Diagnosis
We identify which AI systems your organization uses, how they are classified according to the AI Act, what data they process and what actual exposure you have. Result: own risk map, not generic.
The European Artificial Intelligence Regulation already has dates. Some commitments have been in force since February 2025. Knowing which ones affect your organization is the first step to manage them.
Last update: May 2026. This page is updated with each relevant regulatory change.
The AI ACT (EU Regulation 2024/1689) is the world’s first comprehensive artificial intelligence regulatory framework. Approved in 2024, it entered the staggered application since 2025. It is directly applicable in Spain, without the need for transposition.
Applies to any organization that uses, develops or distributes AI systems in the European Union, regardless of where it is based. That includes schools, universities, companies of any size and public administrations.
It is not a norm of the future. Part of your commitments are already in force.
The AI Act classifies AI systems into four levels. The higher the risk, the more obligations it demands.
Practices prohibited since Feb. 2025
Student social score. subliminal manipulation.
Absolute prohibition.
AI that affects the rights and opportunities of people
Evaluation and admission of students. Online proctoring. Selection of personnel. Automated professional guidance.
Technical documentation, human supervision, conformity assessment.
AI that interacts with people without critical decisions
Attention Chatbots. Writing assistants.
Inform the user that he interacts with AI.
Uses that do not affect rights or security
Spam filters. Content recommenders.
No additional obligations.
If your organization uses high-risk AI systems, the obligations are specific:
Technical Documentation: Each high-risk system must have documentation describing what it does, how it was designed, with what data, what its limitations are, and how it is monitored. If the system comes from an external provider, the provider must provide it. If you can’t, the system doesn’t comply.
Human supervision: No significant decision affecting a person can be purely automated. There should always be a human manager who can review, correct or disable the system.
Transparency: Affected people have the right to know that an AI system is being used in processes that concern them. That information must be clear and prior to use.
Conformity assessment and registration: For higher risk systems, the supplier must register them in the EU public database before deploying them. The user must verify that the system is registered.
And since February 2025, for any organization that uses IA: Article 4 requires ensuring that personnel operating or overseeing AI systems have sufficient literacy to do so. Real and documented training, not just informative.
Prohibition of unacceptable practices (art. 5). Literacy commitment in AI (art. 4). Applies to any organization that uses AI.
In force · Immediate
Obligations for General Purpose AI Systems (GPAI). Transparency and governance for models like GPT-4, Gemini or Claude.
In force · In progress
Full commitments for standalone high-risk AI systems already deployed. Conformity assessment and registration in EU database. Approved by the European Parliament on 15 June 2026 as part of the Digital Omnibus Package, pending Council confirmation.
Prepare now
Application of commitments for high-risk AI systems integrated as safety components in products regulated by EU sectoral legislation. Approved by the European Parliament on 15 June 2026, pending Council confirmation.
Under review
The compliance process has three phases, and Ethiceye accompanies the three:
We identify which AI systems your organization uses, how they are classified according to the AI Act, what data they process and what actual exposure you have. Result: own risk map, not generic.
We build the documents that the AI Act requires: Technical documentation of the systems, conformity assessment if applicable, and the internal use policy that aligns your team with the real commitments.
Compliance does not end with a document. We accompany the implementation with the team and cover the commitment of Article 4: Real and documented training for the people who operate the systems.
The AI Act (EU Regulation 2024/1689) is the world’s first artificial intelligence law. Applies to any organization that uses, develops, or distributes AI systems in the European Union, regardless of where it is based. In Spain it is directly applicable without the need for transposition.
Since February 2025: Obligation to guarantee AI literacy for personnel operating AI systems (Art. 4). Since August 2025: Obligations for general purpose AI systems. August 2026: Obligations for high-risk systems already deployed. Note: The Digital Omnibus Package (May 2026) proposes to extend some deadlines — pending formal adoption at the date of publication of this page.
AI systems used in: selection or evaluation of personnel, access to educational services, evaluation of students, credit or insurance decisions, and processes that affect fundamental rights are high-risk. Obligations include technical documentation, human supervision and conformity assessment.
In 30 minutes we make an initial diagnosis and we know exactly what applies to you.
Response in less than 48h · No commitment