What the EU AI Act Means for You: Your Rights as an Individual When AI Affects Your Life

What the EU AI Act does for individuals

The EU AI Act's fundamental logic is that the risks of AI should be proportionate to its potential harm, and that individuals in high-risk AI contexts deserve specific protections. These protections take three forms: prohibitions on the most harmful AI uses (protecting everyone by banning those uses); rights in high-risk AI contexts (giving affected individuals specific entitlements); and transparency obligations (ensuring individuals know when significant AI is in use).

Prohibited AI: the strongest protections

Article 5 prohibits specific AI practices from August 2024. Most relevant to individuals: AI that uses subliminal techniques or exploits vulnerabilities (physical, psychological, relating to age or disability) to manipulate behaviour in ways causing harm; AI that creates facial recognition databases through untargeted internet or CCTV scraping; AI that infers sensitive characteristics (political views, religion, sexual orientation, race) from neutral data; real-time remote biometric identification in public spaces for law enforcement (with narrow exceptions); and social scoring of individuals by public authorities. If you encounter AI that appears to use prohibited techniques — manipulative AI in commercial contexts, facial recognition in retail — you can report it to your national market surveillance authority, including anonymously.

High-risk AI: your rights

High-risk AI used in hiring, credit, education, essential services, and law enforcement (Annex III) must be designed for human oversight, meet accuracy and robustness standards, and provide transparency documentation. Article 86 gives individuals affected by high-risk AI the right to a clear and meaningful explanation of the AI's role in decisions that significantly affect them — supplementing GDPR Article 22 rights from August 2027.

Transparency obligations

From August 2026: chatbots must disclose they are AI; AI-generated images, video, and audio must be labelled as AI-generated; and emotion recognition systems must disclose their operation. These are your rights now — you have the right to know when you are talking to an AI or viewing AI-generated content.

Enforcement and remedies

Enforcement goes through national market surveillance authorities and the EU AI Office (for general-purpose AI). The Act works alongside GDPR (compensation for data protection breaches), national consumer protection law (redress for consumer harm), and tort law (compensation for personal injury). File EU AI Act complaints with your national market surveillance authority. File GDPR complaints with your national DPA.