Responsible AI In Practice – Module 2 The EU AI Act What You Need To Know

📍 Module 2: The EU AI Act – Key Points Simplified

đź“ť Overview

This module introduces the EU AI Act — the first major regulation focused specifically on how AI can be used safely and fairly. Even though the Isle of Man is not part of the EU, the Act may still affect local businesses that interact with EU markets, customers, or tools.

We’ll walk through what the Act is, who it applies to, how it categorises risk, and what general awareness is useful for businesses of all sizes.

🎯 Learning Objective

By the end of this module, you’ll be able to:

  • Understand the basic structure and intent of the EU AI Act

  • Recognise the different risk categories it introduces

  • Be aware of what might classify as “high-risk” AI use

  • Know when to seek further advice or support

  • Understand timelines and what you can do now to prepare

đź“– Text version of the lesson

What is the EU AI Act?
The EU AI Act is a new regulation from the European Union. Its goal is to make sure that AI systems used within the EU are safe, transparent, and used in ways that align with people’s rights.

It uses a risk-based approach, meaning the stricter the rules, the higher the potential impact of the AI system.

Why might it affect Isle of Man businesses?
Even though the Isle of Man is outside the EU, the Act applies if:

  • You offer AI-enabled services to EU customers

  • You use AI tools that make decisions about people in the EU

  • You rely on third-party tools that are regulated under the Act

Even where the law doesn’t apply directly, following the same principles can help you build trust, reduce risk, and stay ahead of future expectations.

The four risk categories
The AI Act splits systems into four categories:

  1. Unacceptable risk (banned) – e.g. social scoring, predictive policing

  2. High risk – e.g. recruitment tools, credit scoring, educational exams

  3. Limited risk – e.g. AI chatbots or tools that generate synthetic content

  4. Minimal risk – e.g. autocomplete in emails, spam filters

Each level comes with its own expectations. High-risk tools must meet stricter requirements (like documentation and human oversight), while minimal-risk tools have no special rules.

High-risk examples to be aware of
These are some common examples of high-risk applications:

  • Tools that rank or screen job applicants

  • Systems that influence access to credit or public services

  • AI used in education or healthcare assessments

If you’re using or planning to use AI in any of these areas, further guidance is recommended.

General-purpose AI (like ChatGPT)
The Act also introduces rules for general-purpose AI tools when they’re used in high-risk settings.
If you’re using tools like ChatGPT or DALL·E for things like recruitment, legal drafting, or healthcare communication, you should consider how those tools are used and whether additional checks are needed.

Key dates to know
The Act is coming into effect in stages:

  • August 2024 – The Act enters into force

  • February 2025 – Prohibited practices must stop

  • August 2025 – General-purpose AI obligations begin

  • August 2026 – Most rules for high-risk systems fully apply

What you can do now

  • Know what AI tools you’re using and what they do

  • Ask suppliers or vendors if their tools are “high-risk”

  • Keep simple internal notes or logs

  • Speak to your data protection lead or a legal advisor if unsure

  • Seek help if your tools impact people’s rights or wellbeing

🪞 Reflective Prompt (Optional)

Think about the AI tools or services you currently use or plan to use in your business.

Question:

Could any of them influence decisions about people — like recruitment, service access, or financial risk?

  • If yes, do you know how those tools work?

  • Have you asked the provider what risk level applies under the EU AI Act?

  • What would help you feel more confident about using that tool responsibly?

âś… Suggested Next Step

We recommend keeping a simple note or spreadsheet of the AI tools your team uses, including:

  • What the tool is

  • What it’s used for

  • Who it affects

  • Whether it might be considered high-risk

This doesn’t need to be complicated — even a short list can help guide your next steps and prepare you for future conversations with colleagues, vendors, or regulators.

Previous Lesson
Back to Course
Next Lesson