Privacy & Information Security Law Blog

On February 2, 2025, the EU AI Act’s rules on AI literacy, along with the prohibition of certain types of AI system, became applicable in the EU.

Under the new AI literacy obligations, providers and deployers will be required to ensure a sufficient level of AI literacy for their staff and other persons working with AI systems on their behalf. For this purpose, organizations should put in place robust AI training programs.

Additionally, under the new rules, the placing on the market, the putting into service or the use of AI systems that present unacceptable risks to the fundamental rights of individuals will be prohibited in the EU. AI systems covered by the new prohibition include AI used for:

• social scoring for public and private purposes;
• exploitation of vulnerabilities of persons through the use of subliminal techniques;
• real time remote biometric identification in publicly accessible spaces by law enforcement, subject to narrow exceptions;
• biometric categorization of natural persons based on biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs or sexual orientation;
• individual predictive policing;
• emotion recognition in the workplace and education institutions, unless for medical or safety reasons; and
• untargeted scraping of Internet or CCTV for facial images to build-up or expand databases.

Literacy and prohibitions of the abovementioned AI systems will be the first obligations under the AI Act to become applicable. The remaining will apply to entities under scope in stages following a transition period. The length of the transition period will vary depending on the type of AI system or model.

• Specific obligations applicable to general-purpose AI models will become applicable on August 2, 2025.
• Most obligations under the AI Act, including the rules applicable to high-risk AI systems under Annex III and systems subject to specific transparency requirements will become applicable on August 2, 2026.
• Obligations related to high-risk systems included in Annex I of the AI Act will become applicable on August 2, 2027.

Certain AI systems and models already on the market may be exempt or have longer compliance deadlines.

Read the AI Act.