EU AI Act Compliance

EU AI Act Compliance Guide

Understand your obligations under the EU AI Act. Classify your AI systems, meet documentation requirements, and stay compliant — even from Gibraltar.

← Back to Gibraltar AI Hub

AI Risk Classification Tiers

The EU AI Act categorizes AI systems into four risk tiers. Your obligations depend on where your system falls.

Prohibited

AI practices banned outright since February 2025

  • Social scoring by public authorities
  • Real-time biometric identification in public spaces
  • AI exploiting vulnerabilities of specific groups
  • Emotion recognition in workplaces and schools

High Risk

Permitted with strict conformity requirements

  • Credit scoring and financial risk assessment
  • AI in recruitment and HR decisions
  • Critical infrastructure management
  • Law enforcement and border control AI

Limited Risk

Requires transparency obligations only

  • Chatbots and virtual assistants
  • AI-generated content (deepfakes)
  • Emotion recognition systems
  • Biometric categorization systems

Minimal Risk

Free to use with voluntary codes of conduct

  • Spam filters
  • AI-enhanced video games
  • Inventory management AI
  • AI-optimized manufacturing

EU AI Act Timeline

Key compliance deadlines for Gibraltar companies

Feb 2025
Prohibited AI practices banned
In Effect
Aug 2025
GPAI transparency & documentation duties
In Effect
Aug 2026
EU member states: AI regulatory sandboxes
Upcoming
2026-2027
Full high-risk conformity obligations
Upcoming

High-Risk AI Documentation Requirements

If your AI system is classified as high-risk under Article 6, you must maintain comprehensive technical documentation per Article 11.

Risk Management SystemData GovernanceTechnical DocumentationRecord-KeepingTransparencyHuman OversightAccuracy & RobustnessCybersecurity
Get Compliance Help

EU AI Act FAQ for Gibraltar

Common questions about EU AI Act compliance for Gibraltar-based companies.

Gibraltar is not an EU member, but any company deploying, developing, or selling AI systems into the EU market falls under the Act's scope. Many Gibraltar firms in iGaming, finance, and fintech serve EU customers.
Fines can reach up to €35 million or 7% of global annual turnover for prohibited AI practices, €15 million or 3% for high-risk violations, and €7.5 million or 1.5% for providing incorrect information.
Prohibited practices were banned from February 2025. General-purpose AI transparency rules apply from August 2025. Full high-risk conformity obligations roll out through 2026-2027.
AI used in critical infrastructure, education, employment, essential services, law enforcement, migration, or democratic processes is classified as high-risk and requires conformity assessment.
Chatbots fall under "limited risk" and require transparency obligations — users must be informed they are interacting with an AI system.
Social scoring by governments, real-time biometric surveillance in public spaces, AI that manipulates vulnerable groups, and systems that classify people based on biometric data to infer sensitive characteristics.
Technical documentation (Article 11), conformity assessment, risk management system, data governance, logging capabilities, human oversight, and accuracy/robustness/cybersecurity requirements.
High-risk AI systems require conformity assessment before market placement. Some categories require third-party assessment, while others allow self-assessment.
We provide risk classification assessment, technical documentation generation, governance framework design, and ongoing compliance monitoring for Gibraltar firms.
Showing 9 of 9 questions

Stay Ahead of the AI Curve

Join 2,000+ executives receiving our weekly insights on AI agents, automation trends, and implementation strategies.

No spam. Unsubscribe anytime.