TaxLegi 30.06.2025

The European Union's Artificial Intelligence Act (Regulation (EU) 2024/1689) which has entered into force on 1^st of August 2024, is part of the vision “A Europe fit for the digital age” (also known as the EU digital strategy). It is a pivotal development in the regulation of AI, providing for the first time a comprehensive regulatory framework, which aims at striking a balance between obtaining the greatest benefits from AI systems and safeguarding  fundamental rights to enable democratic control.

The EU AI Act is a long legislative piece comprised of 13 Chapters, each codifying separate aspects ranging from transparency obligations, governance for ensuring compliance, codes of conduct, to enforcement and penalties.

Its enforcement is taking place in separate phases, the first one having started since February 2025, the second one taking place in August 2025 and full enforcement being implemented by August 2026, with further evaluations and impact assessments in 2027, 2028 up to 2030.

This article is part of a series of publications on the ambit, targets and a deeper dive on the Chapters of the Act and focuses on the parts which are already in force and such which come into force in a few weeks, specifically on 2^nd August 2025.

Scope

The EU AI Act contains a relatively extended preamble of over 40 pages, with specific descriptions on different rationales and the EU’s intentions within this AI codification. A noteworthy example is the explicit clarification that the identification or inference of emotions of natural persons as part of AI practice, such as happiness or sadness, is merely based on their biometric data.

Whilst the EU AI Act applies to a broad spectrum of stakeholders across the AI value chain, such as operators, providers, deployers, importers/distributors, product manufacturers, and authorized representatives,

territorially, its scope, extends beyond EEA borders. As such, compliance of AI Systems that may be placed in the EU market or affect EU individuals is mandatory, irrespective of their geographic origin, rendering the Act a global benchmark for AI governance.

Prohibited AI Practices

The first part of the Act already in force is Chapter II which declares the following AI practices as prohibited:

1. Manipulative Practices, whereby AI systems manipulate human behaviour in a manner that could cause physical or psychological harm are strictly forbidden. This includes systems that exploit vulnerabilities of specific groups, such as children or individuals with disabilities.
2. Social Scoring, such as evaluating individuals based on their social behaviour or compliance with certain norms, is prohibited, as it can lead to discrimination and violation of privacy rights.
3. Real-time Remote Biometric Identification in public spaces is banned, except in specific cases such as law enforcement for serious crimes, such as abduction or threat to life/safety.
4. Deepfakes and Misinformation: AI-generated content that can deceive individuals or mislead them, using untargeted scraping of facial images from the internet or CCTV footage.
5. Biometric categorisation: Systems for profiling, i.e. to deduce for example race, political opinions, religious beliefs or sexual orientation, is prohibited, as it promotes discrimination and inequality. Exception to this prohibition is the use of such systems for law enforcement in serious crimes referred to above.
6. Emotion-inference applications: use of AI systems to infer emotions of a natural person in the areas of workplace and education institutions is not allowed, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons.

General-purpose AI models

The further implementation of the EU AI Act as of by 2 August 2025 imposes certain obligations on providers of general-purpose AI models.

A ‘general-purpose AI model’ (GPAI) is defined as a model trained on large amount of data using self-supervision, integrated into a variety of downstream systems or applications, used in Europe and worldwide, covering a wide range of distinct tasks. GPAIs are classified into two categories depending on their impact capabilities, namely GPAI and GPAI with systemic risk.

Providers of GPAI models are required to:

• maintain comprehensive technical documentation for their models readily available to the AI Office, national authorities, and downstream providers upon request.
• implement policies to comply with Union copyright laws and publicly disclose detailed summaries of the training content used for their models.

Additionally, GPAIs with systemic risks are subject to enhanced obligations, such as performing model evaluations to identify and mitigate systemic risks and keeping track of all relevant information on serious incidents and possible corrective measures to their addressing.

The AI Office in collaboration with AI providers, national authorities, and other experts is expected to finalize the GPAI Code of Practice for providing details on consistent compliance of the above obligations by all GPAI providers.

Enforcement

The enforcement of the AI Act is phased and varies depending on the type and risk level of the AI model.  Some obligations for compliance are already in effect, while others are due over a three-year period.

Member States are required by 2^nd August 2025 to designate their national competent authorities and align the AI Act with their national policies, legal framework and digital infrastructure, recognizing both its regulatory imperative and strategic opportunity to foster innovation and economic growth.

Cyprus has named three authorities, namely:

• (i) the Commissioner for Personal Data Protection,
• (ii) the Human Rights Ombudsman and
• (iii) the Attorney General

in charge of overseeing compliance with the EU AI Act.

Penalties

Engaging with any of the prohibited AI practices listed in the Act can result in substantial financial penalties, reaching up to EUR 35 million or 7% of a company’s worldwide annual turnover. Similarly, the EU Commission may impose fines for intentional or negligent violation of reporting obligations of GPAI models under the Act, of up to 3% of a provider’s global annual turnover or €15 million, whichever is higher.

These penalties are designed to be effective, proportionate, and dissuasive, reflecting the EU’s commitment to responsible AI use.

Next steps

The obligation for organizations to maintain safe and responsible AI systems is not new, and given the high stakes - from financial exposure to reputational risk- there is an unquestionable need for businesses to meticulously examine their systems and practices in conjunction with the EU AI Act.

For additional information, please contact our team: 

Andria Koukounis, Partner, Andria.Koukounis@cylaw.ey.com 

Nicholas Yiasemis,  Manager, Nicholas.Yiasemis@cylaw.ey.com

Elina Iosifidou, Associate Lawyer, Elina.Iosifidou@cylaw.ey.com

On 17 June 2025, the Tax Department issued an announcement in relation to the extension of the deadline for the submission of the 2023 Income Tax Return (Form T.D. 4) for Companies and for Self-Employed individuals with an obligation to prepare accounts (Form T.D.1).

This announcement follows the one issued by the Tax Department on 20/03/2025, and refers to the decision of the Tax Commissioner that no monetary charge of €100 will be imposed with regards to the submission of Income Tax Return for Companies (Form T.D.4) and for Self-Employed individuals with an obligation to prepare accounts (Form T.D.1) for the tax year 2023, by persons who do not have an obligation to submit a Summary Information Table, if relevant returns are submitted by 30^th of November 2025.

Any submissions made after the 30^th of November 2025 will be subject to a monetary charge of €100 for late submission.

It is further noted in the announcement that, the deadline for submitting the Income Tax Return for the tax year 2023 by persons who, based on Article 33(10) of the Income Tax Law, have an obligation to submit a Summary Information Table in respect of Controlled Transactions, is also the 30^th  of November 2025.

For additional information, please contact our team:

Philippos Raptopoulos, Head of Tax and Legal Services, Philippos.Raptopoulos@cy.ey.com

Petros Liassides, Partner, Direct Tax, Petros.Liassides@cy.ey.com

Myria Saparilla, Partner, Direct Tax, Myria.Saparilla@cy.ey.com

Lefkios Xanthou, Manager, Direct Tax, Lefkios.Xanthou@cy.ey.com

Payment of temporary tax for 2025

As per the Assessment and Collection of Taxes Law, every company or individual (who derives income other than from emoluments), must pay temporary tax estimated on the taxable profit for income (corporate) tax purposes, for the same tax year. 

1. The temporary tax on such taxable profits is payable in two equal instalments as follows by: 

• 31^st of July 2025; and 
• 31^st of December 2025. 

If the tax is not paid before the end of the month following the month the instalment is due (i.e. 31^st of August 2025 and 31^st of January 2026, respectively for each instalment), interest is payable at the rate in force which currently is 5,50% per annum. Interest is calculated on the basis of completed months of delay.

2. Furthermore, failure to pay the due tax by 31^st of July and 31^st of December will result to a monetary charge of 5% on the tax due for each instalment (in addition to the 5,50% per annum interest). However, in practice the imposition of the 5% monetary charge will be made only if the tax is not paid by the end of the following month to which it relates (i.e. 31^st of August 2025 and 31^st of January 2026 respectively for each instalment). 

3. The estimate of chargeable income may be revised (upwards or downwards) at any time before 31^st of December 2025:

• If the estimate is revised upwards, interest is payable on the difference between the revised amount payable for each instalment due and the amount initially declared and paid. The interest is calculated for each completed month of delay for the period the instalment was due (e.g. if a revised estimation is prepared in September, the interest will be imposed only for the 1^st instalment for one complete month).
• If the estimate is revised downwards, the minimum amount that can be declared as temporary tax should be equal to the amount of the previous payment made (i.e. 1^st instalment declared). 

4. If the estimated chargeable income (as finally may be revised) is less than 75% of the actual chargeable income as this will be declared on the submitted income tax return for the year (Form TD4), then there will be an additional tax of 10% on the tax due. 

5.  Any tax due (including any additional tax of 10%) for year 2025 is payable by 1^st of August 2026. 

Payment of 2024 Final Corporate Income Tax and 2025 Provisional Tax installments can only be made via the Tax Portal System

The payment of the provisional tax (Code 200) and final income tax (Code 300) can only be made via the Tax Portal  (https://taxportal.mof.gov.cy/), provided that the relevant tax liability has been created. 

In addition, any payments that are subject to interest and penalties or relating to revised provisional tax, can be made through the Tax Portal, on the same proviso as above.   

Repercussions for late payment of tax by Companies and Self-Employed individuals with an obligation to prepare financial statements for the year 2024. 

1.  Any tax due (including any additional tax of 10%) for the year 2024 is payable by 1^st of August 2025. If payment is not made by 31^st of August 2025, interest will accrue at the applicable rate in force (currently 5,50% per annum) as from 1st of August 2025 on the basis of completed months of delay. 

2.  Furthermore, failure to pay the outstanding balance in respect of the 2024 income tax by 31^st of August 2025 will result to a fixed monetary charge of 5% on the tax due (including any additional tax of 10%). In addition, any outstanding tax (as this is declared on the income tax return) is subject to an additional monetary charge of 5% in case this is not paid within 60 days after the last day of the deadline for the payment of the relevant tax liability for that specific tax year (i.e. failure to pay for tax year 2024 by 1^st of October 2025 will result to an additional 5% monetary charge). 

For additional information with respect to this Alert, please contact the following:

Philippos Raptopoulos, Partner, Head of Tax and Legal Services, Tel: +357 25 209 740, Philippos.Raptopoulos@cy.ey.com

Petros Liassides, Partner, Direct Tax, Tel: +357 22 209 797, Petros.Liassides@cy.ey.com

Myria Saparilla Partner, Direct Tax, Tel: +357 96 795 037, Myria.Saparilla@cy.ey.com

Glykeria Terpizi, Senior Manager, Direct Tax, Tel: +357 25 209 716, Glykeria.Tepizi@cy.ey.com

The Council of Ministers has approved Decree (176/2025) which was published on June 20, 2025, in the Official Gazette of the Republic, providing for an extension to the deadline for submitting tax returns and for the payment of the due tax for the tax year 2024, by individuals who are not obliged to prepare accounts. The deadline for submitting the tax return for the tax year 2024, as well as the deadline for the payment of the tax due based on the said tax return by:

• individuals who are not self-employed, and
• self-employed individuals who are not required to prepare audited or reviewed accounts,

is extended until September 30, 2025.

For additional information, please contact the following:

Petros Liassides, Partner, Direct Tax Petros.Liassides@cy.ey.com

Herodotos Hadjipavlou, Senior Manager, Direct Tax Herodotos.Hadjipavlou@cy.ey.com

Michalis Karatzis, Director, Direct Tax Michalis.Karatzis@cy.ey.com

Stephanie Barbour, Senior, Direct Tax Stephanie.Barbour@cy.ey.com

Following the announcement from the Tax Department (“TD”) dated 13/01/2025, we would like to inform you that the process of transferring the Withholding Tax & Contributions Declaration form (T.D.7) to the new platform Tax For All (“TFA”) has commenced. Until the transfer of the T.D.7 form to the TFA platform is concluded, the submission or revision of any T.D.7 forms for the tax years up to and including 2023, will not be possible, either via Taxisnet or via the TFA platform. Regarding the exact date of the transfer of the Declaration to the TFA platform, the Tax Department, will issue a further announcement.