What is AMLEGALS AI Law Practice?

AMLEGALS is India's leading AI and technology law firm specializing in EU AI Act compliance, India DPDPA, AI governance, data privacy, and technology contracts. We have expert AI lawyers across 6 offices in India serving clients globally.

How can AMLEGALS help with EU AI Act compliance?

Our AI lawyers provide comprehensive EU AI Act compliance services including risk classification, conformity assessments, documentation requirements, and ongoing compliance monitoring for businesses deploying AI systems in or serving the European Union.

Does AMLEGALS handle India DPDPA compliance?

Yes, AMLEGALS is a leading law firm for India's Digital Personal Data Protection Act (DPDPA) compliance. We help businesses implement data protection frameworks, draft privacy policies, conduct DPIAs, and ensure regulatory compliance.

Where are AMLEGALS offices located?

AMLEGALS has 6 offices across India: Ahmedabad (Head Office), Mumbai, Bengaluru, New Delhi, Kolkata, and Chennai. We serve clients pan-India and globally for AI and technology law matters.

When does the EU AI Act come into force?

The EU AI Act (Regulation 2024/1689) has phased implementation: Article 5 prohibited practices from 2 February 2025, AI literacy requirements from 2 February 2025, GPAI model obligations from 2 August 2025, full high-risk AI system requirements from 2 August 2026, and Annex I product obligations from 2 August 2027.

What are high-risk AI systems under the EU AI Act?

High-risk AI systems are defined under Article 6: (1) AI systems that are safety components of products covered by Annex I sectoral legislation requiring third-party conformity assessment, or (2) AI systems falling within use-case categories in Annex III including biometrics, critical infrastructure, education, employment, access to essential services, law enforcement, migration, and administration of justice. Article 6(3) provides an exception for systems not posing significant risk.

What are the penalties for EU AI Act non-compliance?

Article 99 establishes tiered penalties: up to €35 million or 7% of worldwide annual turnover for prohibited AI practices (Article 5); up to €15 million or 3% for high-risk system requirements breach; up to €7.5 million or 1.5% for other obligations; and up to €7.5 million or 1% for providing incorrect information to authorities.

What are GPAI model requirements under the EU AI Act?

General-purpose AI (GPAI) model providers must under Chapter V: draw up technical documentation (Article 53), provide downstream documentation, implement copyright compliance policies, and publish training data summaries. GPAI models with systemic risk (presumed where training compute exceeds 10^25 FLOPs) face enhanced obligations under Article 55 including model evaluation, risk mitigation, incident tracking, and cybersecurity requirements.

Does the EU AI Act apply to companies outside the EU?

Yes, Article 2 establishes extraterritorial scope. The EU AI Act applies to: providers placing AI systems on the EU market regardless of location, deployers located in the EU, providers and deployers in third countries where AI output is used in the EU. Indian companies serving EU customers must comply.

How can AMLEGALS help with EU AI Act compliance?

AMLEGALS provides comprehensive EU AI Act compliance services: risk classification assessment (Article 6), Annex III use-case mapping, conformity assessment support (Annex VI/VII), technical documentation preparation (Annex IV), quality management system implementation, CE marking guidance, EU database registration, and ongoing post-market monitoring support.

EU AI Act Framework

Article 6 classification, technical documentation, and transparency requirements for high-risk AI systems deployed within the European Union

Risk Categories

€35M

Maximum Penalty

Enforcement Phases

Member States

Risk Architecture

Article 6: High-Risk Classification

The EU AI Act defines "high-risk" AI systems as those that substantially impact fundamental rights or safety. High-risk categories include: - Biometric identification and emotion recognition - Critical infrastructure management - Education and vocational training - Credit and employment decisions - Law enforcement and border control - Access to public services and benefits Not all AI systems are high-risk. A recommendation engine may be low-risk, while a credit decision system is high-risk. The Article 6 classification exercise is the foundation for all downstream compliance requirements.

Documentation Standards

Article 10: Technical Documentation

High-risk AI systems require comprehensive technical documentation: - Training data sources and characteristics - Model architecture and decision logic - Performance metrics across demographic groups - Testing and validation procedures - Known limitations and failure modes - Monitoring and update procedures Documentation must demonstrate compliance with Article 6 risk classification. Organizations cannot use "black box" models for high-risk applications—explainability is not optional.

User Disclosure

Article 13: Transparency Information

High-risk AI systems must disclose: - That an AI system is being used - Which decisions the AI makes or influences - When a human can override AI decisions - How to appeal an AI decision Transparency information must be written for end-users (not regulators), explaining AI impact in plain language. Users must understand when and how AI affects them.

Governance Mandate

Article 14: Human Oversight

High-risk AI systems require documented human review procedures: - Definition of when human review is required - Who performs the review (roles and competencies) - What information is available to the reviewer - Response time for human decisions - Appeal procedures for users Article 14 is not about checking every decision. It's about documenting which decisions require human judgment and establishing protocols for that judgment.

Compliance Timeline

Staged enforcement across three phases

Phase 1 — December 2024

High-Risk System Requirements

Article 6–14 fully applicable. Organizations must have technical documentation and human oversight procedures in place.

Phase 2 — June 2025

Prohibited Practices & GPAI

Prohibited AI practices banned. General-purpose AI transparency requirements begin. Codes of practice enforcement begins.

Phase 3 — December 2025

Full Enforcement

Full AI Act enforcement. Regulatory authorities begin investigations and fines. Organizations must demonstrate ongoing compliance.

Roadmap

Practical Implementation

Organizations should take a phased approach: Month 1-2: Audit existing AI systems against Article 6 criteria. Classify which are high-risk. Month 3-4: Develop technical documentation for high-risk systems. Audit against Article 10 requirements. Month 5-6: Implement transparency information for end-users. Design human review protocols per Article 14. Month 7-9: Test and validate compliance. Conduct regulatory readiness audit. Organizations with 3-5 high-risk systems typically require 6-9 months for full compliance.

Prepare for EU AI Act Compliance

Start your Article 6 classification and compliance assessment now. The clock is ticking.

Request Assessment Download Guide