EU AI Act: Governance Pillars, Risk Framework & What Organisations Must Do Now

On 1 August 2024, the EU AI Act entered into force as Regulation (EU) 2024/1689 — the world's first comprehensive, horizontal legal framework for artificial intelligence. For organisations operating in the European Union, deploying AI systems, or placing AI products on the European market, this is not a future consideration. It is a present operational obligation with hard deadlines and significant penalties.

This post breaks down what the regulation actually requires, how its risk-based framework works in practice, and the specific steps regulated organisations — particularly in financial services — need to take before the August 2026 compliance cliff.

"The higher the risk to society, the stricter the rules. Minimal compliance burden for low-risk AI, stringent obligations for high-risk systems, and outright prohibition where risks are unacceptable."

Regulation at a glance

Full title: Regulation (EU) 2024/1689 of the European Parliament and of the Council. In force: 1 August 2024. Extra-territorial scope: applies to any AI system affecting persons in the EU, regardless of where the provider is established. Maximum penalty: €35 million or 7% of global annual turnover (whichever is higher) for the most serious violations.

Why this matters for delivery organisations

Most regulatory frameworks arrive as an audit event — a compliance team reviews documentation, a gap is found, a remediation project is raised. The EU AI Act cannot be approached this way. Its obligations are embedded across the AI system lifecycle: from the data used in training, through the conformity assessment before market placement, to continuous post-market monitoring and incident reporting after deployment.

For organisations already using Agile delivery, this means governance is not a phase — it is a permanent backlog item. Risk management documentation must be maintained and updated as the system evolves. Logs must be kept. Human oversight mechanisms must be functional and accessible to deployers. This is the governance architecture that must be built into sprint ceremonies, not bolted on at a release gate.

The four-tier risk classification framework

The Act organises AI systems into four risk levels. The framework is proportional: the higher the potential harm to persons, fundamental rights, or society, the more demanding the obligations.

Tier	Classification	Approach	Examples
Prohibited	Unacceptable risk	Outright ban from 2 Feb 2025	Social scoring, subliminal manipulation, real-time biometric ID in public spaces, predictive policing by profile
High risk	Annex III systems	Full compliance obligations from Aug 2026	Credit scoring, CV screening, medical devices, critical infrastructure management, law enforcement tools
Limited risk	Transparency obligations	Disclosure requirements only	Chatbots, AI-generated content, emotion recognition systems
Minimal risk	Free to deploy	Voluntary codes of conduct	Spam filters, AI games, recommendation engines, creative writing tools

Important: prohibited AI is already banned

The prohibited practices list (Chapter II, Articles 5–6) applied from 2 February 2025. If your organisation operates any system that scores citizens based on behaviour, uses subliminal techniques to influence behaviour, exploits vulnerabilities of specific groups, or performs real-time biometric identification in public spaces, these are already non-compliant and must be ceased immediately.

Annex III: the high-risk AI categories in detail

Annex III of the regulation defines eight sectors where AI systems are classified as high-risk. This is where the vast majority of financial services, HR, and enterprise AI deployments will fall. Understanding which sector your system falls under is the first step in any compliance programme.

The eight Annex III sectors

Biometric identification and categorisation (III.1): Remote biometric identification systems used in public spaces. Real-time use is severely restricted; post-hoc use requires prior authorisation from a judicial authority or independent body.
Critical infrastructure (III.2): AI used as a safety component in the management of roads, water, electricity, heating, internet, and digital infrastructure networks.
Education and vocational training (III.3): Systems that determine access to educational institutions, assess student performance, monitor prohibited behaviour during tests, or evaluate competence.
Employment, workers management, and access to self-employment (III.4): CV screening tools, interview scoring systems, performance and behaviour monitoring, task allocation and prioritisation. This is high exposure for any organisation using AI in HR workflows.
Access to essential private services and benefits (III.5): AI used in credit scoring, insurance risk assessment, and emergency services prioritisation. Directly relevant to financial services organisations.
Law enforcement (III.6): Individual risk assessment tools, polygraph-like lie detection, crime analytics platforms, tools that evaluate the reliability of evidence.
Migration, asylum, and border control (III.7): Risk assessment for asylum applications, lie detection tools at borders, document authenticity verification, irregular migration prediction.
Administration of justice and democratic processes (III.8): AI that researches facts or interprets law, tools that predict court outcomes, systems that influence elections or referenda.

The six governance pillars every high-risk AI system must meet

For any system classified as high-risk under Annex III, Articles 9 through 15 of the regulation define six core governance obligations. These are not optional add-ons — they are mandatory pre-conditions for market placement and continued operation.

Pillar 01

Risk Management System

A continuous, iterative process throughout the system lifecycle. Identify, analyse, estimate, and mitigate risks before placement and on an ongoing basis as the system evolves. Must be documented and reviewed at each significant update.

Pillar 02

Data Governance

Training, validation, and test datasets must be subject to governance practices covering relevance, representativeness, and freedom from biases that could cause discriminatory outputs. Data lineage and quality controls must be documented.

Pillar 03

Technical Documentation

Comprehensive documentation enabling competent authorities to assess conformity — including system design rationale, development choices, performance metrics, known limitations, and post-market monitoring plans. Must be maintained for 10 years.

Pillar 04

Transparency & Human Oversight

Users must be informed they are interacting with an AI system. High-risk systems must enable human oversight: the ability to understand, monitor, and intervene on outputs. Deployers must designate natural persons capable of exercising meaningful oversight.

Pillar 05

Accuracy, Robustness & Cybersecurity

Systems must perform at declared accuracy levels throughout their lifecycle. They must resist adversarial attacks, model poisoning, and data poisoning. Residual risks must be acceptable and documented.

Pillar 06

Conformity Assessment & Monitoring

Providers must complete a conformity assessment before market placement. CE marking is required. Post-market monitoring via logging and a documented plan is mandatory, with serious incident reporting to authorities.

General Purpose AI: a separate but parallel obligation

Chapter V of the regulation introduces specific obligations for providers of General Purpose AI (GPAI) models — the large foundation models such as large language models and multi-modal systems that underpin many downstream applications. These rules applied from 2 August 2025.

All GPAI model providers must maintain technical documentation, provide information to downstream providers, publish a policy on copyright compliance, and publish a summary of training data used. Providers of GPAI models with systemic risk — defined as those trained with compute exceeding 10²⁵ FLOPs — face additional obligations including adversarial testing, incident reporting, and cybersecurity protections.

For delivery organisations using GPAI models as the foundation for their AI products, understanding where the boundary of provider obligation ends and where your own obligations as a deployer begin is critical. The regulation distinguishes these roles carefully and the obligations do not simply cascade — they accumulate.

The compliance timeline: what applies when

1 August 2024

Regulation enters into force

Published in the Official Journal of the EU. The regulation is binding. Governance preparations should begin immediately.
2 February 2025

Prohibited AI practices banned

Chapter I and Chapter II prohibited practices fully apply. Penalties for violations: up to €35M or 7% of global turnover.
2 August 2025

GPAI model obligations apply

Chapter V (GPAI models) and Chapter VII (governance bodies) apply. The EU AI Office is operational. Penalty provisions (Chapter XII) come into force.
2 August 2026

High-risk AI obligations fully apply

Chapters III and IV fully apply. Conformity assessments, technical documentation, EU database registration, and post-market monitoring are mandatory.
2 August 2027

Annex I product safety systems

High-risk AI embedded in products regulated under existing Union harmonisation legislation (medical devices, machinery, vehicles) fully covered.

What deployers specifically must do

The regulation makes a fundamental distinction between providers (who develop and place AI systems on the market) and deployers (who use AI systems in their operations). Both have direct obligations.

✓

Conduct a fundamental rights impact assessment before deploying any high-risk AI system in public services or critical private services.

✓

Implement human oversight measures as defined by the provider. Designate natural persons with the competence and authority to override AI system outputs.

✓

Maintain logs automatically generated by the AI system for the minimum retention periods specified. Logs must be available to national authorities on request.

✓

Register the system in the EU database before deploying any high-risk AI system in employment, education, essential services, or law enforcement.

✓

Report serious incidents to the market surveillance authority of the Member State. Timelines: 15 days for serious incidents.

✓

Ensure AI literacy of all staff using or affected by high-risk AI systems. A named obligation under Article 4.

What this means for Agile delivery teams

The EU AI Act is, fundamentally, a product governance regulation. It defines obligations that must be woven into product development, not appended to it. For teams delivering AI systems under Agile frameworks, the practical implications are significant:

Risk management is a backlog item: The risk management system required by Article 9 must be iterative and documented. Every sprint that modifies a high-risk AI system potentially triggers a risk management update. Build this into your Definition of Done.
Data governance stories are not optional: Training data quality, bias assessments, and data lineage documentation must be maintained at each significant model update.
Human oversight is a feature, not a process: The requirement that deployers can override or halt AI system outputs is a functional requirement. It must be designed into the product, not documented in a policy.
Post-market monitoring is continuous delivery applied to compliance: Logging, performance monitoring, and incident reporting are operational capabilities that must be built and maintained by the delivery team.

Where to start

If you are unsure where your AI systems land on the risk spectrum, the single most valuable first action is an AI system inventory: catalogue every AI system in operation or in development, document its primary purpose and the decisions it influences, identify the users and affected persons, and map it against the Annex III sector list.

From that inventory, the path to compliance is systematic: risk classification, gap assessment against the six pillars, prioritised remediation roadmap, conformity assessment preparation, and registration. It is a programme of work, not a project — because the regulation does not end at market placement.