The EU AI Act (Regulation (EU) 2024/1689) is the first comprehensive horizontal legal framework for Artificial Intelligence worldwide. It was adopted on 13 June 2024 by the European Parliament and the Council, published in the Official Journal of the European Union on 12 July 2024, and entered into force on 1 August 2024. Its application is staggered: prohibitions from 2 February 2025, rules for general-purpose AI models from 2 August 2025, the main body from 2 August 2026, high-risk components within product law from 2 August 2027.
The Risk-Based Architecture
The Regulation divides AI systems into four tiers with graduated regulatory depth:
Prohibited practices (Art. 5). Absolutely forbidden are, among others: subliminal manipulation to a person’s detriment, exploitation of vulnerability (age, disability, socio-economic situation), biometric categorization by sensitive characteristics, social scoring by public authorities, the untargeted mass scraping of facial images from the internet or surveillance footage to build facial-recognition databases, emotion recognition in the workplace and in educational institutions (with narrow exceptions), predictive policing on the basis of personality profiles, and real-time remote biometric identification in public spaces for law-enforcement purposes (with narrowly delimited exceptions).
High-risk AI (Art. 6 and Annex III). This covers systems in areas such as critical infrastructure, educational and vocational admission, recruitment and personnel management, essential public and private services (for instance creditworthiness, life and health insurance, emergency triage), law enforcement, migration and border control, justice and democratic processes. Such systems must undergo a conformity-assessment procedure, maintain a risk-management system, comply with data-quality requirements, fulfil logging obligations, and be documented, transparent, and subject to human oversight.
Limited risk (transparency obligations). Systems that interact with humans (chatbots), generate deepfakes, or infer emotions must make this known.
Minimal risk. Unregulated, but producers may subscribe to voluntary codes of conduct.
General-Purpose AI Models
A dedicated chapter (Art. 51 ff.) addresses general-purpose AI models — that is, large foundation models capable of performing many tasks. Baseline obligations: technical documentation, copyright compliance for training data, a summary of the training content. Models with systemic risk (currently defined by a threshold for training compute and further criteria) are subject to additional obligations: model evaluation, risk mitigation, cybersecurity measures, reporting of serious incidents.
The Personalist-Ontological Appraisal
From a personalist-ontological standpoint, the AI Act is a protective wall. Its prohibitions (Art. 5) target precisely those practices in which the person would be structurally instrumentalized: manipulation, exploitation, categorization by sensitive characteristics, surveillance within spaces of trust. In doing so, the Regulation implicitly takes up the basic insight that the Personalist Norm holds conceptually: the Person may never become a mere means.
At the same time the approach remains risk-based — that is, functionally consequence-oriented. It does not ask after the ontological status of the machine, but after the effects of its deployment. This is legitimate for a regulation, yet not exhaustive: the inviolability of the person is not a risk but a limit. Personalist ontology therefore supplements the AI Act with the question it cannot, in legal form, pose — what is the person whose rights are protected here?
Limits of Scope
Expressly excluded are: military, defence-related, and national-security applications (Art. 2(3)), pure research and development prior to placing on the market, and systems developed exclusively for scientific research. The gap concerning lethal autonomous weapon systems is therefore deliberately left open — it is negotiated under international law within the UN GGE LAWS, not in the AI Act.
Governance and Enforcement
Implementation rests with an AI Office of the European Commission (responsible for general-purpose AI models) as well as with national market-surveillance authorities of the Member States. A European Artificial Intelligence Board coordinates. Penalties are graduated: up to 35 million euros or 7 % of worldwide annual turnover for infringements of the prohibitions; up to 15 million euros or 3 % for infringements of high-risk obligations.
Ontological Classification
Object of regulation: Artificial Intelligence, algorithmic decision systems, general-purpose AI
Excluded: military, national security, pure research
Chapter assignment: Chapter 5: Oblivion of the Person
Sources: Generated by querying the Personhood ontology.
Further sources:
- European Union (2024): Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending certain legislative acts (AI Act). Official Journal of the EU, L series, 12 July 2024.
- European Commission (2024 ff.): AI Office — Governance of General-Purpose AI. Brussels.
- European Artificial Intelligence Board (ongoing): Guidelines and implementing acts.