All about the EU AI Act. Your guide to building and selling AI in Europe.

• The new AI Act is setting strict rules based on how risky your AI project is — from minimal (like spam filters) to unacceptable (like social scoring).

• It’s all about building ethical AI and having consistent standards. Expect more paperwork and costs.

• You’ve gotta comply by 2026 or risk hefty fines, up to €35,000,000 or 7% of your global revenue.

If you’re an indie hacker building AI-driven projects in Europe — or selling into the European market — buckle up. The EU has been on a bit of a regulating spree lately. You might’ve already heard of the GDPR, the DMA, and the DSA.

Now comes the big one: the AI Act.

This regulation aims to do two main things: keep people safe from the real dangers of AI and make sure AI is built in a human-friendly and ethical way. But what does this mean for small startups and solo founders? Let’s break it all down in simple, indie-hacker-friendly terms.

AI risk levels

The AI Act basically classifies AI solutions into four levels of risk:

1. Minimal risk (level one)

   • These are your everyday AI apps, like spam filters, AI-enabled video games, simple recommendation tools, etc.

   • They’re considered so harmless that they face no real obligations. You can keep working on your AI-powered game or spam-blocker without worrying about new red tape.

2. Limited risk (level two)

   • This covers AI systems that need to be a bit more transparent, like chatbots or deepfake generators.

   • Users must know they’re interacting with a bot or that content is AI-generated, especially if it’s not obvious.

3. High risk (level three)

   • Now we’re talking about AI that seriously affects people’s lives, like healthcare, transportation (self-driving cars), loan assessments, or hiring.

   • If your AI is classified as high-risk, you’ve got to do risk assessments, keep detailed logs, have top-quality datasets, and ensure there’s always a human in the loop.

4. Unacceptable risk (level four)

   This is the “nope, not allowed” category. Think AI that decides your fate, like:

   • Social scoring systems (think China’s social credit score).

   • Tech that exploits people’s vulnerabilities to manipulate their behavior.

   • Remote biometric identification (like facial recognition in public spaces) is generally banned unless you fit into super-narrow exceptions (like searching for a missing child).

   • Inferring people’s emotions at work or in school (again, with limited exceptions).

   • Compiling facial recognition databases via random internet scraping.

   These are outright banned in the EU. No messing around here.

GPAI (General Purpose AI)

If you’re creating or using big GPAI models — like language models people can build on. Think GPT-4, Claude, or Midjourney — there are some extra obligations:

• Provide technical documentation and instructions for use.

• Comply with copyright laws.

• Publish a summary of the training data you use (to some extent).

• If your model presents a “systemic risk,” you’ll need adversarial testing, incident reporting, and strong cybersecurity measures.

This can be a heavy lift for small teams, so plan accordingly.

Pros and Cons of the AI Act

Pros

1. Ethical building: Create something ethical from the start. Good for humanity and makes your product stand out.

2. Harmonized standards: Instead of juggling 27 different sets of AI laws across the EU, you’ve got one clear playbook.

3. Privacy is a priority: With rules that sync up with GDPR, personal data is protected when AI is involved. More privacy = more trust.

Cons

1. Innovation bottlenecks: The extra red tape could slow your ability to ship rapidly. Meanwhile, a startup in the US could pivot three times or launch their product before you’ve even cleared the paperwork.

2. Costs: Compliance can be pricey — up to 1–2.7% of revenue for small and medium businesses.

3. Talent drain: The hassle of dealing with regulations makes people relocate to a less regulated environment to save on headaches.

4. Dumbed-down features: To stay compliant, you might have to turn off or tone down some of your AI’s cooler features. Less awesome or less personalized products for your users.

Timeline for implementation

• August 1, 2024: The AI Act officially took effect.

• By August 2, 2025: EU member states must name the authorities in charge of enforcing these rules.

• August 2026: Most of the AI Act’s rules come into force.

And if your startup doesn’t comply, there are record-high fines.

Penalties

The AI Act lays down some hefty penalties for breaking the rules.

If you engage in prohibited practices, you could face fines of up to €35,000,000 or 7% of your total worldwide annual turnover — whichever is higher.

Violating other regulations isn’t much cheaper, with penalties reaching up to €15,000,000 or 3% of your annual turnover.

And if you try to play games by giving false or misleading info to the authorities, you’re looking at fines up to €7,500,000 or 1% of your turnover.

Basically, the higher number always wins, so it’s better to play by the rules.

AI tools already blocked in the EU

These tools have already hit a wall in the EU, and it's not hard to see why.

• Sora: was pulled down because it was juggling too much personal data without the proper safeguards, making it a privacy disaster under the new AI Act.

• Meta AI: was shut down because it didn’t meet the EU’s strict transparency requirements.

• Veo 2: was shut down because of its facial recognition tech.

• Apple’s intelligence features on iPhones: were limited to prevent potential misuse of biometric data.

Final Thoughts

For indie hackers in Europe, navigating through the EU’s AI Act might seem like a lot, but don’t sweat it too much. If you’re building simple AI apps, chatbots, or basic AI tools, you’re probably not on their radar.

Just keep an eye on the updates, make sure you’re playing it smart, focus on building cool stuff that people actually want, and don’t let the red tape slow you down. You’ve got this!

Have a story, tip, or trend worth covering? Tell us at [email protected].