(EU) 2024/1689
Phasing inArtificial Intelligence Act (product-safety angle)
The EU's horizontal AI law. For physical products it matters in one specific case: when an AI system is a safety component of (or is itself) a product covered by the EU product legislation listed in Annex I (machinery, toys, radio equipment, medical devices, lifts...) that requires third-party conformity assessment — that AI system is 'high-risk' and needs its own compliance work and CE marking. Most consumer products with incidental AI features are NOT high-risk under this rule.
Applies to
Providers and deployers of AI systems in the EU. Relevant here: manufacturers embedding AI as a safety component in products subject to Annex I harmonisation legislation with third-party conformity assessment (e.g. AI-driven safety functions in machinery or robots). Separate 'high-risk' use cases (biometrics, employment, etc.) and transparency rules for chatbots exist but are outside this product-focused entry.
Key obligations
- 01Classify correctly: an AI system is high-risk when it is a safety component of a product (or is the product) covered by the Annex I EU harmonisation legislation and that product requires third-party conformity assessment — e.g. AI applications in robot-assisted surgery or machinery safety functions.source
- 02High-risk AI requires: adequate risk assessment and mitigation systems, high-quality datasets, activity logging for traceability, clear information to the deployer, appropriate human oversight measures, and a high level of robustness, cybersecurity and accuracy.source
- 03High-risk AI systems must pass a conformity assessment and carry CE marking — affixed visibly, legibly and indelibly (or on packaging/documentation, or digitally for digital systems), followed by the notified body's number where one was involved (Article 48).source
- 04Where the AI system is embedded in an Annex I product, the AI conformity assessment is intended to be handled together with the product's existing sectoral third-party procedure (one integrated assessment with the notified body).sourceUnverified — check source
Conformity routes
- Integrated sectoral conformity assessmentFor AI safety components of Annex I products (machinery, toys, radio equipment, lifts, medical devices...): the AI requirements are assessed within the product's existing third-party conformity assessment under the sectoral legislation.source
- Internal control or notified-body assessment (stand-alone high-risk AI)For Annex III high-risk use cases (not the product-embedded route) — internal control is generally available, with notified-body assessment for specific cases such as biometrics. Out of scope for most physical-product sellers.source
Documentation
- Technical documentation for the high-risk AI systemDesign, data governance, risk management, performance metrics and logging capability — kept alongside the product's technical file.source
- EU Declaration of ConformityThe AI Act is declared against; where other CE legislation also applies, a single combined DoC can cover them.source
- Instructions/information to deployersClear and adequate information enabling human oversight and correct use.source
Marking requirements
- CE marking for high-risk AI systems, affixed visibly, legibly and indelibly; where not possible due to the system's nature, on the packaging or accompanying documentation. Digitally provided high-risk AI uses a digital CE marking accessible from the system's interface or machine-readable code. Notified body number follows where applicable (Article 48).source
Key dates
- 2024-08-01AI Act entered into force.source
- 2025-02-02Prohibited AI practices apply.source
- 2025-08-02Governance rules and obligations for general-purpose AI models apply.source
- 2027-12-02Obligations for stand-alone high-risk AI systems (Annex III use cases: biometrics, critical infrastructure, education, employment, etc.) apply — postponed from 2 August 2026 by the 'Digital Omnibus on AI' simplification package.source
- 2028-08-02Obligations for high-risk AI systems embedded as safety components in Annex I regulated products (machinery, toys, lifts, etc.) apply — postponed from 2 August 2027 by the Digital Omnibus on AI.source
Penalties
The AI Act provides administrative fines up to EUR 35 million or 7% of worldwide annual turnover for prohibited-practice violations, with lower tiers (e.g. up to EUR 15 million or 3%) for other obligations — verify current figures post-Digital-Omnibus.sourceUnverified — check source
Further guidance
Frequently asked
My gadget has an 'AI' feature — is it high-risk under the AI Act?+
Almost certainly not, on the product-safety route. High-risk status via products requires the AI to be a safety component of (or be) a product under Annex I legislation that needs third-party conformity assessment — think AI controlling a machine's safety function, not a voice assistant or recommendation feature. Transparency duties (telling users they're talking to AI) may still apply to chatbots.
When do the AI rules for products embedded with AI actually apply?+
From 2 August 2028 for high-risk AI systems that are safety components of products covered by EU sectoral safety legislation — a date pushed back from 2027 by the 2026 'Digital Omnibus on AI'. Stand-alone Annex III high-risk systems follow from 2 December 2027.
Does high-risk AI get its own CE marking?+
Yes. Article 48 requires the CE marking on high-risk AI systems (physically, or digitally for digital systems), with the notified body's number where applicable. Where the AI sits inside a product that already carries CE marking under other legislation, the marking indicates conformity with both.
Who is the 'provider' when I buy in an AI model for my product?+
Broadly, whoever places the AI system on the market under their own name. If you integrate a third-party AI system as a safety component of your product, you take on product-manufacturer duties, and roles can shift if you substantially modify the system — get the contractual and compliance responsibilities clear with your supplier.
Check how this applies to your product
Run the full checker to see which regulations apply to your exact product, market and features.