As artificial intelligence (AI) continues to transform industries, governments around the world are moving to regulate its use. In the European Union (EU), the Artificial Intelligence Act (AI Act) is set to become one of the most significant regulatory frameworks for AI, with widespread implications for businesses that develop, deploy, or rely on AI systems.
For companies working in or doing business with the EU, it is important to understand and follow the AI Act. This article outlines what your business needs to know about the AI Act and its compliance requirements.
What is the AI Act?
The AI Act is a proposed regulatory framework introduced by the European Commission in 2021 to govern the development and use of AI technologies within the EU. It aims to ensure that AI systems are safe, respect fundamental rights, and promote innovation in a way that benefits society.
The Act follows a risk-based approach, categorizing AI systems into four levels of risk:
- Unacceptable Risk: These are AI systems that are banned outright, such as those that manipulate human behavior (e.g., social scoring by governments) or exploit vulnerable groups.
- High Risk: AI systems that could significantly impact individuals’ rights or safety, such as AI used in critical infrastructure, education, employment, and law enforcement, fall into this category. These systems will face strict regulatory requirements.
- Limited Risk: AI systems with transparency obligations, such as chatbots or AI systems that interact with humans, fall into this category.
- Minimal Risk: Systems with the lowest risk, like AI for spam filters or video games, will have minimal regulatory oversight.
EU AI Act compliance requirements for businesses
If your business develops or uses AI systems, especially high-risk ones, you will need to meet several key compliance requirements outlined in the AI Act.
Risk management and mitigation
For high-risk AI systems, businesses must implement a risk management system that evaluates the system’s performance and safety throughout its lifecycle. This includes identifying potential risks, testing the AI system for bias or inaccuracies, and taking corrective action when necessary.
Data Governance
AI systems rely heavily on data, and the EU AI Act mandates that businesses ensure the quality, integrity, and security of the datasets used to train and deploy these systems.
For high-risk AI, datasets must be free from bias and appropriately representative of the population on which they are used. Additionally, businesses will need to demonstrate compliance with data protection laws, like the General Data Protection Regulation (GDPR), to prevent misuse of personal data.
Transparency and information disclosure
Businesses deploying high-risk AI systems will need to provide clear documentation to users and regulators. This includes the purpose of the AI system, its intended uses, limitations, and performance metrics. Transparency is crucial to build trust and ensure that users understand the AI system’s capabilities and risks.
Human oversight
One of the core principles of the AI Act is ensuring that humans retain control over AI systems. For high-risk applications, businesses must ensure that appropriate human oversight mechanisms are in place. This may involve allowing humans to intervene or override AI decisions when necessary to avoid harm or unjust outcomes.
Monitoring and post-market surveillance
Even after deploying AI systems, businesses are required to continuously monitor their performance. This involves assessing how the AI is functioning in real-world scenarios and identifying any potential negative impacts. Post-market surveillance is critical to ensure that AI systems remain compliant and safe throughout their use.
AI Act: Compliance, certification and penalties
High-risk AI systems will be subject to an AI conformity assessment process, where businesses must demonstrate that their AI systems meet the legal requirements. Third-party audits may be necessary, and businesses will need to ensure that their systems comply with European standards.
Certification for AI systems, similar to how products like electronics receive safety certifications, may also be required.
Which are the penalties for non-compliance?
Non-compliance with the AI Act can result in substantial penalties. Fines for violations can be very high. They could reach up to 6% of a company‘s total annual revenue worldwide.
The fine could be €30 million, depending on which amount is greater. This places a strong emphasis on early compliance and ongoing diligence to avoid costly penalties.
EU AI Act: timeline for implementation
The timeline for the implementation of the EU AI Act is extensive and complex. Here are the key dates your business should look out for:
February 2nd, 2025: Prohibitions on some AI systems start to be applied.
August 2nd, 2025: The following rules start to apply:
- Notified bodies;
- GPAI models
- Governance
- Confidentiality
- Penalties
August 2nd, 2026: The remainder of the EU AI Act starts to be applied (except Article 6)
August 2nd, 2027: Article 6 starts to be applied. At this point, all the regulation should be active and applied
To know more about this timeline, refer to the the EU AI Act official timeline page.
How can businesses prepare for AI governance under the AI Act?
Given the broad scope of the AI Act, businesses need to take proactive measures to ensure compliance. Here are some practical steps to help your company prepare:
1. Conduct an audit
Review all AI systems in use within your organization and classify them according to the AI Act’s risk levels. Identify whether any of your systems fall into the high-risk category and need additional scrutiny.
2. Develop a compliance framework
Implement a robust AI governance structure within your company. This includes creating a framework for assessing and mitigating risks, ensuring transparency, and establishing oversight mechanisms. Collaborating with legal and compliance experts who specialize in AI regulation will be crucial.
3. Invest in ethical AI development
Ensure that your AI systems are developed with a focus on fairness, transparency, and accountability. Incorporating these ethical principles from the start will not only help with compliance but also promote trust with users and stakeholders.
4. Stay informed
The regulatory landscape for AI is still evolving. Keep track of updates to the AI Act as it moves through the legislative process. Join industry groups, attend AI compliance workshops, and consult with experts to stay ahead of potential changes.
The global impact of the AI Act
Although the AI Act is an EU initiative, its influence will extend beyond Europe. Companies around the world that wish to operate in the European market or work with European partners will need to align their AI practices with the AI Act.
Furthermore, the AI Act could serve as a model for AI regulation in other jurisdictions, with global standards possibly emerging based on its framework.
How can DAIN help you ensure your business is ready for the EU AI Act?
The AI Act represents a significant step in the regulation of artificial intelligence, particularly for businesses operating in high-risk sectors.
Understanding the compliance requirements and acting early will be essential for businesses to navigate this new regulatory landscape successfully. By fostering responsible AI use, the AI Act aims to strike a balance between innovation and protecting fundamental rights, creating a safer and more transparent AI ecosystem.
For businesses, now is the time to review your AI practices. Assess any potential risks and create a strong compliance strategy. DAIN Studios is the right partner to help you with this. With 8 years of AI expertise, we can offer you more than advice – we can guide you through the EU AI Act and implement the technical changes needed for compliance.
Get in touch with us and discover how we can help you navigate the EU AI Act and stay compliant.