The EU AI Act: World’s first comprehensive AI Law as of August 2024

The transformative power of AI is undeniable, offering “magic-like” solutions that drive efficiency and innovation, particularly for larger organizations.

Once you delve into the potential of AI tools, the opportunities they provide become impossible to ignore. A striking example of AI’s rapid adoption is OpenAI’s ChatGPT, which reached 100 million users within just two months; far surpassing the adoption rates of previous tech giants as seen in the graph below.

New AI applications are emerging at an unprecedented speed, and they are set to dominate the market due to their remarkable efficiency and adaptability, solidifying AI’s role as a game-changer, and businesses must adapt to keep up with their competition.

Organizations that embrace AI early on will be at the forefront of this evolution, reaping the rewards of streamlined operations and enhanced competitive advantage. However for those operating in the EU or targeting EU market, you must watch out for the heavy list of compliance requirements for the EU AI Act or risk a fine of up to 7% of global turnover.

As AI products increasingly shift to off-the-shelf procurement, organizations are simultaneously exploring custom AI tools for specialized applications. The EU AI Act, for instance, mandates a comprehensive set of compliance requirements that must be addressed starting from the inception stages of product development and ongoing monitoring during implementation for both providers and deployers of AI systems.

High-risk AI systems, which will dominate business use cases; such as systems used in recruitment, finance, healthcare, and other sensitive sectors, carry significant regulatory requirements. These include strict standards for data governance, proactive risk monitoring, algorithmic bias mitigation, and oversight measures. Such requirements must be embedded into the AI system from its inception and during the lifecycle.

Both AI providers and deployers must therefore integrate compliance considerations into their AI project management plans to ensure successful and lawful implementation. Failure to do so can lead to costly delays, potential fines, and losing customer trust.

Key Timelines for AI Act Enforcement

The AI Act entered into force on August 1, 2024, with specific timelines for compliance:

  • Prohibited AI practices - February 1, 2025, these systems must be removed from use.

  • The requirements for high-risk AI systems will become enforceable after 24 months, giving organizations until August 1, 2026, to align their AI operations with the Act’s stringent standards.

These timelines provide a clear framework for companies to assess their AI systems and ensure compliance, safeguarding their operations from penalties. 

High-Risk AI Systems and Their Requirements

Central to the AI Act is its focus on high-risk AI systems, which will be used in sectors such as energy, finance, telecom and transportation. These systems, due to their potential impact on safety or fundamental rights, must comply with stringent requirements to ensure responsible AI principles such as human-centricity, transparency, safety, and accountability.

Key requirements include:

  • Continuous Risk Management: Monitoring and evaluating risks throughout the AI system’s lifecycle.

  • Transparency and Accountability: Ensuring AI decisions are explainable, traceable, and auditable.

  • Data Governance: Relying on high-quality during training and testing, secure data that meets strict privacy and intellectual property laws and avoiding biases and inaccuracies.

Despite the fact that there is still time to comply with the AI Act. The requirements for the AI Act must be considered in existing investment decisions on AI Applications. Companies should decide on their AI strategy, understand current and potential AI use, set clear standards and policies, provide role based trainings, and update organizational and data governance.

Looking Ahead

The AI Act brings both challenges and opportunities. While the penalties are significant, the benefits of embracing AI are far greater. Organizations that integrate AI responsibly will see gains in efficiency, cost savings, and competitive advantage, positioning themselves for long-term success.

ART25 Consulting can support in preparing your organization for this change, AI Governance can be built on top of existing compliance processes for privacy and risk management. And with proper AI literacy tailored for the various stakeholders, clear data governance and risk management processes, your organization can leverage the benefits of AI with high confidence.








Previous
Previous

Lessons from Apoteket’s GDPR Fine: Why did Apoteket receive a Sek 37 Million fine