The EU AI Act: What Businesses Need to Know

The new European Union’s Artificial Intelligence Act (AI Act) introduces a comprehensive regulatory framework for AI systems across the EU. It aims to harmonize AI rules, fostering innovation while ensuring the protection of fundamental rights.

The AI Act uses a rather broad definition of AI systems and encompasses a wide range of applications, from simple AI chatbots to complex decision-making algorithms used in finance, healthcare, and law enforcement.

The AI Act applies to a wide range of AI providers and users, regardless of whether they are based in the EU. Specifically, it covers:

• AI system providers placing AI on the EU market, even if they are based outside the EU.

• Companies deploying AI systems within the EU.

• Foreign providers and users whose AI systems generate outputs used in the EU.

• Importers and distributors of AI technology.

• Manufacturers who integrate AI systems into their products.

• Authorized representatives of non-EU AI providers.

• Individuals and businesses within the EU affected by AI systems.

However, the AI Act does not apply to AI systems used exclusively for military, defense, or national security purposes, nor does it regulate AI developed strictly for scientific research and development.

The AI Act introduces a risk-based framework, categorizing AI systems into four levels:

1. Minimal Risk: AI-powered applications like spam filters and recommendation systems face no mandatory obligations, though voluntary ethical guidelines are encouraged.

2. Specific Risk: AI systems such as chatbots and deepfake generators must clearly disclose their artificial nature to users. AI-generated content must be labeled, and biometric recognition systems used for categorization or emotional analysis require transparency.

3. High Risk: AI used in hiring, credit scoring, and healthcare is subject to strict compliance measures, including:      

• Risk mitigation strategies

• High-quality datasets

• Detailed documentation

• Human oversight

• Cybersecurity requirements.

4. Unacceptable Risk: AI applications that pose a threat to fundamental rights are banned. These include:

• AI systems designed to manipulate human behavior and bypass free will.

• AI tools enabling social scoring (e.g., ranking individuals based on personal behavior).

• Certain biometric surveillance tools used in public spaces, except in limited law enforcement cases.

Companies failing to comply with the AI Act face severe penalties, with fines reaching up to 7% of global annual turnover for the most serious breaches.

Implementation Timeline

The AI Act has a staggered rollout, with key milestones including:

• February 2, 2025: Prohibitions on high-risk AI practices and core definitions take effect.

• August 2, 2025: Rules regarding regulatory oversight, AI system classification, and enforcement mechanisms become applicable.

• August 2, 2026: General EU-wide enforcement of the AI Act begins.

• August 2, 2027: Specific regulations for high-risk AI systems take effect.

What This Means for Businesses

Companies operating in the EU must evaluate their AI systems and determine their risk classification to ensure compliance. This includes implementing transparency measures, conducting risk assessments and establishing human oversight mechanisms.

The Road Ahead

The AI Act positions the EU as a global leader in AI regulation, balancing technological innovation with ethical responsibility. Businesses must proactively adapt to these regulations, ensuring their AI applications remain compliant, transparent, and trustworthy.

As AI continues to evolve, staying informed and compliant will be crucial for businesses seeking to navigate the new regulatory landscape.

By Mgr. Radek Werich LL.M.

Download

Author