Europe’s first AI law bans algorithms that read your emotions at work and predict your behaviour. France, the Netherlands and Hungary are living that reality at different speeds.
In the spring of 2024, a software engineer in Lyon applied for a position at a logistics company. She never heard back. The company used an AI-powered screening tool to rank applicants before any human reviewed their files. Under the system’s logic — trained on historical hiring data that, like most historical data, reflected existing patterns of exclusion — her application was filtered out. She had no way of knowing this. There was no obligation to tell her.
That changed. In August 2024, the EU’s Artificial Intelligence Act entered into force. In February 2025, its first prohibitions became law across all 27 member states: AI systems that manipulate behaviour through subliminal techniques, tools that infer emotions in workplace or educational settings, and — critically — AI systems used in hiring and employment management, now classified as high-risk. Companies deploying them must register them in an EU database, conduct conformity assessments, and ensure that human decision-makers can genuinely override algorithmic recommendations. Not simply validate them.
The world’s first comprehensive legal framework for artificial intelligence covers every system that affects EU citizens, regardless of where the company behind it is based. Its reach is broader than almost any legislation Brussels has ever passed. Its impact, so far, is uneven — and in some places, the enforcement infrastructure does not yet exist.
France entered the AI Act’s implementation phase with more institutional preparation than most EU countries. The CNIL — the national data protection authority — had been developing AI governance frameworks for years before the legislation arrived, and French regulators were early participants in European debates about algorithmic accountability.
And yet France is also one of the most intensive users of AI in professional environments on the continent. Algorithmic screening tools are embedded in sectors from finance to logistics to the public service. Many were developed before the high-risk classification existed. Companies deploying them must now ensure that human decision-makers can genuinely review algorithmic outputs and reverse them when necessary.
The CNIL began issuing guidance in 2025 on what ‘meaningful human oversight’ actually requires in practice. The answer proved more complicated than the legislation implies: a manager who reviews 200 algorithmic rankings a day and approves 197 of them is not, by any reasonable standard, exercising genuine oversight. Defining the line between validation and oversight has become one of the Act’s central implementation challenges. Legal teams across French companies are working through what ‘genuinely override’ means before auditors start asking.
The Netherlands was among the first EU member states to publish a national AI Act implementation plan. Dutch regulators had already developed an algorithmic register — a public database cataloguing AI tools used by government bodies — before EU legislation existed. That foundation gave the Netherlands a head start.
But head starts create their own pressure. The Dutch government’s use of algorithmic systems in social services had already generated major controversy: the SyRI case, in which a risk-profiling tool used to detect benefit fraud was ruled unlawful by a Dutch court in 2020, established that AI in public administration carries constitutional weight. The AI Act gave that precedent European dimensions.
By 2025, Dutch civil society organisations were using the Act’s transparency obligations to challenge AI tools deployed in housing allocation, social benefits assessment, and immigration decisions. Many of those tools had been legal under previous frameworks. Under the AI Act, the burden of proof had shifted: it now falls on those deploying the system, not those affected by it. In Amsterdam, two housing allocation algorithms were suspended pending review — a concrete consequence that would have been legally much harder to achieve twelve months earlier.
In Brussels, implementation of the AI Act is tracked across all 27 member states. As of 2025, Hungary was among the countries that had not yet designated the national competent authorities the legislation requires — the bodies responsible for market surveillance and enforcement. Italy was the other.
This does not mean artificial intelligence is unregulated in Hungary; national law still applies. It means the specific framework the EU has built — with its risk classifications, conformity assessments, and right to explanation — does not yet have a functioning enforcement mechanism there. A high-risk AI system deployed in Budapest faces a different accountability landscape than the same system deployed in Amsterdam.
The European Commission has the power to open infringement proceedings against member states that fail to implement EU law. Whether it will act on AI Act compliance — and how quickly — remains, as of early 2026, unanswered. The gap between Amsterdam and Budapest is not merely geographic.
Since February 2025, certain AI practices are banned across the EU without exception. Systems that exploit vulnerabilities based on age, disability, or social circumstances to alter behaviour. Tools that perform real-time biometric identification of individuals in public spaces — with law enforcement exceptions that human rights organisations consider dangerously broad. Systems that generate social credit scores based on personal conduct.
These prohibitions do not require a national implementation plan. They apply in Paris and Budapest, in Amsterdam and Warsaw, simultaneously and immediately. What they require is enforcement — and enforcement requires authorities with the resources, the legal expertise, and the political will to act. The Act created the structures. It did not create the will.
By August 2026, the legislation’s full obligations will apply — including requirements for high-risk AI systems covering hiring, credit scoring, law enforcement, border management, and the administration of justice. The companies and governments deploying those systems have had two years to prepare.
The engineer in Lyon, if she applies for another job in 2026, will be entitled to know whether an algorithm played a role in rejecting her. That is not nothing. Whether anyone will actually tell her remains a different matter entirely.
