The impact of AI on business processes and society is growing explosively. This wave of innovation also brings new responsibilities. The European Union is taking the lead with the EU AI Act, the world’s first comprehensive artificial intelligence legislation.

Since 2 August 2025, the first key components of this law have already come into effect. This has immediate consequences for companies that develop, implement, or integrate AI. In this blog, we will provide you with a clear overview of the EU AI Act, the changes coming in August, and how you can prepare your organization for compliance while gaining a competitive advantage with responsible AI solutions.

Read the official EU AI Act text on EUR-Lex for all legal details, or check the implementation timeline.

What does the EU AI Act entail? 

The EU AI Act is the first regulatory framework that classifies AI systems in Europe based on risk. The aim is to stimulate innovation while protecting fundamental rights, safety, and ethics. AI is categorized into four risk levels:

• Prohibited AI: Systems that manipulate human behavior or apply social scoring are strictly prohibited (e.g., manipulation or social scoring).

• High-risk AI: This category includes AI used in critical sectors like HR, justice, healthcare, critical infrastructure, and credit decisions. Think of AI for screening CVs, medical diagnoses, or decisions about loans.

• Limited risk: This includes AI systems that are required to be transparent, such as chatbots that must clarify they are not human or AI marketing tools.

• Minimal risk: This concerns AI applications with low risk, such as spam filters or AI-driven games, for which the requirements are minimal.

The higher the risk, the stricter the requirements for transparency, oversight, data quality, and explainability.

What significant changes does the EU AI Act bring since 2 August 2025?

Since 2 August 2025, the first important provisions of the EU AI Act are in force. Here are the main changes:

1. Oversight of General Purpose AI (GPAI)

The law sets specific rules for foundation models and GPAI systems such as GPT-4, Claude, or Gemini. Suppliers must provide transparency about training data, performance, risks, and energy consumption starting from 2 August. You may also be co-responsible for compliance if your company uses these models in its products or processes.

2. Oversight structures and oversight authorities

By August 2025, member states must designate their national supervisory authorities. Companies must determine which authorities they will be working with and who will be responsible for compliance internally. In the Netherlands, examples of relevant supervisors are the Data Protection Authority (AP) and the Consumer & Market Authority (ACM).

3. Mandatory incident reporting

Organizations using high-risk AI systems must report serious incidents or errors to the authorities starting from 2 August. Think of erroneous AI decisions that could cause harm to individuals or systems.

4. Penalties and sanctions

Just like with GDPR, penalties are severe: up to €35 million or 7% of global turnover for violations. Compliance is therefore no longer an option – it is a necessity.

Which sectors is this relevant for?

Virtually all sectors where AI is applied will be subject to (high) risk classifications:

What are the specific obligations and impact for AI in the construction and real estate sector?

AI transforms the construction and real estate sector by enabling better project planning, predictive maintenance, property valuation, customer interaction, and real estate management. With the EU AI Act, which has been in effect since 2 August 2025, stricter requirements are imposed on the use of AI in these sectors.

• AI systems for construction site safety, resource allocation, automated valuation (AVM), real estate risk management, and tenant decisions (such as creditworthiness) can be classified as high-risk AI. Companies must ensure robust data quality, transparent and explainable algorithms.

• The law requires that AI applications are demonstrably correct, reliable, and transparent. This is crucial for safety on construction sites, accurate property valuation, and reliable real estate management processes. Additionally, AI that supports sustainability and resource optimization must meet strict transparency requirements.

What are the specific obligations and impact for AI in the legal and financial sector?

AI accelerates document analysis, contract management, fraud detection, risk management, and compliance. Due to the sensitivity of data and the impact of AI decisions, the EU AI Act imposes strict requirements.

• AI systems conducting legal analyses, compliance checks, credit assessments, fraud detection, or risk management are high-risk. This means transparency, explainability, and verifiability, plus privacy protection.

• AI must not be a ‘black box’: decisions must be traceable, with human oversight and ethical standards.

What are the specific obligations and impact for AI in governments & municipalities?

AI enhances citizen services and societal solutions, but public values and ethics are crucial.

• AI systems for citizen services, social benefits, or traffic management can be classified as high-risk. The law requires transparency and verifiability of AI decisions, with an emphasis on ethics and public values.

• The implementation of AI in the public sector depends on citizen trust and adherence to ethical guidelines.

  
  

How can your company prepare for the EU AI Act?

The EU AI Act is much more than legislation; it is a stimulator for responsible innovation. Below you will find a concrete action plan:

✅ 1. Map your AI applications

What AI tools are you already using today? For which processes do you want to deploy AI in 2025–2026? Assess whether they fall under the "high risk" category.

✅ 2. Analyze your data and infrastructure

Data quality is crucial for compliance and performance. Start now to clean, structure, and secure your data. AI is only as good as the data you put into it.

Also read our blog: The treasure trove of untapped data: how AI can transform your business

✅ 3. Start small and learn quickly

Build a MVP (Minimum Viable Product), test it with real data, and improve it iteratively. For example, start with an internal AI assistant or automated reporting system. This approach reduces risks and speeds up adoption.

✅ 4. Build explainable and reliable AI

Work with tools such as explainable AI (XAI), audit trails, and a human oversight cycle. MSTR can help you with tailor-made solutions that are traceable and scalable.

✅ 5. Prepare for reporting and oversight

Ensure internal governance, clarify roles and responsibilities, and prepare for external audits.

MSTR as an AI partner in compliance and innovation

At MSTR, we combine technological innovation with deep knowledge of laws and regulations. Our AI consultants and engineers develop solutions that:

• Comply with the requirements of the EU AI Act

• Are transparent and explainable (XAI by design)

• Integrate with your existing IT landscape

• Are ready to scale with foundation models like GPT-5, Claude, and Llama

No matter what industry you're in, real estate, finance, government services, or legal services, we ensure that your AI projects comply with the rules and deliver immediate value.

Conclusion: The EU AI Act is completely changing the playing field

This change has been underway since 2 August 2025. Companies that prepare now will gain a strategic advantage. They are not only becoming compliant but also by deploying AI smarter, safer, and more effectively.

MSTR can help you at every step of the way: from strategy and data preparation to implementation and oversight.

Curious about what this means for your organization? Schedule a no-obligation session with our AI experts. Together we will make your AI future-proof and compliant.