🎁 Perplexity PRO offert

30 jours gratuits

Téléchargez Comet, connectez votre compte et posez votre première question.

Activer l'offre →

AI Act: Understanding European AI Regulation

Introduction

In 2024, the European Union adopted the AI Act, the world’s first law dedicated to artificial intelligence. Often compared to GDPR for personal data, this regulation aims to establish a clear framework: protect citizens against drifts, while encouraging responsible innovation.

But what does this mean concretely for developers, startups and open source actors like PrestaShop? This article offers a pedagogical reading, with historical perspective, stakes in France and practical impacts for SMEs.

1. A Bit of History: From Proposal to Adoption

  • 2021: the European Commission proposes the text.
  • 2022–2023: intense debates between Parliament and Council. Controversial subjects appear: facial recognition, generative AI, provider responsibility.
  • 2024: final adoption. The regulation came into force on August 1, 2024, but obligations will apply progressively until 2026.

This temporality allows companies to prepare, but also raises concerns: some voices judge the calendar too rapid and insufficiently supported.

2. The AI Act’s Objectives

The AI Act is structured around a risk management logic:

  • Prohibit the unacceptable: practices like Chinese-style social scoring, psychological manipulation exploiting vulnerabilities, or mass biometric recognition in public space.
  • Frame high-risk AI: health, education, employment, justice, security… These AIs must prove their safety, absence of bias in their data and effective human supervision.
  • Ensure transparency: deepfake reporting, mandatory mention when interacting with a chatbot or when content is AI-generated.
  • Stimulate a trust market: by harmonizing rules at European level and avoiding 27 divergent national laws.

Behind this project, the EU wants to repeat the GDPR effect: become a global standard in ethical AI.

3. Obligations for AI Actors

Low or Limited Risk AI

  • Total freedom (video games, anti-spam filters).
  • Simple transparency obligation: inform the user that content is AI-generated.

High-Risk AI

  • Complete technical documentation (data, algorithms, test methods).
  • Conformity assessment + CE marking before market release.
  • Continuous risk management and regular audits.
  • Mandatory human supervision for certain sensitive decisions.
  • Serious incident reporting in a European database.

Sanctions

Fines up to €30M or 6% of global turnover, modulated for SMEs.

4. Focus France: Opportunities and Tensions

National Implementation

In France, three authorities will supervise application:

  • CNIL (data and freedoms),
  • DGCCRF (market surveillance),
  • Defender of Rights (discrimination and fundamental rights).

The DGE (Ministry of Economy) pilots adaptation and support, via guides and workshops.

Debate on Facial Recognition

France has been in tension with Brussels:

  • The EU prohibits real-time biometric recognition except in very serious cases.
  • But for the 2024 Olympics, Paris pleaded for smart camera experimentation.

Example clearly showing the difficulty: reconciling public security and protection of freedoms.

Framed Innovation

France is preparing regulatory sandboxes, inspired by fintech, to allow startups to test their AIs under supervision. This illustrates the will to support, not slow down, innovation.

5. Impact on SMEs, Startups and Developers

Opportunities

  • Access to free sandboxes to test AIs in real conditions.
  • Support by the Commission via codes of conduct (e.g. for generative AI).
  • Strengthening customer trust: a compliant startup gains credibility.

Risks

  • Compliance costs (lawyers, audits, documentation) heavy for small structures.
  • Risk of competitive disadvantage against US/Asian giants better armed to absorb these costs.
  • Fear of regulatory fragmentation if interpretation differs from one country to another.

Open Source

  • Planned exemption: freely published projects don’t fall under the law, unless they’re used in high-risk systems.
  • If an open source component is integrated into critical AI, it’s the final operator who must assume compliance.
  • An essential guarantee for ecosystems like PrestaShop, which works in open source.

PrestaShop Case

  • Concrete example: a fraud detection or customer scoring AI module could be classified “high risk”.
  • PrestaShop developers will therefore need to provide:
    • transparency (explanation of AI decisions),
    • technical documentation,
    • human supervision mechanism.

Conclusion

The AI Act is an ambitious and unprecedented regulation. It combines citizen protection (against AI drifts) and will for responsible innovation.

For French SMEs, startups and developers, the message is clear:

  • Anticipate now the rules (transparency, documentation, supervision),
  • Use sandboxes to become compliant,
  • Transform this constraint into competitive advantage.

Like GDPR, those who master the AI Act fastest will gain user trust. See you in 2026 to see if Europe has succeeded in its bet.

Article published on August 29, 2025 by Nicolas Dabène - PHP & PrestaShop expert with 15+ years of experience.

Questions Fréquentes

Will the AI Act slow down innovation in France?

Not necessarily. The impact will depend on the level of support. Regulatory sandboxes aim to support startups, but initial compliance costs remain a real challenge for small structures.

Are open source projects concerned by the AI Act?

No, as long as they remain in the domain of free sharing and are not used for critical applications. Compliance responsibility falls to the final operator who integrates the open source component.

Do SMEs risk huge fines?

No, fines are modulated according to company size. For an SME, it will be the lower amount and not a percentage of global turnover.

How is the AI Act similar to GDPR?

Like GDPR in 2018, the AI Act could become a global standard. The European Union hopes to impose its vision of trustworthy and ethical AI at the international level.