ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
EU AI Act Handbook · The essentials

The EU AI Act, decoded for decision-makers.

A plain-English orientation to the world's first comprehensive AI law: how the Act defines AI, who it applies to, the four risk classes, the obligations that bite, and the timeline you're working against. Built as a working reference for boards, risk owners and product teams preparing to place AI on the EU market.

Five things to know first

The shape of the Act in five points.

Broad definition of AI

The Act uses a deliberately wide definition of an "AI system", capturing far more than just generative models.

Horizontal, not sectoral

It applies across all industries and AI techniques — not specific to one sector or technology.

§

Risk-based obligations

Duties scale with risk class. The heavier the potential harm, the heavier the requirements.

High-risk is demanding

High-risk systems face an extensive set of requirements: conformity assessment, data quality, logging, human oversight.

New systems first

Requirements apply mostly to new systems placed on the market — but legacy high-risk systems are not exempt forever.

What the handbook covers

A regulator's-eye map of the Act.

Sections

  • The AI Act in a nutshell
  • Timeline and penalties
  • What counts as an AI system or GPAI model
  • Exclusions: where the Act does not apply
  • Roles under the Act (provider, deployer, importer, distributor)
  • AI system classification by risk
  • High-risk AI systems and their obligations
  • AI literacy requirement for all organisations using AI
  • Process for providers of high-risk systems
  • General-Purpose AI Code of Practice
Our read

Why this matters for your board.

The Act does not hand you the policies to implement — it sets the obligations and leaves the operating model to you. That gap, between legal text and working controls, is exactly where governance programmes succeed or fail. We translate the Act's requirements into a classified system inventory, a gap log and a remediation roadmap your auditors and regulators can follow.

Source

Summarised in our own words from "The essentials of the EU AI Act", Version 1.0 (August 2025), © Saidot. All rights reserved. This is an independent summary for reference; read the original for the authoritative text.

Read Saidot's full handbook

Turn the Act from a threat into a roadmap.

Book a gap review and we'll classify your systems, map the obligations that apply, and hand you a prioritised plan.

Request a gap review