Discover everything about the AI Act. Download our Cheat Sheet

Want to learn more about the AI Act and what it means for your organisation? Our cheat sheet gives you an overview of key rules, risks, and obligations. Download the factsheet and gain immediate insight into the impact of the AI ​​Act.

Get the cheat sheet
Visual voorkant Cheat Sheet AI Act

The AI Act: what you need to know

The AI Act is the European Union's regulatory framework for AI systems. It governs the development, provision, and use of these systems. It paves the way for innovation while limiting risks to safety, fundamental rights, and transparency. The regulation focuses primarily on the reliability and safety of AI systems. When personal data is involved, the GDPR also applies. Organizations must therefore take both frameworks into account.

Which entities fall within the scope of the AI Act in the Netherlands?

The AI Act has a very broad scope. This act applies to almost all organisations that develop, supply, or use AI. The following parties fall under the rules:

  • Providers of AI systems (developers, suppliers)

  • Distributors and importers

  • Users of AI systems (businesses, governments, institutions)

  • GPAI providers (providers of general-purpose AI models)

  • Organisations that integrate AI into products, such as medical devices, vehicles, or machinery

In addition, the AI ​​Act impacts the entire supply chain. Organisations must demonstrate that suppliers are compliant.

L1853292

How does the AI Act's risk model work?

The AI Act takes a risk-based approach. When the potential risk to individuals and society increases, the rules become stricter. Based on this approach, AI systems are classified into the following elements:

  • Prohibited AI
    AI applications that pose an unacceptable risk, such as systems that manipulate people or enable social control.
  • High-risk AI
    AI systems that can have a significant impact on safety or fundamental rights.
  • Transparency obligations
    AI systems that interact with people, such as chatbots, must clearly inform users that they are interacting with AI.
  • General-Purpose AI (GPAI)
    General-purpose AI models, like large language models, must comply with strict transparency and documentation requirements.

How does the AI Act relate to the GDPR?

The AI Act and the GDPR apply alongside each other. The AI Act focuses on the safety and reliability of AI systems, while the GDPR regulates the processing of personal data.

When AI applications process personal data, organisations must often comply with both laws. In some situations, the GDPR may require a DPIA, while the AI Act may require a Fundamental Rights Impact Assessment (FRIA).

FAQ

Which roles are identified in the AI value chain?

The AI Act distinguishes between different parties in the value chain of AI systems. Each role has its own responsibilities.

Provider
The party that develops the AI system or places it on the market under its own name.

Deployer
The organisation that actually uses the AI system within their processes.

Importers and distributors
Parties that bring AI systems onto the European market or distribute them.

Providers of high-risk AI must demonstrate that their system meets the legal requirements, for example through conformity assessments and documentation.

How will the AI Act be supervised in the Netherlands?

Each Member State will have at least one supervisory authority. In the Netherlands, the current market supervisory authorities and inspection services will oversee AI.

Supervisory authorities may:

  • Access all documentation, source code and model parameters.

  • Give binding instructions on how the AI should be used.

  • Stop AI systems that are too risky.

  • Issue fines.

What are the fines for non-compliance with the AI Act in the Netherlands?

Fines can amount to:

  • EUR 35 million or 7% of global annual turnover for companies, when using prohibited AI.

  • EUR 15 million or 3% of global annual turnover for companies, involving other violations.

  • EUR 7.5 million or 1.5% of global annual turnover for companies, in case of providing incorrect, incomplete, or misleading information to supervisory authorities.

  • Lower ceilings apply for SMEs and startups.

What makes an AI system high-risk?

AI systems used in sectors such as education, recruitment, credit scoring or critical infrastructure are considered high-risk and are subject to extensive compliance requirements.

Does AI-generated content always require labelling?

AI-generated content must be recognisable as synthetic. For deepfakes, this must be made explicitly visible.

Looking for more information?

Leave a message via the form. One of our legal advisors will contact you. We always begin with a free introductory meeting: by phone, at our office, or at your location.

Submit your details