Free Course · 5 lessons · ~3 hours
The EU AI Act for Non-Lawyers
A plain-language, practitioner's guide to the EU AI Act — what it actually requires, who is in scope, and what you should do about it this week. For product managers, founders, AI engineers, and compliance leads who do not have a law degree and do not have time to become a lawyer.
Note. This course is education, not legal advice. The EU AI Act is a complex, multi-stage piece of regulation; for any specific compliance decision, you should consult qualified counsel. What this course gives you is the structure to know what to ask and what to look for.
Who this is for
You should take this course if your work touches AI in any way that involves the European Union — whether you build AI systems, deploy them, sell to European customers, or are affected by them. You may be a product manager wondering whether your new feature is "high-risk". You may be a founder trying to work out whether your start-up's chatbot needs CE marking. You may be a compliance lead piecing together what to put in your annual report. You may be an engineer who needs to know what the Act actually requires before agreeing to a release plan.
You do not need a legal background. The Act is, at heart, a structured piece of engineering policy — once you know the structure it is far less frightening than the headlines suggest. We will give you the structure.
What you will learn
Why the Act exists and who it affects
The political and historical context. The risk-based approach. Extraterritorial scope — and why a company that has no office in the EU can still be in the Act's reach.
The four risk tiers
Prohibited practices. High-risk systems. Limited-risk transparency duties. Minimal-risk. Concrete examples for each, and the seven Annex III high-risk areas in plain language.
If you are a provider — what you must do
Risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy and robustness, conformity assessment, CE marking, registration.
If you are a deployer — what you must do
The deployer's separate (and lighter) set of duties. Workplace AI. The fundamental rights impact assessment. Transparency to people affected by the system.
GPAI, the timeline, and what to do this week
General-purpose AI model rules. The Code of Practice. Enforcement dates — what is already in force, what is coming. A personal compliance checklist for the next 30 days.
What you will need
- About three hours of total time. Each lesson is 25 to 45 minutes.
- A browser. We will link to the official consolidated text of the Act (the EUR-Lex version), the European Commission's AI Act explorer, and the European AI Office's resources. The free tier of Claude.ai or ChatGPT is useful for the exercises, not essential.
- For the final exercise: a short description of your AI system or use case. Anything from "we sell a CV-screening tool to recruiters" to "I am a product manager at a bank and we are about to launch an internal chatbot". The personal compliance checklist is written in your context.
What this course is not
This course is not a substitute for qualified legal advice. The Act has subtleties that depend on facts, on Member State implementation, and on case-by-case interpretation. What it is is an honest, practitioner-grade orientation. By the end you should be able to read a section of the Act, understand what it is asking of you, and know which questions to take to a lawyer rather than which to muddle through alone.
How this fits with the full programme
This is a cross-cutting taster. The Act sits at the intersection of Path B — AI for Business and Consulting (where governance is treated as a strategic discipline) and Path D — AI for Cybersecurity (where regulatory compliance is treated alongside security frameworks). Both paths cover the Act in more depth across multiple modules, and Path B's B4 — Economics and Regulation of AI is the closest direct extension of this material. The full programme launches with the December 2026 cohort.