This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
THE LENS
Digital developments in focus
| 2 minute read

EU AI Act in force today

The EU AI Act entered into force today (1st August), 20 days after it was published in the Official Journal. As mentioned in my previous blog, while it will still be some time before the more substantive rules apply (most of the Act will not take effect for another two years, with some rules having an even longer lead time), now is the time for organisations to start preparing. Also some rules apply sooner - for example those prohibiting certain AI practices will apply from early next year (after six months). 

The AI Act - a quick reminder 

For a detailed look at what the Act covers see our article, but by way of a quick reminder, the EU AI Act:

  • is technology specific - it applies to AI Systems and General Purpose AI (or GPAI), as defined in the Act; 
  • is cross-sectoral, subject to certain exceptions – military and R&D use being two examples;
  • takes a risk-based approach. AI is either: (i) prohibited; (ii) high-risk (which is heavily regulated); (iii) has additional transparency requirements (sometimes called limited risk); or (iv) has minimal risk with no specific new rules. One AI system may trigger more than one category (for example, you could have a high-risk AI system which also has additional transparency obligations);
  • contains specific rules for GPAI models and systems – these would include models like those used by ChatGPT;
  • imposes obligations across the AI supply chain – from providers (developers) and deployers (users) to importers, distributors and certain manufacturers;
  • has wide extra-territorial reach – it will cover many developers and users based outside the EU;
  • includes some pro-innovation measures, including a requirement for sandboxes and provisions for SMEs; 
  • imposes high fines – the highest being the higher of €35m or 7% of worldwide annual turnover; and
  • is a Regulation – meaning it is directly effective across all Member States. Some enforcement will take place at national level and some (for example, in relation to GPAI’s) at EU level through the AI Office.

Now is the time to prepare

While the Act is detailed, we are still waiting for additional information (various codes of practice, standards, guidance etc.) to really understand how it will work in practice. However, now is still the time to check if you are in scope and start taking action if you are. 

If you are in scope, you should determine what risk category your AI falls into and what role you play within the AI supply chain (e.g. are you a provider or deployer). This will all determine the particular obligations you will face.  It is important to carefully check your role, as you may be a provider without realising it (if, for example, you put your name or trademark on a high-risk AI System that’s already on the market). Timing wise, developers are also being invited to voluntarily adopt key obligations ahead of the legal deadlines. See the AI Pact for more details. 

Now is also the time to check that you have appropriate AI governance in place, both for your compliance with the Act and for your AI use more generally. For more information on AI governance, see our blog - Good Governance around AI - what does it require? 

For more information on the key provisions of the Act, see our article. We have partnered with Cravath, Swaine & Moore LLP to produce an overview of the EU AI Act together with practical steps organisations can take now to comply and a comparison of the EU approach to AI regulation in the Act with the approaches taken by the UK and US. See also the EU's press release - here.  

Sign up to receive the latest insights. Click here to subscribe to The Lens Blog.

Tags

ai, digital regulation