Artificial intelligence is no longer just an application

For several years, artificial intelligence was described as a clever tool on a screen. It could draft text, organise images, answer questions, summarise files or help a programmer. In 2026 that description is too small. AI is becoming infrastructure. It enters public administration, companies, laboratories, hospitals, banks, schools, courts and legislative work.

This changes the legal centre of gravity. The question is not only whether a tool made a mistake. It is who selected it, what data it used, whether a human supervised the result, whether records were kept, whether the person affected was informed and whether a decision can be challenged. Technology becomes a matter of governance, proof, responsibility and institutional trust.

Greece is part of that discussion through the European legal framework. The AI Act, the GDPR, cybersecurity rules, public procurement and digital service obligations will all matter. The practical lesson is clear: any organisation using AI in serious decisions must be able to explain the process, not only the output.

The European legal timetable

The core legal text is Regulation (EU) 2024/1689, known as the AI Act. It follows a risk based logic. A spam filter is not treated like a system that affects recruitment, education, access to public benefits, health, law enforcement or justice. The higher the impact on people, the stronger the duties for documentation, control and accountability.

The AI Act entered into force on 1 August 2024. Prohibited AI practices and AI literacy duties started to apply from 2 February 2025. Governance rules and obligations for general purpose AI models apply from 2 August 2025. The Act becomes broadly applicable on 2 August 2026, while certain high risk systems embedded in regulated products have a longer transition period until 2 August 2028 after the political agreement on simplification.

In practice, AI now has a legal calendar. Organisations need an inventory of the systems they use, a risk classification, clear provider and deployer roles, technical documentation, logs, human oversight and information for people affected by AI assisted decisions.

How states will be affected

States will be affected in three roles. First, as regulators, they must create competent authorities, supervision processes, penalties, sandboxes and guidance. Second, as buyers, they must demand documentation, audit rights, data security, explainability and clear supplier responsibility in public contracts. Third, as users, public services must keep a trace when an algorithm helps prioritise files, detect fraud or suggest an administrative action.

The public sector cannot hide behind technical complexity. If a citizen asks for an explanation, the answer cannot be that the model said so. There must be a procedure, a file, a responsible officer, criteria, correction options and human judgement where rights are affected.

AI will also become a factor of state capacity. Countries with computing infrastructure, usable public data, expert teams and legal clarity will deliver better services and attract investment. This is why the European discussion connects regulation with AI Factories, data spaces, skills and computing power. Regulation without infrastructure stays theoretical. Infrastructure without regulation becomes risk.

New technologies that change the legal questions

Multimodal models process text, image, sound, video, tables, code and documents together. That affects evidence, copyright, personal data protection and the authenticity of digital material. A photo, an audio file or a scanned document may now need technical verification before it is treated as reliable.

AI agents go one step further. They do not only answer a question. They can follow steps, call tools, complete forms, search information, draft documents and propose actions. Legally, this makes instruction, approval, audit trail and automation limits much more important.

Synthetic data can help research and development without directly exposing personal data, but it is not a magic solution. Re-identification risk, bias and quality must still be assessed. Edge AI in devices, vehicles, sensors and machines also raises practical questions: who updates the system, who secures it and who is responsible when it fails in real time.

Science becomes faster, but not simpler

Life sciences show the scale of the change. AlphaFold made protein structure prediction a practical scientific tool, and newer systems extend this work to molecular interactions. This affects medicines, vaccines, materials, agriculture and environmental science. It also raises legal and ethical questions about validation, liability, access and commercial control of knowledge.

In medicine, AI may support diagnosis, imaging review, drug discovery and personalised treatment. The closer it gets to a patient decision, the stronger the need for clinical evidence, informed consent, professional responsibility and protection of sensitive data.

In climate science and energy, models can improve forecasts and network planning. In education they may personalise learning, but they can also strengthen surveillance or unfair assessment. In social sciences they can analyse large datasets, but they can reproduce the errors and bias of the data on which they were trained.

What changes for legal practice

Law will not be replaced by a button. The work will change. Lawyers will need to understand when a tool is only support and when it influences a material judgement. They will need technical documentation in contracts, liability clauses, confidentiality controls, terms on model training, audit rights, cybersecurity duties and rules for human approval before a critical action.

Courts will face new evidence questions. How do we prove that a document, image or recording is authentic. How is an algorithmic result evaluated. When is expert evidence needed. How do we prevent a court or an authority from treating a technical output as unquestionable truth.

Contracts will more often include AI clauses. These will cover generated material, intellectual property, confidential data, logs, supplier changes, hallucination risk, retention rules and the right to inspect. Compliance will begin with simple questions: which AI tools are used, by whom, with which data, for which purpose and under whose responsibility.

Practical first steps

Businesses and professionals should start with an inventory. Many will discover that employees already use AI informally before any policy exists. The next step is risk classification. Marketing assistance is different from a system used for workers, customers, credit, health, education, public services or legal judgement.

Human oversight must be real. It is not enough for someone to sign a result that nobody checked. The person supervising must have time, knowledge and authority to correct or reject the output. Supplier contracts also need review for data use, confidentiality, sub-processors, logs, deletion, model changes and responsibility.

For citizens, the right approach is neither fear nor blind enthusiasm. AI can improve services and scientific work, but it must remain explainable, contestable and accountable when it affects rights. The next great skill will not be simply using AI. It will be knowing when to trust it, when to verify it and when to stop it.

References and useful sources

This article is informative and does not replace personalised legal advice for a specific case, contract or system.