Aller au contenu
+352 621 583 116 · Contact us
Luxembourg-based firm · Reply within 1 business day FR
Luxgap
Menu
DPO mandate GDPR + AI Act CISO mandate NIS 2 + DORA
Dark Web monitoringLeaked credentials and lookalike domain detection Counter-espionageBug & camera sweeps, executive protection Audit & penetration testSecurity review, vulnerability testing, incident response Business continuityRecovery plan, DORA compliance Managed SOC 24/7Continuous monitoring, detection and incident response
Internal awarenessFor executives and teams, e-learning + simulated phishing Professional certificationsISO 27001, 27701, 22301, 42001, accredited
Software AI Laws Articles Teams References Contact My quote →
+352 621 583 116 Call now julien.winkin@luxgap.com Reply within 1 business day Passer en Français You are reading the EN version FR
Asti Arend Fischbach Commune Sanem Adepa Logo Color 460px Swiss Life Square Generali Dussmann Vbk Agilepartner Skeeled Atdomco AFC fiduciaire kulturpass Accumalux 2 Faymonville Fundamentals Inspection du Travail et des Mines Arthur Welter Conseil National des Femmes Cfl Logo Acl Cmcm Ag2r La Mondiale Care IT Asti Arend Fischbach Commune Sanem Adepa Logo Color 460px Swiss Life Square Generali Dussmann Vbk Agilepartner Skeeled Atdomco AFC fiduciaire kulturpass Accumalux 2 Faymonville Fundamentals Inspection du Travail et des Mines Arthur Welter Conseil National des Femmes Cfl Logo Acl Cmcm Ag2r La Mondiale Care IT

AI Act · Summary

← All recitals Law overview →
  • 1. The purpose of this Regulation is to improve the functioning of the...
  • 2. This Regulation should be applied in accordance with the values of...
  • 3. AI systems can be easily deployed in a large variety of sectors of...
  • 4. AI is a fast evolving family of technologies that contributes to a...
  • 5. At the same time, depending on the circumstances regarding its...
  • 6. Given the major impact that AI can have on society and the need to...
  • 7. In order to ensure a consistent and high level of protection of...
  • 8. A Union legal framework laying down harmonised rules on AI is...
  • 9. Harmonised rules applicable to the placing on the market, the putting...
  • 10. The fundamental right to the protection of personal data is...
  • 11. This Regulation should be without prejudice to the provisions...
  • 12. The notion of ‘AI system’ in this Regulation should be clearly...
  • 13. The notion of ‘deployer’ referred to in this Regulation should be...
  • 14. The notion of ‘biometric data’ used in this Regulation should be...
  • 15. The notion of ‘biometric identification’ referred to in this...
  • 16. The notion of ‘biometric categorisation’ referred to in this...
  • 17. The notion of ‘remote biometric identification system’ referred to in...
  • 18. The notion of ‘emotion recognition system’ referred to in this...
  • 19. For the purposes of this Regulation the notion of ‘publicly...
  • 20. In order to obtain the greatest benefits from AI systems while...
  • 21. In order to ensure a level playing field and an effective protection...
  • 22. In light of their digital nature, certain AI systems should fall...
  • 23. This Regulation should also apply to Union institutions, bodies,...
  • 24. If, and insofar as, AI systems are placed on the market, put into...
  • 25. This Regulation should support innovation, should respect freedom of...
  • 26. In order to introduce a proportionate and effective set of binding...
  • 27. While the risk-based approach is the basis for a proportionate and...
  • 28. Aside from the many beneficial uses of AI, it can also be misused and...
  • 29. AI-enabled manipulative techniques can be used to persuade persons to...
  • 30. Biometric categorisation systems that are based on natural persons’...
  • 31. AI systems providing social scoring of natural persons by public or...
  • 32. The use of AI systems for ‘real-time’ remote biometric identification...
  • 33. The use of those systems for the purpose of law enforcement should...
  • 34. In order to ensure that those systems are used in a responsible and...
  • 35. Each use of a ‘real-time’ remote biometric identification system in...
  • 36. In order to carry out their tasks in accordance with the requirements...
  • 37. Furthermore, it is appropriate to provide, within the exhaustive...
  • 38. The use of AI systems for real-time remote biometric identification...
  • 39. Any processing of biometric data and other personal data involved in...
  • 40. In accordance with Article 6a of Protocol No 21 on the position of...
  • 41. In accordance with Articles 2 and 2a of Protocol No 22 on the...
  • 42. In line with the presumption of innocence, natural persons in the...
  • 43. The placing on the market, the putting into service for that specific...
  • 44. There are serious concerns about the scientific basis of AI systems...
  • 45. Practices that are prohibited by Union law, including data protection...
  • 46. High-risk AI systems should only be placed on the Union market, put...
  • 47. AI systems could have an adverse impact on the health and safety of...
  • 48. The extent of the adverse impact caused by the AI system on the...
  • 49. As regards high-risk AI systems that are safety components of...
  • 50. As regards AI systems that are safety components of products, or...
  • 51. The classification of an AI system as high-risk pursuant to this...
  • 52. As regards stand-alone AI systems, namely high-risk AI systems other...
  • 53. It is also important to clarify that there may be specific cases in...
  • 54. As biometric data constitutes a special category of personal data, it...
  • 55. As regards the management and operation of critical infrastructure,...
  • 56. The deployment of AI systems in education is important to promote...
  • 57. AI systems used in employment, workers management and access to...
  • 58. Another area in which the use of AI systems deserves special...
  • 59. Given their role and responsibility, actions by law enforcement...
  • 60. AI systems used in migration, asylum and border control management...
  • 61. Certain AI systems intended for the administration of justice and...
  • 62. Without prejudice to the rules provided for in Regulation (EU)...
  • 63. The fact that an AI system is classified as a high-risk AI system...
  • 64. To mitigate the risks from high-risk AI systems placed on the market...
  • 65. The risk-management system should consist of a continuous, iterative...
  • 66. Requirements should apply to high-risk AI systems as regards risk...
  • 67. High-quality data and access to high-quality data plays a vital role...
  • 68. For the development and assessment of high-risk AI systems, certain...
  • 69. The right to privacy and to protection of personal data must be...
  • 70. In order to protect the right of others from the discrimination that...
  • 71. Having comprehensible information on how high-risk AI systems have...
  • 72. To address concerns related to opacity and complexity of certain AI...
  • 73. High-risk AI systems should be designed and developed in such a way...
  • 74. High-risk AI systems should perform consistently throughout their...
  • 75. Technical robustness is a key requirement for high-risk AI systems....
  • 76. Cybersecurity plays a crucial role in ensuring that AI systems are...
  • 77. Without prejudice to the requirements related to robustness and...
  • 78. The conformity assessment procedure provided by this Regulation...
  • 79. It is appropriate that a specific natural or legal person, defined as...
  • 80. As signatories to the United Nations Convention on the Rights of...
  • 81. The provider should establish a sound quality management system,...
  • 82. To enable enforcement of this Regulation and create a level playing...
  • 83. In light of the nature and complexity of the value chain for AI...
  • 84. To ensure legal certainty, it is necessary to clarify that, under...
  • 85. General-purpose AI systems may be used as high-risk AI systems by...
  • 86. Where, under the conditions laid down in this Regulation, the...
  • 87. In addition, where a high-risk AI system that is a safety component...
  • 88. Along the AI value chain multiple parties often supply AI systems,...
  • 89. Third parties making accessible to the public tools, services,...
  • 90. The Commission could develop and recommend voluntary model...
  • 91. Given the nature of AI systems and the risks to safety and...
  • 92. This Regulation is without prejudice to obligations for employers to...
  • 93. Whilst risks related to AI systems can result from the way such...
  • 94. Any processing of biometric data involved in the use of AI systems...
  • 95. Without prejudice to applicable Union law, in particular Regulation...
  • 96. In order to efficiently ensure that fundamental rights are protected,...
  • 97. The notion of general-purpose AI models should be clearly defined and...
  • 98. Whereas the generality of a model could, inter alia, also be...
  • 99. Large generative AI models are a typical example for a...
  • 100. When a general-purpose AI model is integrated into or forms part of...
  • 101. Providers of general-purpose AI models have a particular role and...
  • 102. Software and data, including models, released under a free and...
  • 103. Free and open-source AI components covers the software and data,...
  • 104. The providers of general-purpose AI models that are released under a...
  • 105. General-purpose AI models, in particular large generative AI models,...
  • 106. Providers that place general-purpose AI models on the Union market...
  • 107. In order to increase transparency on the data that is used in the...
  • 108. With regard to the obligations imposed on providers of...
  • 109. Compliance with the obligations applicable to the providers of...
  • 110. General-purpose AI models could pose systemic risks which include,...
  • 111. It is appropriate to establish a methodology for the classification...
  • 112. It is also necessary to clarify a procedure for the classification of...
  • 113. If the Commission becomes aware of the fact that a general-purpose AI...
  • 114. The providers of general-purpose AI models presenting systemic risks...
  • 115. Providers of general-purpose AI models with systemic risks should...
  • 116. The AI Office should encourage and facilitate the drawing up, review...
  • 117. The codes of practice should represent a central tool for the proper...
  • 118. This Regulation regulates AI systems and AI models by imposing...
  • 119. Considering the quick pace of innovation and the technological...
  • 120. Furthermore, obligations placed on providers and deployers of certain...
  • 121. Standardisation should play a key role to provide technical solutions...
  • 122. It is appropriate that, without prejudice to the use of harmonised...
  • 123. In order to ensure a high level of trustworthiness of high-risk AI...
  • 124. It is appropriate that, in order to minimise the burden on operators...
  • 125. Given the complexity of high-risk AI systems and the risks that are...
  • 126. In order to carry out third-party conformity assessments when so...
  • 127. In line with Union commitments under the World Trade Organization...
  • 128. In line with the commonly established notion of substantial...
  • 129. High-risk AI systems should bear the CE marking to indicate their...
  • 130. Under certain conditions, rapid availability of innovative...
  • 131. In order to facilitate the work of the Commission and the Member...
  • 132. Certain AI systems intended to interact with natural persons or to...
  • 133. A variety of AI systems can generate large quantities of synthetic...
  • 134. Further to the technical solutions employed by the providers of the...
  • 135. Without prejudice to the mandatory nature and full applicability of...
  • 136. The obligations placed on providers and deployers of certain AI...
  • 137. Compliance with the transparency obligations for the AI systems...
  • 138. AI is a rapidly developing family of technologies that requires...
  • 139. The objectives of the AI regulatory sandboxes should be to foster AI...
  • 140. This Regulation should provide the legal basis for the providers and...
  • 141. In order to accelerate the process of development and the placing on...
  • 142. To ensure that AI leads to socially and environmentally beneficial...
  • 143. In order to promote and protect innovation, it is important that the...
  • 144. In order to promote and protect innovation, the AI-on-demand...
  • 145. In order to minimise the risks to implementation resulting from lack...
  • 146. Moreover, in light of the very small size of some operators and in...
  • 147. It is appropriate that the Commission facilitates, to the extent...
  • 148. This Regulation should establish a governance framework that both...
  • 149. In order to facilitate a smooth, effective and harmonised...
  • 150. With a view to ensuring the involvement of stakeholders in the...
  • 151. To support the implementation and enforcement of this Regulation, in...
  • 152. In order to support adequate enforcement as regards AI systems and...
  • 153. Member States hold a key role in the application and enforcement of...
  • 154. The national competent authorities should exercise their powers...
  • 155. In order to ensure that providers of high-risk AI systems can take...
  • 156. In order to ensure an appropriate and effective enforcement of the...
  • 157. This Regulation is without prejudice to the competences, tasks,...
  • 158. Union financial services law includes internal governance and...
  • 159. Each market surveillance authority for high-risk AI systems in the...
  • 160. The market surveillance authorities and the Commission should be able...
  • 161. It is necessary to clarify the responsibilities and competences at...
  • 162. To make best use of the centralised Union expertise and synergies at...
  • 163. With a view to complementing the governance systems for...
  • 164. The AI Office should be able to take the necessary actions to monitor...
  • 165. The development of AI systems other than high-risk AI systems in...
  • 166. It is important that AI systems related to products that are not...
  • 167. In order to ensure trustful and constructive cooperation of competent...
  • 168. Compliance with this Regulation should be enforceable by means of the...
  • 169. Compliance with the obligations on providers of general-purpose AI...
  • 170. Union and national law already provide effective remedies to natural...
  • 171. Affected persons should have the right to obtain an explanation where...
  • 172. Persons acting as whistleblowers on the infringements of this...
  • 173. In order to ensure that the regulatory framework can be adapted where...
  • 174. Given the rapid technological developments and the technical...
  • 175. In order to ensure uniform conditions for the implementation of this...
  • 176. Since the objective of this Regulation, namely to improve the...
  • 177. In order to ensure legal certainty, ensure an appropriate adaptation...
  • 178. Providers of high-risk AI systems are encouraged to start to comply,...
  • 179. This Regulation should apply from 2 August 2026. However, taking into...
  • 180. The European Data Protection Supervisor and the European Data...
Laws  ›  AI Act  ›  Recital 23
Official EUR-Lex source ↗
Luxgap coverage GDPR NIS 2 DORA AI Act Whistleblowing CSSF 22/806
Recital 23

Recital 23

Artificial Intelligence Act · UE 2024/1689

(23)

This Regulation should also apply to Union institutions, bodies, offices and agencies when acting as a provider or deployer of an AI system.

Luxgap guidance · DPO & CISO

How to comply

Tailored guidance being drafted by our team. Got a specific question on this article? Contact us, we reply within 24 hours.

Need help?

Our team (lawyers + cyber engineers + developers) supports you. Free quote within 48h.

Contact us →
← previous recital
22.
next recital →
24.
My quote

They trust us

Arthur Welter Accumalux 2 Arend Fischbach Vbk Atdomco Asti Agilepartner Cmcm kulturpass Commune Sanem AFC fiduciaire Conseil National des Femmes Faymonville Dussmann Care IT Generali Swiss Life Square Ag2r La Mondiale Fundamentals Inspection du Travail et des Mines Cfl Adepa Logo Color 460px Skeeled Logo Acl Arthur Welter Accumalux 2 Arend Fischbach Vbk Atdomco Asti Agilepartner Cmcm kulturpass Commune Sanem AFC fiduciaire Conseil National des Femmes Faymonville Dussmann Care IT Generali Swiss Life Square Ag2r La Mondiale Fundamentals Inspection du Travail et des Mines Cfl Adepa Logo Color 460px Skeeled Logo Acl
See all references →
Luxgap

Luxembourg-based cybersecurity, GDPR and AI firm. External DPO and CISO mandates, Dark Web monitoring, audits, training.

2 rue de l'École, L-8376 Kahler, Luxembourg
Contact us · +352 621 583 116

Services

  • External DPO (GDPR)
  • External CISO (NIS 2)
  • Dark Web monitoring (EEM)
  • Counter-espionage & executives
  • Audit & penetration testing
  • Resilience (BCP / DORA)
  • Training
  • PECB certified trainings
  • AI advisory

Firm

  • AI Act, NIS 2, GDPR…
  • Articles
  • Our teams
  • References
  • Contact
  • Quote
  • Terms of sale
  • Privacy policy

Contact

  • Contact form
  • +352 621 583 116
  • LinkedIn
© 2026 Luxgap · All rights reserved. Lux Gap S.à r.l. · Luxembourg · VAT LU30886939
L
Luxgap · expert online Typically replies within minutes.

Before we chat

Tell us how to reach you, so a human can follow up if needed.

Hi! Ask anything about cybersecurity, GDPR, NIS 2, the AI Act, or our services. A human picks up if needed.
This assistant uses Claude (Anthropic) with a Luxgap framing. Your messages are reviewed by our team.