1. Military, defence and national security — Article 2(3)
The AI Act does not apply to AI systems placed on the market, put into service, or used "exclusively for military, defence or national security purposes" — irrespective of the entity carrying out those activities. Source: Article 2(3), Regulation (EU) 2024/1689.
The edge: the word is exclusively. Dual-use AI is not exempt. A computer-vision model trained for ISR (intelligence, surveillance, reconnaissance) and also licensed to a port authority for cargo screening loses the exemption for the civilian deployment. The defence contractor remains an AI Act provider for the civilian variant. The same model, two regimes.
Knock-on: AI used by national security agencies in border control, law enforcement intelligence and counter-terrorism may sit in a grey zone. Recital 24 stresses that the exemption does not extend to AI used for general-purpose policing, immigration controls or border management — those fall under Annex III high-risk categories. The AI Office is expected to publish further guidance, but pending that, the operator carries the classification risk.
2. Scientific research and development — Article 2(6) and 2(8)
Two distinct exemptions sit here. Article 2(6) excludes AI systems "specifically developed and put into service for the sole purpose of scientific research and development." Article 2(8) excludes any research, testing or development activity carried out before the AI system is placed on the market or put into service, except real-world testing.
The edge: the moment the model is placed on the market — including being made available "for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge" (Article 3(9)) — both carve-outs end. Publishing model weights on Hugging Face counts as placing on the market. So does a public API endpoint, even an unmonetised one.
Real-world testing outside the regulatory sandbox regime (Articles 57–63) is explicitly not covered by Article 2(8). A research team running a clinical pilot of a high-risk medical AI in a hospital is in scope from day one of testing — not from the day a paper is published.
3. Personal, non-professional use — Article 2(10)
"This Regulation does not apply to obligations of deployers who are natural persons using AI systems in the course of a purely personal non-professional activity." Source: Article 2(10), Regulation (EU) 2024/1689.
The edge: the exemption only covers the deployer. The provider obligations on the AI vendor (transparency under Article 50, conformity if high-risk, GPAI obligations under Article 53) remain. A consumer using a deepfake app for a private prank is not the regulated party — the app vendor still is.
Side-channel: "purely personal" is narrower than "non-commercial." A freelance journalist using an AI tool for paid client work is not personal use. A teacher using a marking AI on student work is professional. A lawyer redlining a contract with an AI is professional. The carve-out does not protect side projects that touch professional obligations.
4. Open-source GPAI — Article 53(2), with a hard ceiling
Open-source general-purpose AI providers are exempt from the technical documentation and downstream-information obligations of Article 53(1)(a) and (b), provided the model is released under a free and open-source licence with weights and architecture publicly available. The copyright policy under Article 53(1)(c) and the training data summary under Article 53(1)(d) remain mandatory. Source: Article 53(2), Regulation (EU) 2024/1689.
The edge — the systemic-risk ceiling: the open-source carve-out evaporates the moment the model is classified as "GPAI with systemic risk" under Article 51. The threshold is cumulative training compute exceeding 10²⁵ FLOPS, or a Commission decision based on capability and reach. A 50B-parameter open-weights model trained at frontier scale is not exempt — every Article 55 obligation (model evaluation, adversarial testing, systemic risk mitigation, cybersecurity, incident reporting) applies.
And a downstream catch: open-source carve-outs at provider level do not modify the obligations of deployers. A bank using an open-source GPAI for credit scoring is in Annex III 5(b) territory regardless of what the model's licence says.
5. SMEs — Article 99(6) is fine relief, not exemption
There is no SME exemption from substantive AI Act obligations. Article 99(6) requires market surveillance authorities to give due regard to the size of the undertaking and its annual turnover when imposing administrative fines. SMEs and start-ups also benefit from priority access to regulatory sandboxes (Article 57) and simplified documentation pathways "where possible." The conformity assessment, risk management, post-market monitoring and incident reporting obligations are unchanged.
What the AI Act explicitly does not exempt
- Free or trial deployments. "Free of charge" is named in the definition of placing on the market (Article 3(9)).
- EU institutions. Recital 22 confirms EU bodies are bound by the same regime as private operators.
- Charitable, educational or religious organisations using AI for any purpose other than a natural person's personal activity.
- Internal-only AI if it makes decisions about employees (Annex III 4: HR), customers (Annex III 5: essential services) or students (Annex III 3: education).
- Pre-market academic models the moment weights are released publicly.
Real numbers Fontvera tracks
- 743 AI Act obligations mapped — none of them disappear because an exemption applies; rather, the exemption removes the obligation only for the specific entity and use case in question.
- 22 AI Act ↔ other-regulation overlaps in the cross-reference graph that are not dissolved by Article 2 (because the other regulation — GDPR, NIS2, DORA, DMA, DSA — has its own scope rules).
- 32 EU member states + EEA covered; jurisdictional carve-outs do not exist within the Union for AI Act applicability.
Penalty exposure if you misclassify
Wrongly relying on an exemption is treated as the underlying breach, not as a separate offence. If a system you classified as exempt turns out to fall under Article 5 prohibition, the ceiling is €35,000,000 or 7% of worldwide turnover (Article 99(1)). For misclassified high-risk systems the ceiling is €15,000,000 or 3% under Article 99(2). For supplying inaccurate information to authorities while defending an exemption claim, Article 99(3) adds up to €7,500,000 or 1%.
Run your free AI Act compliance diagnostic
If you are inside an exemption edge — open-source GPAI, dual-use defence, hospital research pilot — Fontvera's diagnostic returns the classification with the specific articles that apply.