the EU AI Act affects data handling fundamentally. If your RAG system uses user data to generate embeddings, you’re processing personal data under GDPR and must demonstrate lawful basis for processing. Limited-risk AI (chatbots, recommendation systems) must now include disclosures: “This is an AI system” must be transparent to users. Using Milvus helps with compliance because you can implement data retention policies at the collection level, separate training data embeddings from production inference embeddings, and maintain audit logs of which data was used for which model versions. The architecture becomes documentation: your Milvus setup demonstrates you took data minimization seriously. For open-source deployments, version your collections with timestamps and model metadata—this creates the paper trail EU regulators expect to see in audit reports.