As AI becomes embedded across ADAS, autonomous driving, driver monitoring and software-defined vehicle platforms, automotive companies are facing a new layer of regulatory pressure.
The EU AI Act introduces a risk-based framework for artificial intelligence, with major implications for how OEMs and suppliers develop, validate and monitor AI-enabled vehicle systems.
But how exactly does this Act impact automotive? This article outlines the key highlights, dates, and implications for the EU AI Act, and what it means for AI vehicle safety, ADAS, and autonomous driving.
What is the EU AI Act?
The EU AI Act is the European Union’s first comprehensive legal framework for artificial intelligence. It is designed to regulate AI systems based on risk, with stricter requirements for systems that may affect safety, fundamental rights or public trust.
For the automotive industry, the EU AI Act matters because vehicles are becoming increasingly software-defined and AI-enabled. Advanced driver assistance systems, automated driving functions, perception models, driver monitoring systems, predictive maintenance tools, in-cabin AI assistants and vehicle data platforms are all expanding the role of AI across the vehicle lifecycle.
The key point for OEMs and suppliers is this: the EU AI Act is more than a technology regulation. It is a safety, compliance and governance framework that may affect how AI-based vehicle systems are developed, validated, monitored and documented.
The European Commission’s overview of the AI Act regulatory framework confirms that the regulation follows a risk-based approach, with obligations scaling depending on the potential risk of the AI system. For automotive, this makes classification one of the first and most important compliance questions.
As explored in Automotive IQ’s interview with Christian Piovano, Lawyer at ZF Group, the regulation creates both a compliance challenge and a strategic opportunity for organisations that can build trustworthy, transparent and well-governed AI systems into their operations and products.
Why the EU AI Act matters for automotive
AI is already influencing the way vehicles perceive their environment, support drivers and manage safety-critical decisions. In ADAS and autonomous driving, AI can support object detection, lane recognition, pedestrian identification, driver monitoring, path planning and predictive risk assessment.
That creates a different type of safety challenge from traditional automotive engineering. With AI, performance is not only determined by hardware design or coded logic. It may also depend on training data, model behaviour, edge-case handling, human oversight, system robustness and post-market monitoring.
This is where the EU AI Act becomes highly relevant to automotive safety. The regulation places particular focus on AI systems that could pose serious risks to health, safety or fundamental rights. In practical terms, automotive companies will need to understand whether an AI-enabled vehicle function is low-risk, limited-risk or high-risk, and what obligations follow from that classification.
For connected and automated vehicles, the most important areas to watch are:
- AI used as a safety component in vehicles or transport systems.
- AI used in ADAS or autonomous driving perception and decision-support.
- AI used in driver monitoring, fatigue detection or behaviour analysis.
- AI used in predictive maintenance where failure could affect safety.
- AI used in vehicle cybersecurity monitoring or anomaly detection.
- AI used in fleet decision-making, insurance, mobility access or driver scoring.
The EU AI Act does not replace existing automotive safety frameworks such as ISO 26262, ISO 21448/SOTIF, ISO/SAE 21434, UN R155 or UN R156. Instead, it adds a broader AI governance layer around risk management, data quality, transparency, human oversight, robustness, cybersecurity and post-market monitoring.
This means AI vehicle safety is becoming a cross-functional compliance issue involving safety teams, software teams, cybersecurity teams, legal teams, homologation teams and senior leadership.
Key EU AI Act dates automotive companies need to know
The EU AI Act entered into force in 2024, but its obligations are being phased in over several years. For automotive OEMs, suppliers and software providers, the most important deadlines are linked to prohibited AI practices, general-purpose AI, transparency rules and high-risk AI systems.
Key deadlines:
The full legal text of Regulation (EU) 2024/1689 sets out the obligations and phased application of the Act.
For automotive businesses, the 2028 deadline for high-risk AI systems embedded into regulated products is especially important. Vehicle programmes have long development cycles, so compliance planning must begin well before final enforcement dates. AI governance, data management and validation processes need to be built into engineering workflows now, not added at the end of the product cycle.
As discussed in Automotive IQ’s EU AI Act compliance interview, the companies that act early will be better placed to turn AI compliance into a competitive advantage rather than a last-minute regulatory burden.
Are ADAS and autonomous driving systems high-risk AI?
One of the biggest questions for the automotive industry is whether ADAS and autonomous driving systems will be treated as high-risk AI.
The answer depends on the system’s function, regulatory context and safety impact. Under the EU AI Act, AI systems can be classified as high-risk when they are used as safety components of regulated products, or when they are used in areas where failure could pose a serious risk to health, safety or fundamental rights.
For automotive, that means AI used in safety-relevant driving functions is likely to attract more scrutiny than AI used for non-safety infotainment personalisation.
For example, an AI model recommending music based on driver preferences is unlikely to carry the same regulatory weight as an AI model supporting pedestrian detection, automated braking, driver attention monitoring or autonomous lane changes.
The practical question is not simply “does the vehicle use AI?” It is:
- What function does the AI system perform?
- Could failure create a safety risk?
- Is the AI system part of a regulated vehicle product?
- Is it used in a safety component?
- Does it influence decisions made by the driver, vehicle or automated driving system?
- Can the system be monitored, explained, tested and updated over time?
This is where automotive safety teams, AI engineers, compliance teams and legal teams will need to work together. AI classification cannot sit only with software development teams. It needs to be connected to vehicle safety cases, type approval strategy, cybersecurity processes and product liability risk.
What changes for AI vehicle safety?
The EU AI Act raises the bar for how automotive companies manage AI safety. For high-risk AI systems, the regulation introduces obligations around risk management, data governance, documentation, logging, transparency, human oversight, accuracy, robustness and cybersecurity.
For automotive, these requirements map directly onto some of the biggest unresolved challenges in AI-enabled vehicle development.
1. Stronger AI risk management
OEMs and suppliers will need clear processes for identifying, assessing and mitigating AI-related risks. This includes known hazards, foreseeable misuse, model limitations, edge cases and post-deployment performance issues.
In ADAS and autonomous driving, risk management will need to connect with SOTIF, functional safety and cybersecurity. AI-related safety risks may come from poor sensor interpretation, biased or incomplete training data, unexpected object classification, model drift or failures in unusual driving environments.
2. Higher expectations for training data and data quality
AI vehicle safety depends heavily on data quality. If an AI system is trained on incomplete, unrepresentative or poorly labelled data, it may perform well in test conditions but fail in real-world edge cases.
For ADAS and autonomous driving, this raises questions such as:
Does the training data include enough weather variation?
Does it capture vulnerable road users accurately?
Does it reflect different road markings, infrastructure and regional driving behaviours?
Can the system handle rare but safety-critical scenarios?
How are data gaps identified and corrected?
The EU AI Act’s focus on data governance means automotive companies will need to show not only that AI systems perform well, but that the data behind them is suitable for the intended safety context.
3. More documentation and traceability
High-risk AI systems require detailed technical documentation. For automotive companies, this could mean stronger traceability between AI requirements, training datasets, model versions, validation results, software releases and post-market monitoring.
This is particularly important for software-defined vehicles, where AI models may be updated after production through OTA updates. Compliance evidence must be maintained across the lifecycle, not just at the point of initial type approval.
4. Human oversight and driver interaction
Human oversight is one of the most important AI Act themes for ADAS and autonomous driving. In vehicles, this is closely linked to driver monitoring, handover design, system limitations and human-machine interface strategy.
For Level 2 and Level 3 systems, the driver may still play a critical role in supervising or resuming control. This makes it essential that AI-enabled vehicle systems communicate clearly, avoid overtrust, and support safe human intervention when required.
A weak handover strategy, unclear system status or misleading automation claim could create both safety and regulatory risk.
5. Robustness, accuracy and cybersecurity
AI-enabled vehicle systems must be robust enough to handle real-world conditions. They must also be protected against cybersecurity risks, including data poisoning, adversarial inputs, model manipulation and attacks on connected vehicle infrastructure.
This creates a direct link between the EU AI Act and existing automotive cybersecurity frameworks such as ISO/SAE 21434, UN R155 and the Cyber Resilience Act. AI safety and cybersecurity can no longer be treated as separate workstreams. For connected and autonomous vehicles, they are increasingly part of the same assurance challenge.
How the EU AI Act interacts with SOTIF, ISO 26262 and ISO/SAE 21434
Automotive companies already operate within a dense safety and cybersecurity framework. The EU AI Act adds to this landscape rather than replacing it.
ISO 26262 focuses on functional safety, particularly hazards caused by malfunctioning electrical and electronic systems.
ISO 21448/SOTIF addresses safety of the intended functionality, including performance limitations and foreseeable misuse where no system fault has occurred.
ISO/SAE 21434 focuses on road vehicle cybersecurity engineering across the lifecycle.
The EU AI Act introduces a broader governance structure around AI system risk, data quality, transparency, oversight and post-market monitoring. For AI-enabled ADAS and autonomous driving, these frameworks will need to work together.
For example, an AI perception system may need:
- Functional safety analysis under ISO 26262.
- SOTIF analysis for performance limitations and edge cases.
- Cybersecurity analysis under ISO/SAE 21434.
- AI Act classification and compliance assessment.
- Data governance and model validation evidence.
- Post-market monitoring and update management.
This is why the EU AI Act should be treated as part of the vehicle safety assurance process.
What the EU AI Act means for autonomous driving
Autonomous driving is one of the clearest areas where the EU AI Act could influence future vehicle development. AI is central to how autonomous systems perceive the world, predict behaviour, make driving decisions and adapt to complex environments.
For autonomous vehicles, the key compliance questions will include:
- Can the AI system’s intended function be clearly defined?
- Is the operational design domain clearly documented?
- How are edge cases identified and validated?
- What happens when the AI system is uncertain?
- How is human oversight designed, if applicable?
- How are model updates controlled after deployment?
- How are serious incidents detected and reported?
- Can the safety case explain the role and limits of AI?
The challenge is that AI systems can be difficult to explain in traditional engineering terms. A rule-based system can often be traced through explicit logic. A machine learning model may require different forms of evidence, such as scenario coverage, dataset quality, model performance testing, simulation, real-world validation and continuous monitoring.
The EU AI Act will increase pressure on autonomous vehicle developers to make AI safety evidence more structured, auditable and explainable.
What should OEMs and suppliers do now?
Automotive companies should not wait until 2027 or 2028 to begin preparing. The most important work is organisational and technical: knowing where AI is used, what risk level applies, and what evidence is needed.
A practical preparation plan should include:
First, create an AI inventory. OEMs and suppliers need to map where AI is used across vehicle systems, engineering tools, customer platforms, manufacturing, aftersales and mobility services.
Second, classify AI systems by risk. Not every automotive AI application will be high-risk, but safety-relevant systems require early assessment.
Third, connect AI governance to existing safety and cybersecurity processes. AI Act compliance should be integrated with ISO 26262, SOTIF, ISO/SAE 21434, UN R155 and UN R156 workflows.
Fourth, strengthen data governance. Teams should document training data sources, data quality controls, labelling processes, bias checks and scenario coverage.
Fifth, build lifecycle monitoring. AI systems need post-market monitoring, update control and incident response processes.
Sixth, prepare supplier requirements. AI compliance will depend on the wider supply chain, especially where suppliers provide models, datasets, software components or validation evidence.
Key takeaways: EU AI Act and AI vehicle safety
The EU AI Act will have a significant impact on automotive AI, particularly where AI is used in safety-relevant systems such as ADAS, autonomous driving, driver monitoring and connected vehicle functions.
For OEMs and suppliers, the main challenge is understanding where AI systems fall within the Act’s risk-based framework. High-risk AI systems will require stronger evidence around risk management, data quality, documentation, human oversight, robustness, cybersecurity and post-market monitoring.
The regulation also reinforces a wider shift in automotive engineering. Vehicle safety is no longer only about mechanical reliability or electrical system integrity. It now includes software behaviour, AI model performance, data quality, human-machine interaction and cyber resilience.
In short, the EU AI Act pushes the automotive industry towards a new model of AI safety assurance. The winners will be the companies that can prove their AI systems are not only innovative, but trustworthy, traceable, secure and safe across the full vehicle lifecycle.
FAQs
What does the EU AI Act mean for automotive?
The EU AI Act introduces risk-based rules for AI systems. In automotive, it is most relevant to AI used in safety-critical or safety-related applications, including ADAS, autonomous driving, driver monitoring, predictive maintenance and connected vehicle systems.
Are autonomous vehicles covered by the EU AI Act?
Autonomous vehicles may be affected where AI systems are used as part of safety-relevant vehicle functions or regulated product systems. The exact obligations depend on the AI system’s role, risk classification and interaction with existing automotive regulations.
Is ADAS considered high-risk AI?
Some ADAS functions may be considered high-risk where AI is used in a safety component or where system failure could create serious risk to health or safety. Non-safety AI functions, such as personalisation features, may carry lower obligations.
What are the most important EU AI Act dates for automotive?
The AI Act entered into force on 1 August 2024. Prohibited AI practices and AI literacy obligations began applying from 2 February 2025. GPAI obligations began applying from 2 August 2025. Transparency rules begin from August 2026, while certain high-risk AI timelines now extend to December 2027 or August 2028 depending on the system type.
How should OEMs prepare for the EU AI Act?
OEMs should create an AI inventory, classify AI systems by risk, connect AI governance to ISO 26262, SOTIF and cybersecurity processes, improve training data governance, strengthen supplier requirements and build lifecycle monitoring for AI-enabled systems.
