The EU AI Act has set a global benchmark for regulation, but real-world deployment has exposed gaps and implementation issues that regulators are still working through.
After one year of enforcement, the law has driven stronger governance in high-risk systems while also revealing practical friction points for smaller companies and cross-border operations.
1. What worked
Mandatory risk assessments, transparency requirements, and post-market monitoring have helped bring structure to AI governance and given users clearer expectations about high-risk systems.
2. What failed
Compliance is still uneven, especially for mid-market vendors. Ambiguous definitions and slow certification processes have delayed deployment and created uncertainty for downstream product teams.
3. What comes next
Policymakers need clearer implementation guidance and faster review cycles. The next phase should focus on harmonizing enforcement across EU member states and supporting technical compliance tools.
4. Lessons for the rest of the world
Other countries can learn from the EU’s mix of ambition and pragmatism: strong guardrails are valuable, but they must be coupled with operational support for organizations that are still building safe AI practices.