The European Commission (“Commission”) presented the “Regulation (EU) 2024/1689 on Harmonized Rules for Artificial Intelligence and Amending Certain Union Legislative Acts” (“AI Act”), which establishes rules for the placing on the market, putting into service, and the banning of certain artificial intelligence (AI) applications, on 21 April 2021 to the European Parliament. It was unanimously approved by the European Council on 21 May 2024 and published in the Official Journal of the European Union (“EU”) on 12 July 2024 and entered into force on 1 August 2024. However, the full application of the AI Act’s provisions will take until 2 August 2027.

The AI Act is part of a judicial policy aimed at developing trustworthy AI within the EU. Although it has entered into force within the internal legal systems of the EU countries, its scope extends beyond the EU. The rationale behind this is that the legislative actions of the EU have implications not only for its member states but also for third countries with which it maintains trade relations. This phenomenon, known as the “Brussels Effect”, can compel non-EU countries to align with EU regulations, both in terms of commercial practices and legal frameworks. Moreover, the second article of the AI Act extends its geographical scope beyond the EU’s borders, applying to non-member states as well.

1. Content of the AI Act

According to the AI Act, an AI system is a machine-based system designed to operate at different levels of autonomy and demonstrate adaptive capabilities throughout its usage. This system can produce outputs such as predictions, content, recommendations, or decisions based on the data it receives in order to achieve explicit or implicit objectives. These outputs have the potential to influence both physical and virtual environments. The Commission emphasized the necessity of regulating AI and stated that the EU should benefit from this technology. According to the Commission, while most AI systems are low-risk or harmless, some can pose risks and lead to undesirable outcomes. In line with the Commission’s statement, the AI Act adopts an approach that does not ban AI systems outright but categorizes and regulates them according to their risk levels.

The AI Act divides these risk levels into four categories: (i) “unacceptable risk”: Systems that pose a clear threat to the safety and rights of individuals; (ii) “high-risk”: Systems that present significant risks to health, safety, or fundamental rights; (iii) “limited risk”: Systems subject to transparency obligations; (iv) “low risk”: Systems that are not high-risk and are not banned.

2. Step-by-Step Implementation Plan

As stated above, the AI Act entered into force on 1 August 2024; however, not all of its provisions were implemented at that time. In this regard, specific implementation dates have been set for the following provisions of the Act: (i) the prohibition of systems posing unacceptable risks and obligations related to AI literacy, which will come into effect on 2 February 2025 (ii) governance rules and obligations for general-purpose AI models, effective from 2 August 2025 (iii) obligations for high-risk systems, effective from 2 August 2026; and (iv) rules integrated into high-risk AI systems, which will be enforced from 2 August 2027.

3. Ban on AI Systems with Unacceptable Risk and Penalties Starting 2 February 2025

As of 2 February 2025, the AI systems classified as carrying unacceptable risks under Article 5 of the AI Act will be completely banned. The Commission published draft guidelines on 4 February 2025, concerning these banned systems, which have been approved internally but not officially adopted.

In this regard, the prohibited AI systems are as follows:

  • Systems that manipulate or deceive through subliminal techniques: Systems that undermine an individual's decision-making ability through unconscious methods, leading them to make decisions they otherwise would not have made.
  • Systems that exploit people’s vulnerabilities: Systems that manipulate individuals based on age, disability, or special social and economic conditions, distorting their behavior and causing harm.
  • Social scoring systems: Systems that score individuals based on their social behaviors or personal characteristics, putting them at a disadvantage.
  • Crime risk assessment or prediction systems: Systems that assess an individual's risk of committing a crime based on profiling or personality analysis (however, systems based on objective data directly related to criminal activity are excluded).
  • Systems that create biometric and facial recognition databases: Systems that collect biometric data from the internet or security cameras to create facial recognition databases.
  • Emotion recognition systems: Systems used in workplaces and educational institutions (except for health and safety purposes) based on emotion analysis.
  • Biometric categorization systems: Biometric systems that categorize individuals based on protected characteristics like race, gender, religious beliefs, or sexual orientation (activities such as labelling or filtering based on legally obtained data are excluded).
  • Real-time remote biometric identification systems: Real-time biometric identification systems, excluding those that can be used by law enforcement in public areas under specific conditions (such as in cases of abduction, human trafficking, terrorist attacks, and other exceptional situations listed in the AI Act).

In this context, the AI systems identified as posing unacceptable risks, as outlined above, will be prohibited starting from February 2, 2025. For instance, the use of AI systems that analyse workers’ emotional states to improve productivity in the workplace is banned. However, emotional assessments are allowed in specific situations, such as workplace accidents or emergency scenarios like heart attacks or drowning, where immediate intervention is needed. This framework also prohibits AI systems that manipulate individuals through subconscious subliminal techniques, a practice that has been controversial since the 2018 U.S. presidential election. Additionally, social scoring systems used by some governments, banks, and insurance companies to rate individuals based on their social behaviours or personal traits are also prohibited.

Violations of these provisions will incur penalties starting 2 August 2025, with fines up to €35 million or 7% of the company’s global annual turnover.

4. Scope of the AI Act and Key Considerations for Turkish Companies

According to the geographical scope defined in Article 2 of the AI Act, Turkish companies may be directly impacted. Under the AI Act’s rules, any provider offering or putting an AI system into service in the EU market, or operators using AI systems within the EU, as well as providers in third countries intending to use their AI output within the EU, are subject to the AI Act.

In other words, if a Turkish company offers services or sells products in the EU market, it could fall under the scope of the AI Act.

5. Conclusion: What Are the Prospects for Companies in Türkiye in the Future?

The provisions of the AI Act will directly affect companies operating not only in the EU but also globally. Particularly, the Turkish companies will need to ensure compliance with the AI Act for the AI systems they offer to the EU market. Failure to comply with regulations concerning banned systems will lead to significant penalties and sanctions.

In addition, it is anticipated that Türkiye’s artificial intelligence ecosystem will also be impacted by these legal regulations, and local regulations will continue to evolve in order to align with the AI Act. While Türkiye’s AI regulations aim to progress in parallel with the EU’s artificial intelligence regulations, various steps will need to be taken in the future to ensure compliance at both local and international levels. For the Turkish companies to remain competitive in both the EU and global markets, it will be crucial for them to swiftly adapt to these new regulations and strengthen their technical and legal infrastructures when necessary.