The new EU AI Act – The 6 Questions You Want to Know

Aurilex • 1 April 2024

The EU AI Act will greatly impact the AI companies coming into the European market.

The European Union has long harbored ambitions of assuming leadership in the AI industry. As a component of its digital strategy, the EU aims to enact regulations on artificial intelligence (AI) to foster optimal conditions for the advancement and utilization of this pioneering technology.


In April 2021, the European Commission proposed the first EU regulatory framework for AI. AI systems with versatile applications are assessed and categorized based on the risks they pose to users. Varying levels of risk will correspond to differing degrees of regulation.


European Parliament members have voted in favor of the draft EU AI Act on 13th March 2024. The EU AI Act is poised to come into effect in the upcoming weeks, pending final procedural and linguistic checks. The implementation of this act will carry significant weight and impact in shaping the regulation of AI within the EU and globally.


  1. Who will be affected?


The AI Act has established precise definitions for various stakeholders in the AI landscape: providers, deployers, importers, distributors, and product manufacturers. This mandates accountability for all entities engaged in the development, deployment, importation, distribution, or manufacturing of AI models. Furthermore, the AI Act extends its jurisdiction to encompass providers and users of AI systems situated outside the EU, such as those in China, if the system's output is intended for use within the EU.


    2. What are the requirements of the Act?


The EU AI Act has a risk-based approach. It mandates that general-purpose AI models, including generative AI systems like large language models (LLMs) and foundation models, comply with a classification system organized into different tiers of systematic risk:


(Source: European Commission: Shaping Europe’s digital future)


Low-risk systems like spam filters or video games are subject to minimal requirements under the law, primarily entailing transparency obligations. This kind of system should inform users that the content is AI generated.


High-risk AI systems, such as autonomous vehicles, medical devices, and critical infrastructure (such as water, gas, and electric systems), necessitate developers and users to comply with supplementary regulatory obligations, including implementing risk management measures to ensure accuracy, robustness, and accountability framework incorporating human oversight.


AI systems that have adverse impacts on safety or fundamental rights will be classified as high-risk and will be categorized into two distinct groups:


1) AI systems that are used in products falling under the EU’s product safety legislation. This includes toys, aviation, cars, medical devices and lifts.


2) AI systems falling into specific areas that will have to be registered in an EU database:

  • Management and operation of critical infrastructure
  • Education and vocational training
  • Employment, worker management and access to self-employment
  • Access to and enjoyment of essential private services and public services and benefits
  • Law enforcement
  • Migration, asylum and border control management
  • Assistance in legal interpretation and application of the law.


Before being introduced to the market and throughout their lifecycle, all high-risk AI systems will undergo assessment. Individuals will retain the right to lodge complaints about AI systems with designated national authorities.


Prohibited AI systems, with few exceptions, include those presenting unacceptable risks, such as social scoring, facial recognition, emotion recognition, and remote biometric identification systems in public spaces.


Certain exceptions may be permitted for law enforcement purposes. “Real-time” remote biometric identification systems will be permissible in a restricted number of severe cases. Conversely, post remote biometric identification systems, where identification is conducted after a substantial delay, will only be authorized for the prosecution of serious crimes and solely following court approval.


   3. What about ChatGPT?


Generative AI models such as ChatGPT will not be categorized as high-risk but will be obligated to adhere to transparency requirements and EU copyright law. This entails:

  • Disclosing that the content was generated by AI.
  • Implementing measures to prevent the generation of illegal content.
  • Providing summaries of copyrighted data utilized for training purposes.


   4. Deep fakes


Deep fakes are now defined under the EU AI Act as “AI-generated or manipulated image, audio, or video content that resembles existing persons, objects, places, or other entities or events and would falsely appear to a person to be authentic or truthful”.


The finalized text of the EU AI Act outlines transparency requirements for providers and deployers of specific AI systems and general-purpose AI models (GPAI) that are more stringent than earlier drafts. These obligations include transparency mandates for deployers of deep fakes, with exceptions granted in cases where the use is authorized by law for detecting, preventing, investigating, and prosecuting criminal offenses.


In instances where the content constitutes an obviously artistic work, transparency obligations are limited to disclosing the presence of generated or manipulated content in a manner that does not impede the presentation or enjoyment of the artwork.


   5. What are the penalties for non-compliance?


Similar to the methodology employed under the European General Data Protection Regulation, fines for breaches of the Act will be calculated either as a percentage of the offending party’s global annual turnover in the preceding financial year or as a fixed sum, whichever is greater:

  • €35 million or 7% for infringements involving prohibited AI applications;
  • €15 million or 3% for violations of the Act's obligations; and
  • €7.5 million or 1.5% for the dissemination of inaccurate information.


Nevertheless, there will be proportional limits on administrative fines imposed on small and medium enterprises as well as start-ups.


   6. Next steps


The agreed-upon text is anticipated to be formally adopted in April 2024. It will become fully applicable 24 months following its entry into force, thus in 2026, but certain provisions will come into effect sooner:

  • The prohibition of AI systems presenting unacceptable risks will take effect six months after entry into force.
  • Codes of practice will be enforceable nine months after entry into force.
  • Regulations pertaining to general-purpose AI systems, which must adhere to transparency requirements, will be applicable 12 months after entry into force.
  • High-risk systems will be afforded additional time to comply with the requirements, as obligations concerning them will become applicable 36 months after entry into force.
by Aurilex 17 July 2025
Trademark law, a key pillar of intellectual property rights, protects distinctive signs and brand identifiers from unauthorized use. Under Article L713-1 of the French Intellectual Property Code, the owner of a registered trademark has the exclusive right to exploit it and decide whether to authorize third parties to reproduce or imitate it. Use of the mark without such authorization constitutes infringement. A recent ruling by the Paris Court of Appeal on October 16, 2024, offers a clear illustration of how the courts apply these principles — even to something as seemingly minor as a business card. In this case, the company SUD GESTION, owner of the trademarks A+ GLASS and A+ GLASS LE TRAVAIL BIEN FAIT, accused two companies, ALPHA GLASS and ALLO VITRAGE AUTO, of trademark infringement. According to SUD GESTION, the defendants used its trademarks on business cards distributed to potential customers, creating confusion and misleading the public into believing they were still part of the A+ GLASS franchise network — even though that business relationship had ended. The allegations were supported by multiple witness statements and a bailiff’s report confirming the distribution of business cards displaying the A+ GLASS logo. In its defence, ALLO VITRAGE AUTO argued that it had no fraudulent intent. The company claimed it had used the A+ GLASS trademark in good faith, believing it was part of the franchise after receiving contractual documents and undergoing training provided by SUD GESTION. It contended that it only learned later that the franchise agreement could not proceed due to conflicts with SUD GESTION. The Paris Court of Appeal rejected this defence, reaffirming a key principle: u nauthorized use of a sign identical or similar to a registered trademark constitutes infringement when there is a likelihood of confusion, regardless of the user’s intent . In short, bad faith or fraudulent intent is not required to establish trademark infringement under French law. The Court therefore prohibited ALPHA GLASS and ALLO VITRAGE AUTO from continuing to use the disputed trademarks and ordered them to pay damages jointly to SUD GESTION. This ruling serves as an important reminder: any unauthorized use of a sign that creates confusion with a registered trademark amounts to infringement, even when done in apparent good faith . It underscores the need for businesses to be vigilant about how they use third-party trademarks and reinforces the importance for trademark owners to actively monitor and protect their rights to safeguard their brand identity and market reputation. Marco Mouchot, Trainee Lawyer Christine Chai, Managing Partner, Attorney-at-Law
by Aurilex 15 July 2025
Liability for defective products is a legal framework designed to compensate victims for damage caused by product defects, acting as a key consumer protection mechanism against producers. At the heart of this regime lies the concept of the producer , which is crucial in determining who bears liability. Under European Directive 85/374/EEC, any producer is liable for damages resulting from a defective product, provided the harm stems from the defect. Article 3(1) of the Directive defines the producer broadly: it includes the manufacturer of a finished product, raw material, or component part , as well as any person who presents themselves as the producer by affixing their name, trademark , or other distinguishing sign to the product. This notion of producer was recently clarified and broadened by the Court of Justice of the European Union (CJEU) in a judgment delivered on 19 December 2024 , extending the scope of supplier responsibility under EU law. The Case: Ford Italia SpA Before the Courts The case involved the owner of a Ford vehicle who sued both Stracciari, the Italian dealer, and Ford Italia, the distributor, after an accident caused by the failure of the vehicle’s airbag to deploy — a failure attributed to a manufacturing defect. The vehicle in question had been produced by Ford WAG, a company established in Germany, and then supplied to Stracciari through Ford Italia, which distributes in Italy vehicles produced by Ford WAG. Although both the court of first instance and the Bologna Court of Appeal found Ford Italia liable, the company appealed to the Italian Court of Cassation. Ford Italia argued that as a mere distributor, uninvolved in manufacturing, it should be exempt from liability — especially since the identity of the actual manufacturer was known. It further claimed that the lower courts had given an overly broad interpretation of the Directive. The Italian Court of Cassation referred the matter to the CJEU, asking whether a distributor could be considered a producer even if it had not physically affixed its trademark to the product, particularly when the distributor’s name or trade name coincided wholly or partly with the manufacturer’s brand or another distinguishing sign. The CJEU’s Ruling: A Broad Interpretation of “Producer” The CJEU answered affirmatively, holding that the notion of producer under Article 3(1) is not limited to the manufacturer. It can extend to any person who presents themselves as a producer, whether explicitly (by affixing their name or brand) or implicitly, such as through the coincidence of trade names . In this case, the Court found that the similarity between Ford Italia’s name and the Ford brand was sufficient to qualify the distributor as presenting itself as the producer, even in the absence of physical markings on the product. Impact: Strengthened Consumer Protection and Expanded Supplier Liability This ruling underscores the broad and consumer-protective approach of EU law. By treating distributors who share or use the producer’s brand as producers themselves, the Court eases the burden on consumers, who no longer need to precisely identify the manufacturer to claim compensation. For distributors and suppliers, the decision serves as a warning: exploiting a shared or group brand can expose them to joint and several liability, effectively placing them on equal footing with manufacturers when it comes to defective product claims . This reinforces the need for careful brand management and greater vigilance within corporate groups. Marco Mouchot, Trainee Lawyer Christine Chai, Managing Partner, Attorney-at-Law
by Aurilex 7 July 2025
The liability of hosting platforms has undergone significant legislative developments in recent years. In France, it is currently governed by the Law for Confidence in the Digital Economy (LCEN) of 2004, as amended in 2016, and by the Digital Services Act (DSA) adopted on February, 14 2024. Most recently, the notion of host liability was at the heart of a dispute between the company Nintendo and Dstorage before the French Supreme Court (Cour de la cassation). DStorage operates a hosting service through its website 1fichier.com, which allows users to freely download online content, including video games from the well-known companies Nintendo, The Pokémon Company, and GameFreak. After discovering the links to download unauthorized copies of some of its games (Super Mario Maker for 3DS, and Pokémon Sun and Pokémon Moon), Nintendo sent two notifications to DStorage, requesting the removal of the content. The case was brought before the Paris Court of Appeal, which, in a ruling dated April 12, 2023, found that DStorage had failed, in its capacity as host, to comply with its obligation of prompt removal, following the notifications sent by Nintendo. Dstorage claimed to be merely a storage service provider and appealed to the Court of Cassation. It contested the removal obligation, arguing that the appeal court had imposed a general monitoring duty, contrary to the requirements of Article 6-I-7 of the LCEN. It also challenged the validity of the notification, asserting that they did not identify the authors of the disputed content, failed to distinguish between the authors and the platform’s users, and did not specify the unlawful nature of the content. In its decision on 26 February 2025, the Court of Cassation upheld the decision of the Paris Court of Appeal. It ruled that the notifications sent by Nintendo satisfied the conditions set out in the LCEN. The notifications included a precise description of the infringing content, which was clearly identified and associated with registered trademarks. The Court further stated that Nintendo was not required to demonstrate any steps taken against the content authors, as they were not identifiable, and that the removal order issued by the Court of Appeal amounted to targeted, temporary monitoring of specific content. With this decision, the Court of Cassation reaffirmed the reduced liability regime applicable to hosting providers under Article 6-I-2 of the LCEN, which remains conditional on compliance with specific requirements, notably a prompt response following a valid notification. It reiterated that: A notification is valid when it includes a detailed description and clear identification of the content ; Identifying the author of the content is not required if they are not identifiable; A host incurs liability if it fails to act promptly after receiving a valid notification . This decision confirms that hosting providers remain protected under limited liability rules only if they act promptly upon receiving clear and specific infringement notices. As the DSA takes effect, the DStorage case sets a clear precedent: inaction in the face of valid notifications will no longer be tolerated. Marco Mouchot, Trainee Lawyer Christine Chai, Managing Partner, Attorney-at-Law
by Aurilex 10 May 2025
DeepSeek: The New AI Sensation Faces Regulatory Heat Just Days After Record-Breaking Launch
by Aurilex 16 April 2025
On April 16, 2025, Christine Chai, partner at Aurilex, was invited to speak at the seminar “ China–Europe Intellectual Property Protection in Practice: A Dual Perspective on Compliance and Risk Mitigation ,” jointly organized by Aurilex and Shanghai Sunhold Law Firm. The event brought together legal professionals from both Europe and China, offering in-depth analysis and practical guidance for companies navigating intellectual property (IP) protection across borders. As the representative speaker on European IP practice, Christine Chai delivered a detailed presentation covering the legal frameworks, registration strategies, and enforcement challenges businesses typically face when entering the European market. Navigating Dual Systems: EU-Wide vs. National IP Protections Christine highlighted the complexity of Europe’s IP system, which combines EU-wide mechanisms (such as EUTM and EPO filings) with country-specific rules. She emphasized the importance for businesses to align their IP strategies with this dual-layered structure. “For example,” she noted, “the actual use requirement under the EU Trademark Regulation means that companies must plan not only for registration but for active, timely use in the market.” Trade Fair Injunctions: A Real and Growing Risk Christine also warned Chinese companies about the increasing use of emergency injunctions during trade fairs in France and other EU countries. “There have been multiple cases where exhibitors faced injunctions on-site, resulting in booth closures and seizure of displayed goods. Without preemptive IP audits, companies expose themselves to serious operational disruptions,” she explained. The UPC: Centralization Comes with Strategy Shifts Addressing recent developments, Christine discussed the impact of the Unified Patent Court (UPC) on enforcement strategy in Europe. While the UPC offers streamlined litigation across multiple EU member states, it also requires companies to make deliberate choices between centralized and national enforcement routes. Joint Dialogue: Cross-Border Action Checklists During the joint dialogue session, Christine collaborated with the Chinese legal team to provide practical compliance checklists for cross-border business activities. She advised Chinese companies to: Conduct prior trademark and patent clearance in target EU countries; Evaluate whether to opt in or out of the UPC system; Prepare legal strategies in case of emergency injunctions or enforcement challenges. Likewise, she shared insights for European companies expanding into China, particularly on navigating local IP enforcement procedures and understanding the nuances of evidence collection in cases involving trade secrets. This seminar highlighted the increasing importance of IP compliance in cross-border business, especially as more Chinese companies “go global” and more European businesses expand into China. Aurilex remains committed to providing in-depth legal support tailored to the needs of international clients operating across jurisdictions.
by Aurilex 31 January 2025
Aurilex Recognized in WTR 1000: Leading Trademark Professional in 2025
by Aurilex 27 November 2024
EU design views must be consistent to be valid. A recent decision of the General Court of the EU confirms this requirement.
by Aurilex 11 November 2024
The General Court clarifies the evidence requirement for trademark use in the EU trademark law in a recent judgement.
by Aurilex 26 July 2024
One hundred years ago, from May 4 to July 27, 1924, the eighth Olympiad of the modern era was held in Paris. Already at that time, the International Olympic Committee paid attention to the protection of the Olympic intellectual properties. Below is the trademark filed in 1924 for the Olympic Games in Paris.
More posts