The clock is ticking for firms to comply with the EU AI Act – here’s what you need to know
The EU AI Act will come into force at the start of August before a phased two-year rollout begins
Businesses have been urged to prepare for the EU AI Act as the regulation is set to be enforced over the coming months.
Having released the regulation in full in its Official Journal, the EU now looks to force businesses to take action ahead of the act officially coming into force on 1 August 2024.
This date marks the beginning of a staggered rollout, meaning the regulatory demands of the EU’s risk-based strategy will begin to mandate organizations gradually over the next two years.
Six months after the act becomes operational in early 2025, the EU’s policy on prohibited AI will be enforced, meaning organizations using AI systems deemed as “unacceptable” in risk will need to cease or comply.
The EU’s prohibited use cases include AI systems that exploit users based on “age, disability or a specific social or economic situation,” as well as systems that are used “to assess or predict the risk of a natural person committing a criminal offense.”
By April 2025, the EU’s codes of practice will apply to AI application developers - codes which the bloc’s AI Office shall “encourage and facilitate the drawing up of” in communication with unions.
Businesses will then face obligations for general-purpose AI models in August 2025, around 12 months after the act has been made official, with obligations for high-risk AI models set to come into effect after two years.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“In twenty days, the Act enters into force, setting a global standard for AI regulation,” Maria Koskinen, AI Policy Manager at Saidot, told ITPro.
“Its phased implementation timeline offers an immediate roadmap for businesses to adapt … this staggered approach allows organizations time to understand their obligations and align their operations with the Act’s requirements,” she added.
Shadow IT could frustrate compliance with the EU AI Act
According to Richard Wainwright, field CTO at Veritas Technologies, many workers are already using public generative AI tools at work and this could affect compliance with the act.
“The biggest challenge many businesses will face when it comes to compliance and AI is shadow IT, where employees may use it without the knowledge of IT teams,” he told ITPro.
“It’s therefore essential that proper training is provided to teams, so even if AI is being used, it is done so in a compliant and risk-free way,” he added.
Businesses need to clearly communicate policies around AI to use the technology effectively, Wainwright said, and he noted that the EU AI Act would likely come as a welcome development to businesses looking for guidance.
“The publication of the EU AI Act will be seen as a positive first step to many businesses and individuals who want to see more guidance and legislative processes in place around the use of AI technologies in the workplace,” he said.
George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.