CanucktAI

EU AI Act Guide for Canadian Business — Free Course

All Courses·EU AI Act Guide
0/8 done
Module 1 of 824 min

What is the EU AI Act?

What is the EU AI Act?

The EU AI Act — officially Regulation (EU) 2024/1689 — is the world's first comprehensive, horizontal law governing artificial intelligence. "Horizontal" means it applies across every sector rather than to one industry: the same rulebook covers a hiring tool, a medical device, a credit model, and a customer-service chatbot.

It was published in the *Official Journal of the European Union* on 12 July 2024 and entered into force on 1 August 2024. Its obligations do not all switch on at once — they phase in over roughly three years (covered in Module 7).

Official source: European Commission — AI Act · Full legal text: EUR-Lex — Regulation (EU) 2024/1689

Why the EU built it

The EU spent years watching AI move from research labs into decisions that affect people's rights — who gets hired, who gets a loan, who gets flagged at a border. Existing law (GDPR, product-safety directives, consumer law) touched pieces of the problem but left gaps. The AI Act was designed to:

  • Set one predictable set of rules for AI across the single market, so companies don't face 27 divergent national regimes
  • Protect health, safety, and fundamental rights without banning AI outright
  • Concentrate the heaviest obligations on the highest-risk uses, and leave low-risk uses essentially free
  • Give the EU a first-mover standard it hopes the rest of the world will converge toward — the so-called "Brussels effect" already seen with GDPR

A risk-based law, not a technology ban

The Act's defining idea is proportionality by risk. It does not regulate "AI" as a monolith. It sorts AI systems into tiers and scales the obligations to the danger:

Risk tierTreatment
Unacceptable riskProhibited outright
High riskPermitted, but subject to strict obligations before and after market entry
Limited riskPermitted, subject to transparency duties (tell people they're dealing with AI)
Minimal riskPermitted freely — the vast majority of AI systems

Layered on top is a separate regime for general-purpose AI (GPAI) — the foundation models (large language models and similar) that can be built into countless downstream applications. GPAI has its own obligations regardless of the tier of the app that eventually uses it (Module 6).

How "AI system" is defined

The Act uses a definition deliberately aligned with the OECD: broadly, a machine-based system that operates with some autonomy, may adapt after deployment, and — from the inputs it receives — infers how to generate outputs such as predictions, content, recommendations, or decisions that influence physical or virtual environments.

The practical takeaway: a plain deterministic script or a basic spreadsheet formula is not an "AI system." A model that learns patterns and produces inferences is. If you're unsure, that uncertainty itself is a signal to document your reasoning — regulators will expect you to show your classification work.

Why a Canadian business should keep reading

The instinct of a Canadian founder is "this is European law — not my problem." That instinct is wrong, and the reason is the single most important concept in this course: the AI Act applies based on where an AI system's outputs are used, not where the company sits. If your software touches the EU market or produces outputs consumed in the EU, you can be squarely in scope from an office in Toronto or Halifax. Module 2 is entirely devoted to this.

If you want the broader governance context around this law, see the sibling guide AI Governance guide; for the certifiable management-system standard that pairs well with AI Act compliance, see the ISO 42001 guide.

Module Quiz

1. What is the official legal identifier of the EU AI Act?

2. When did the EU AI Act enter into force?

3. The core organizing principle of the EU AI Act is:

4. A basic deterministic spreadsheet formula that performs a fixed calculation is:

All Modules

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

EU AI Act Guide for Canadian Business — Free Course | Canuckt AI