Skip to content
digia-logo

Kuuntele case

The effects of the AI Act on companies – "Keep a cool head"

The application of the EU's AI Act began in spring 2025, and in June 2026, clarifications arising from the Digital Omnibus package were published. Many organizations are considering what they can and dare to do with AI, and how it is possible to utilize it in the first place. Digia's Chief Technology Officer, Juhana Juppo, urges you to keep a cool head. The regulation does not prevent the use of AI when you know what you are doing.

Read the summary (AI-generated, human-reviewed)

  • The application of the AI Act began in stages in early 2025.
  • The purpose of the regulation is to define what can be done with AI and to ensure that AI is used responsibly and safely.
  • There are four risk levels, and the different levels of risk mean more or less regulation.
  • According to Digia's CTO Juhana Juppo, it is possible and worthwhile to proceed boldly in the utilization of AI, while taking into account risk assessments.

What is the AI Act?

The EU's AI Act is the world's first comprehensive set of AI regulations. Its essence is simple. The aim is to steer the development and use of AI in a way that is safe, transparent, and respectful of human rights.

Therefore, AI applications are evaluated based on the risk they pose to users. There are four risk levels, each with varying regulatory requirements. Often, the risk is minimal, but it still needs to be assessed.

The Digital Omnibus published by the European Commission in November 2025, on the other hand, proposes targeted amendments to the AI Regulation. The aim is to simplify the rules and reduce companies' compliance obligations and associated costs.

"If you have done things smartly so far, I would argue that the effects of regulation are not as great as many people have thought in many use cases," says Juhana Juppo, Digia's Chief Technology Officer.

The AI Act is based on risk categories – Recognize the effects of the AI Act

The AI Act imposes obligations on manufacturers and users of AI systems, depending on the level of risk they pose.

  1. Unacceptable risk. AI applications that manipulate, classify, score, or involve human identification are unequivocally prohibited.

  2. High risk. High-risk systems, such as those used in healthcare, law enforcement, education, and recruitment, require special oversight. The use of these systems requires documentation, audits, and transparency of algorithms. Users must always be informed when they interact with AI.

  3. For low-risk applications, also known as open-risk applications, it is essential that users understand that they are dealing with artificial intelligence (e.g., a service bot).

  4. There are no obligations for applications with limited or minimal risk, although companies are encouraged to be transparent whenever AI is used.

Source: European Parliament 

The regulation sets particularly detailed guidelines and requirements for those operators who develop and offer general-purpose GPAI (General Purpose AI) solutions. An example is ChatGPT, which anyone can use through a browser. Most AI users are not among the GPAI vendors, so they are not subject to any additional requirements.

The AI Act will not prevent innovation with AI

Juppo says that he encounters even wild notions about what the regulation prohibits.

"Many people seem to believe that the AI Act will make the use of AI impossible or very difficult. This is not quite true," Juppo says.

Only one of the risk categories prohibits the use of AI.

"Solutions that violate human rights and are defined as an unacceptable risk are those that would be against the law or at least against ethics and the general sense of justice. I do not believe that this ban at the EU level will have much impact on how companies in Finland use or plan to use artificial intelligence," Juppo points out.

In other categories, including the high-risk category, AI use is allowed. You just need to know what you're doing and follow the instructions in the category.

"Of course, there are a lot of requirements for an organization in the high-risk category, but if you have acted smartly and with high quality, i.e., assessed the risks, documented your actions, told users about the use of AI, followed ethical principles, and have the processes in order, the change will not be that big," Juppo says, and continues:

"If, on the other hand, these things are not in order, you should start working right away."

According to Juppo, it is possible and worthwhile to proceed boldly with AI while accounting for risk assessments. Common sense goes a long way.

"If there's a bridge in front of you and you doubt whether it will last, you can choose whether to check first or press forward with your eyes closed and see what happens. So that's how it goes in private life as well: assess the risks and be prepared to endure the consequences of your choice," Juppo adds.

AI Act for businesses – here's what to do:  

  1. Assess the impacts and risks. Document the assessment.

  2. If you want to implement or deploy high-risk implementations, go through the more detailed requirements and make sure that you meet them from the beginning.

  3. Implement the AI application transparently so that the operation of the algorithms is as understandable as possible. Document the implementation.

  4. Let users know whenever they interact with AI.

AI Act in brief

The full application of the EU AI Act started gradually at the beginning of 2025 and will continue until 2027.

  • The AI Act entered into force on 1 August 2024.

  • The regulation will be implemented in stages under different transitional periods 

  • The rules on prohibited use cases entered into force on 2 February 2025. 

  • In November 2025, the Digital Omnibus was published, which proposed targeted changes to the EU AI Regulation and its timelines

  • In June 2026, the EU announced upcoming changes to the AI Act and new transition periods

  • Mandatory AI content tagging will enter into force in December 2026

  • According to the new schedule, the ban on high-risk AI systems will not enter into force until December 2027 (instead of August 2026)

  • The Council of Europe and the European Parliament will have to approve the upcoming amendments to the legislation before finalizing and adopting it (as of June 2026)

Ensure the benefits of AI

Digia is a comprehensive partner for AI adoption. We help plan how to proceed with AI, taking into account the regulatory framework. 

Read more about our services >

Keep your eyes on the horizon

Technology is transforming the world faster than ever. Our newsletter Digia Horizon is your monthly guide to the latest trends, innovations, and insights on how technology is shaping smarter business.