We often talk about regulations on artificial intelligence. Sometimes confusingly, sometimes excessive, but rarely from a concrete angle for societies. Result : Many of them hear about it without understanding what AI really changes for them. This is precisely the problem : the AI Act, European regulation on artificial intelligence, is already there, its application schedule has started, and the subject does not only concern tech giants.
First received idea
“Believing that this text only targets OpenAI, Google or Meta. » In reality, the AI Act is based on a logic of risk and also concerns actors who market or deploy AI systems in the European Union. The European Commission clearly presents this framework as a regulation aimed at developers and deployers, not just to large model providers.
Second preconceived idea
“To think that a company is not concerned if it has not created its own model. » Here again, it's false. A company may be affected simply because it uses an AI system in its activities, in its human resources, in customer relations, or in an offer that it markets. The subject is therefore not only “who makes AI ? » but also “who uses it, in what context, and with what level of responsibility ? »
Third preconceived idea
“To believe that all this is still far away. » The regulation came into force on August 1, 2024. Prohibited practices such as AI Literacy obligations – i.e. the need to ensure that users of these systems have an appropriate level of understanding – have applied since February 2, 2025. Obligations for general purpose AI models apply, they, since August 2, 2025. And the majority of the framework becomes applicable from August 2, 2026, with certain exceptions until August 2, 2027 for high-risk systems integrated into regulated products.
Fourth misconception
“Consider that using ChatGPT or another generative AI tool internally “changes nothing”. » This is precisely where many organizations underestimate the subject. The regulation is not limited to spectacular cases : it also introduces an AI Literacy requirement. Even when the usage seems trivial – writing an email, structure a note, prepare a publication –, it can no longer be completely left to chance.
Fifth preconceived idea
“Assimilate the AI Act to a simple “new GDPR”. » If the two subjects intersect, however, they do not follow the same logic. The GDPR protects personal data while the AI Act regulates AI systems according to their level of risk. Reducing the AI Act to the sole question of personal data therefore leads to missing part of the subject : transparency, human supervision, documentation, robustness, traceability, or even specific obligations depending on usage.
Sixth preconceived idea
“To think that only health, police or biometrics are really affected. " Of course, certain very sensitive uses are at the heart of the text. But the Commission also recalls that business use cases may be high risk., especially in employment, worker management or sorting of applications. In other words, a “classic” company may be much more affected than it imagines.
Seventh and final preconceived idea
“Postponing the subject until later under the pretext that “it will be clearer”. » This is often the most comfortable posture but rarely the most strategic because while you wait, uses are already progressing in the company, often in a scattered manner, without frame, without mapping, without shared rules. The real risk is therefore not only legal : it is also organizational.
The right approach
For most businesses, the right approach is neither panic nor denial. We must first regain control : identify real uses, distinguish harmless cases from sensitive cases, lay down some simple internal rules, and improve the skills of the teams. The AI Act is not there to ban artificial intelligence : Above all, it forces organizations to move beyond improvisation.
For further :
The European Commission's AI Act page is one of the best entry points to understanding the implementation timeline, risk levels, the main obligations : https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
