2 February 2025
Prohibited practices ban (Art. 5) and AI literacy obligation (Art. 4)
- Already in force
Loading...
Practical guide to EU Regulation 2024/1689 and Italian Law 132/2025. Obligations, deadlines and how to comply.
Updated July 2026 · Reg. EU 2024/1689
EU Regulation 2024/1689 (AI Act) is the world's first legislation to regulate artificial intelligence comprehensively. Effective since 1 August 2024, it introduces progressive obligations for those who develop, distribute, and use AI systems in the European Union.
EU Regulation 2024/1689 (the AI Act) is directly applicable across the EU. In Italy, Law 132/2025 sets out national principles and specific rules for professionals and employment relationships, to be interpreted and applied in conformity with the AI Act, making obligations even more concrete for companies, SMEs and professional firms.
The question is not whether it concerns you, but how ready you are.
Osservatorio Artificial Intelligence PoliMi, Feb 2026
2 February 2025
2 August 2025
10 October 2025
2 August 2026
2 August 2027
Obligation to ensure a sufficient level of AI literacy for all staff who operate or use AI systems.
Documented training program for all employees
AI system deployers must inform people that they are interacting with an AI system.
Explicit disclosure to clients and employees
Obligation for professionals to inform clients about the use of AI tools in professional services.
Contractual clause and AI disclosure
Specific rules on AI use in employment (art. 11): transparency, non-discrimination, human oversight.
Internal policy, employee disclosure, registry
AI inventory: map all AI tools in use across your organisation
Usage policy: write clear rules on what can and cannot be done
Client disclosure: communicate the use of AI in professional services
Team training: documented AI literacy program for all employees
Registry and audit trail: track how AI is being used
Periodic review: verify compliance at least quarterly
Yes. If your company uses AI systems — even just tools like ChatGPT or the AI features in your ERP — you are a "deployer" and some obligations already apply, regardless of size. Staff AI literacy (Art. 4) has been in force since 2 February 2025. There is no blanket SME exemption: the Regulation provides proportionality (for instance on fines), not exoneration.
From 2 February 2025: prohibited practices (Art. 5) and AI literacy (Art. 4). From 2 August 2025: obligations for general-purpose AI models (GPAI). From 2 August 2026: transparency obligations (Art. 50) and rules for Annex III high-risk systems. From 2 August 2027: Annex I high-risk systems.
Fines reach up to €35 million or, if higher, 7% of worldwide annual turnover for prohibited practices, and up to €15 million or 3% for other violations. For SMEs and start-ups the lower of the two caps applies. In Italy, Law 132/2025 established the national supervisory governance (AgID and ACN). Beyond fines, reputational and contractual risk matters: more and more clients and supply-chain leads ask for compliance evidence.
Yes. Even using only general-purpose AI tools makes you a deployer: you need staff AI literacy (Art. 4, already in force), an internal usage policy and — from 2 August 2026 — transparency towards people when they interact with an AI or receive generated content (Art. 50).
In most cases the AI features built into an ERP fall under minimal or limited risk: what matters is transparency and informed use, not prior authorisation. Attention rises when AI affects people — for instance in recruitment, which Annex III classifies as high-risk.
Our AI Act Ready service delivers everything you need to be compliant in 7-10 days.