'%20stroke-width='15'%20stroke-linecap='round'%20stroke-dasharray='0%2044%200%2044%200%2044%200%2044%200%20360'%20cx='100'%20cy='100'%20r='70'%20transform-origin='center'%3e%3canimateTransform%20type='rotate'%20attributeName='transform'%20calcMode='discrete'%20dur='2'%20values='360;324;288;252;216;180;144;108;72;36'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3c/circle%3e%3c/svg%3e%20--%3e%3csvg%20width='78'%20height='78'%20viewBox='0%200%2078%2078'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3crect%20x='14'%20y='17'%20width='48'%20height='44'%20fill='white'%20/%3e%3cpath%20d='M24.0741%2034.9365C21.432%2034.9365%2019.377%2037.0503%2019.377%2039.7365C19.377%2042.4228%2021.4466%2044.5512%2024.0741%2044.5512C26.7016%2044.5512%2028.7714%2042.4375%2028.7714%2039.7365C28.7714%2037.0356%2026.7016%2034.9365%2024.0741%2034.9365Z'%20fill='%235082AF'%20/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'%20/%3e%3c/svg%3e)
'%3e%3cpath%20d='M24.0741%2034.937C21.432%2034.937%2019.377%2037.0508%2019.377%2039.737C19.377%2042.4233%2021.4466%2044.5517%2024.0741%2044.5517C26.7016%2044.5517%2028.7714%2042.438%2028.7714%2039.737C28.7714%2037.0361%2026.7016%2034.937%2024.0741%2034.937Z'%20fill='%235082AF'/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'/%3e%3cpath%20d='M160%2026.3203H156.463V47.4579H160V26.3203Z'%20fill='%235082AF'/%3e%3cpath%20d='M149.946%2033.0427C148.595%2031.9859%20146.907%2031.3547%20145.028%2031.3547C140.536%2031.3547%20137.102%2034.8923%20137.102%2039.5456C137.102%2044.1987%20140.536%2047.7363%20145.028%2047.7363C146.907%2047.7363%20148.595%2047.1051%20149.946%2046.0483V47.4722H153.483V31.6189H149.946V33.0427ZM145.292%2044.2869C142.65%2044.2869%20140.639%2042.2319%20140.639%2039.5309C140.639%2036.8299%20142.65%2034.7749%20145.292%2034.7749C147.935%2034.7749%20149.946%2036.8299%20149.946%2039.5309C149.946%2042.2319%20147.935%2044.2869%20145.292%2044.2869Z'%20fill='%235082AF'/%3e%3cpath%20d='M131.642%2033.0427C130.291%2031.9859%20128.603%2031.3547%20126.725%2031.3547C122.233%2031.3547%20118.798%2034.8923%20118.798%2039.5456C118.798%2044.1987%20122.233%2047.7363%20126.725%2047.7363C128.574%2047.7363%20130.262%2047.1346%20131.583%2046.0776C131.216%2048.3528%20129.235%2049.8501%20126.989%2049.8501C125.609%2049.8501%20124.141%2049.2923%20123.554%2047.7363H119.326C120.251%2050.9805%20123.187%2053.0208%20126.725%2053.0208C131.642%2053.0208%20135.18%2049.7474%20135.18%2044.8299V31.6189H131.642V33.0427ZM126.989%2044.2869C124.346%2044.2869%20122.336%2042.2319%20122.336%2039.5309C122.336%2036.8299%20124.346%2034.7749%20126.989%2034.7749C129.631%2034.7749%20131.642%2036.8299%20131.642%2039.5309C131.642%2042.2319%20129.631%2044.2869%20126.989%2044.2869Z'%20fill='%235082AF'/%3e%3cpath%20d='M109.226%2031.3401C104.573%2031.3401%20101.035%2034.8778%20101.035%2039.531C101.035%2044.1842%20104.573%2047.7218%20109.226%2047.7218C112.764%2047.7218%20115.597%2045.6815%20116.786%2042.775H112.661C111.809%2043.7292%20110.606%2044.287%20109.226%2044.287C107.083%2044.287%20105.365%2042.9366%20104.793%2040.9842H117.285C117.358%2040.5145%20117.417%2040.0007%20117.417%2039.531C117.417%2034.8778%20113.879%2031.3401%20109.226%2031.3401ZM104.778%2038.0778C105.365%2036.1255%20107.083%2034.775%20109.211%2034.775C111.34%2034.775%20113.072%2036.1255%20113.644%2038.0778H104.763H104.778Z'%20fill='%235082AF'/%3e%3cpath%20d='M98.6138%2026.3203H95.0762V47.4579H98.6138V26.3203Z'%20fill='%235082AF'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2008_12343'%3e%3crect%20width='160'%20height='78.4'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cg%20clip-path='url(%23clip1_1328_798)'%3e%3crect%20width='22'%20height='16'%20rx='2'%20fill='%231A47B8'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M2.34035%200H0V2.66667L19.6469%2016L22%2016V13.3333L2.34035%200Z'%20fill='white'/%3e%3cpath%20d='M0.780579%200L22%2014.4378V16H21.2377L0%201.54726V0H0.780579Z'%20fill='%23F93939'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M19.9048%200H22V2.66667C22%202.66667%208.39122%2011.5499%202.09524%2016H0V13.3333L19.9048%200Z'%20fill='white'/%3e%3cpath%20d='M22%200H21.2895L0%2014.4502V16H0.780579L22%201.55895V0Z'%20fill='%23F93939'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M8.00075%200H14.0176V4.93527H22V11.0615H14.0176V16H8.00075V11.0615H0V4.93527H8.00075V0Z'%20fill='white'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M9.26316%200H12.7368V6.15385H22V9.84615H12.7368V16H9.26316V9.84615H0V6.15385H9.26316V0Z'%20fill='%23F93939'/%3e%3c/g%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1328_798'%3e%3crect%20width='22'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3cclipPath%20id='clip1_1328_798'%3e%3crect%20width='22'%20height='16'%20rx='2'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Trustworthy AI in Europe – Time to act
I. Artificial Intelligence: Legal Context, Opportunities and Risks
The AI Act does not provide a definition for “AI”, but defines the term “artificial intelligence system”:
The key functional characteristics that set an AI system apart from other machine-based systems are (i) autonomy, (ii) adaptiveness, and (iii) inference, with the latter serving as the core feature, enabled through machine learning or knowledge-based methods.
Examples of AI applications which your company might already be using : personalized recommendations programs based on previous searches, purchases or (online) behaviour; energy-efficient smart systems; optimized products via text mining, speech or image recognition; machine learning for data analysis; logistics improvements via AI based software robotic process automation, etc.
By enhancing predictive accuracy, optimizing operations, and enabling personalized digital services, AI provides substantial competitive advantages across industries. At the same time, AI poses potential risks to fundamental rights and public interests, particularly due to its complexity and lack of transparency. Decisions made by AI systems can be difficult to challenge, raising accountability concerns.
II. AI by the Numbers: Adoption Trends Across Europe
In Belgium, AI adoption by companies grew rapidly from 13.81% in 2023 to 24.71% in 2024, with usage expected to rise further in 2025. In the EU, AI was used in 2024 by 11.21% of small enterprises, 20.97% of medium-sized enterprises, and 41.17% of large enterprises—differences largely driven by implementation complexity, cost, and economies of scale. Sector-specific, the manufacturing and retail sector uses AI mainly for its marketing & sales, while the information and communication sector is using AI for R&D purposes.
III. Who’s in Scope? Navigating the AI Act’s Reach
Obligations can be imposed on six categories of economic actors: providers, importers, distributors, product manufacturers, authorised representatives and deployers. Most responsibilities lie with the provider, and next with the deployer. The AI Act establishes various obligations and responsibilities for the different actors in the AI value chain. Most companies will qualify as deployer - those using AI systems in a professional capacity under their authority, or as provider - when developing AI systems from scratch or based on an existing AI model.
Generally speaking, and subject to some exceptions, the AI Act applies to all AI systems that are put on the EU market or put into service on the EU market. Given its extra-territorial scope, also companies based outside the EU are affected if they place on the market or putt into service AI systems or place on the market general-purpose AI (“GPAI”)models in the EU.
AI systems that are exclusively designed for military, defense or national security purposes are exempt for the AI Act, regardless of the type of entity carrying out those activities. Research, development and prototyping activities that take place before an AI system is released on the market are also not subject to the AI Act.
IV. Risk-Based Rules: What Category Fits Your AI?
The AI Act is a product-centric regulation which adopts a risk-based approach, categorizing AI systems into four main risk levels, with obligations increasing based on the level of risk. The higher the risk, the stricter the requirements.
1. Unacceptable Risk : These AI systems are banned due to significant threats to health, safety, or fundamental rights. Prohibited practices include: (i) harmful AI-based manipulation and deception, (ii) harmful AI-based exploitation of vulnerabilities, (iii) social scoring, (iv) Individual criminal offence risk assessment or prediction, (v) untargeted scraping of the internet or CCTV material to create or expand facial recognition databases; (vi) emotion recognition in workplaces and education institutions; (vii) biometric categorisation to deduce certain protected characteristics and (viii) real-time remote biometric identification for law enforcement purposes in publicly accessible spaces.
2. High Risk: These AI systems pose serious risks and are therefore heavily regulated. Examples include: AI systems used in critical infrastructure, education, employment, justice, law enforcement, migration, and access to essential services.
a. Providers must meet strict requirements: risk management, data quality, documentation, human oversight, robustness, cybersecurity, accuracy and transparency.
b. Systems must be registered in an EU database and monitored throughout their lifecycle.
c. Red teaming (simulated attacks) and ongoing logging and oversight are encouraged to identify and mitigate vulnerabilities.
3. Transparency Risk: To avoid the risk of deception, the AI systems in this category (e.g., chatbots, deepfakes) must comply with transparency obligations: Users must be informed they are interacting with AI.
4. Minimal or No Risk: Most current AI applications (e.g., spam filters, AI in games) fall into this category. These systems are not regulated, but transparency is encouraged.
GPAI Models: Separate rules apply to versatile models like ChatGPT, Gemini, CoPilot . Developers must document development and testing, publish summaries of copyrighted data used for training, share relevant information with users, comply with transparency and copyright rules and must design the AI system preventing it of the generation of illegal content. By 2 August 2025, the obligations and penalties related to GPAI models become applicable.
V. Regulation Meets Innovation: A Safe Space for AI Development
Despite the AI Act’s regulatory nature, Chapter VI emphasizes fostering innovation, particularly for start-ups, SMEs, and research institutions. The chapter introduces mechanisms to promote responsible AI development without stifling technological progress.
Via AI regulatory sandboxes, Belgium will have to establish controlled environments where organizations can develop, test, and validate AI systems in real-world conditions under regulatory supervision. This is meant to encourage innovation in a safe and legally compliant setting, allow temporary exemptions from certain obligations to facilitate experimentation and help authorities and developers understand how rules apply in practice. In Belgium, there is currently no national AI regulatory sandbox operational.
Support to SMEs and start-ups: The AI Act calls for simplified procedures and technical guidance to help smaller companies comply with the rules, ensuring they are not left behind due to limited resources.
Open Innovation and Collaboration: Chapter VI encourages cooperation between businesses, academia, and public institutions to share knowledge and improve the development and deployment of trustworthy AI.
VI. The AI Act in a Wider Legal Web
Save to say that focusing solely on the AI Act might be insufficient for full legal compliance in the use of AI technologies. When developing or using AI systems, you might need to take into account other legal frameworks, including GDPR, consumer protection laws, IP regulations, NIS-II (cybersecurity for critical infrastructure), Cyber Resilience Act, Digital Markets Act, and/or the Digital Services Act. For instance, AI systems might involve large-scale personal data processing, raising GDPR compliance challenges—particularly regarding human oversight and the rights of individuals not to be subject to solely automated decisions.
Moreover, the AI Act forms part of a broader EU strategy for trustworthy AI, which includes complementary initiatives such as the AI Innovation Package, AI Factories, and the Coordinated Plan on AI.
VII. The Cost of Non-Compliance: Penalties You Can’t Ignore
The AI Act introduces a tiered penalty system, similar to the GDPR, but with higher maximum (administrative) fines. Penalties vary based on the severity of the violation and the size of the entity, with lower fines for SMEs.
Key Penalty Tiers for undertakings:
Non-compliance with prohibited AI practices: administrative fines up to €35 million or 7% of total worldwide annual turnover (whichever is higher).
Non-compliance with specific provisions (e.g. relating to high-risk AI systems, providers of GPAI): Up to €15 million or 3% of worldwide annual turnover (whichever is higher).
Providing incorrect, incomplete or misleading information to authorities: Up to €7.5 million or 1% of worldwide annual turnover (whichever is higher).
Note that fines could be accumulated if the violation also involves personal data (e.g. accumulation with GDPR non-compliance fines up to €20 million or 4% of worldwide annual turnover (whichever is higher)).
VIII. Who’s Liable When AI Fails?
AI systems can make or recommend decisions with ethical and legal implications. Identifying who is responsible for these decisions and ensuring transparency and accountability could present significant challenges. The AI Act itself sets safety and compliance standards for AI systems but does not directly govern civil liability for harm caused by any defective AI. This will still primarily be governed by existing local Belgian and/or EU laws such as:
Product Liability: Under the Belgian Civil Code (Articles 6.41 to 6.53), manufacturers can be held liable for damages caused by defective AI system products. Under the new EU Product Liability Directive (coming into force on 9 December 2026), AI software qualifies as a “product”, even if not tied to physical goods. This means AI developers and producers can be held responsible for damages caused by defective software-only AI systems.
Consumer Protection: Belgian law (inter alia Book III, Title VIbis of the Belgian Civil Code regarding conformity of digital content or services and the Belgian Code of Economic Law) provide warranty rights and remedies for defective AI systems.
Data Breaches: If a defective AI system causes data protection violations, affected data subjects may seek compensation under the GDPR.
Critical Infrastructure AI: AI systems used in critical infrastructure fall under Directive (EU) 2022/2557. Malfunctions in such systems may lead to large-scale risks to public safety and disruption of essential services. Belgium has not yet transposed this directive (although deadline: 17 October 2024).
User’s extra-contractual liability (art. 6.16 Belgian Civil Code) or user’s contractual liability (Article 5.230 of the Belgian Civil Code) if AI system is incorporated in a tangible good.
IX. Your Compliance Roadmap: Some Practical Steps to Get AI-Ready
The AI Act will be applicable as from 2 August 2026, with some exceptions such as the prohibitions and AI literacy obligations which already entered into application from 2 February 2025. It goes without saying that it's best not to wait until August 2, 2026 .
1. Determine Your Role and Responsibilities
• Assess whether your company, suppliers, or customers fall within the material and territorial scope of the AI Act.
• Identify whether any AI systems or models used fall under the regulated categories
• Determine your role in the AI chain (provider, deployer, etc.) and the associated legal obligations.
2. Risk Assessment and Human Oversight
• Evaluate the risk level of your AI systems.
• Implement functioning human oversight mechanisms to avoid automation bias, monitor performance, ensure traceability, and document decisions.
3. AI Literacy
• Assess the current level of knowledge of your employees
• Develop a modular and tailored training program
• Use clear, accessible formats (e.g., e-learning, workshops) and avoid legal jargon.
• Update training regularly to reflect AI advancements.
• Document all training efforts to demonstrate compliance.
4. Post-Market Obligations (if applicable)
• Establish monitoring systems for AI systems after deployment.
• Report serious incidents and malfunctions to relevant authorities.
• Ensure ongoing compliance and accountability through internal oversight.
5. Further coordination
• Align with GDPR, consumer protection, product liability, cybersecurity laws, and other relevant EU regulations.
• Keep up to date, incl. on additional guidelines (especially regarding GPAI models) and the Code of Practice from the European Commission and EU AI Office (expected by August 2025).
• Consider AI insurance options to mitigate potential risks and liabilities.
Key contact in Belgium
News items made available on act legal’s social media or website are intended for general informational purposes only and do not constitute legal advice. Although every effort has been made to ensure accuracy, they may not reflect the most recent legal developments.
15 May 2025
