‍Who is covered by the AI Act?

The AI Act applies to:

• AI system providers: Organizations developing and selling AI solutions within the EU or to the EU market, regardless of their location.
• AI system users: Companies and public authorities within the EU implementing AI in their operations.
• Importers and distributors: Entities importing or distributing AI systems within the EU.

This means that both EU-based companies and international actors seeking to operate in the European market will be affected.When does the AI Act come into force?The AI Act was formally adopted in 2024. The timeline for its implementation is:

• Partial enforcement: Some high-priority rules for high-risk AI systems take effect in February 2025.
• Full enforcement: All rules are expected to be fully applicable 24 months after publication.

Where to start if you haven't begun preparations?

‍To quickly and efficiently prepare for the AI Act, follow these key steps:

1. Classify your AI systems: Determine if your systems fall under "prohibited," "high risk," "limited risk," or "minimal risk."
2. Risk assessment: Conduct thorough risk analyses, especially for high-risk AI.
3. Documentation and transparency: Establish technical documentation outlining how the AI system functions and what data it uses.
4. Human oversight: Ensure that high-risk AI systems have mechanisms for human supervision.
5. Training programs: Implement courses and workshops covering both technical and ethical aspects of AI. Ensure employees understand the AI Act and its requirements, as well as how AI can be used safely and responsibly within the organization.
6. Data governance: Implement robust data governance procedures to avoid bias and ensure data quality.
7. Registration: High-risk AI systems must be registered in an EU database.

What happens if you are not compliant?

‍Non-compliance can result in:

• Hefty fines: Up to €35 million or 7% of global annual turnover, whichever is higher.
• Market restrictions: Bans on selling or using non-compliant AI systems.
• Reputational damage: Negative publicity that can erode trust among customers and partners.

What governance framework adjustments may be necessary?

‍To ensure compliance, organizations may need to:

• Integrate AI governance into existing structures: Clearly define roles and responsibilities for AI compliance.
• Update policies and guidelines: Incorporate specific AI-related requirements, such as ethical guidelines and data security protocols.
• Training: Include AI-related education in governance documents, covering the AI Act, its requirements, and guidelines for safe and responsible AI use within the organization.
• Monitoring and audits: Establish continuous monitoring of AI system performance and compliance.
• Incident management: Develop procedures for promptly handling and reporting AI-related incidents.

Conclusion

‍The AI Act marks a new era of responsible AI usage. By understanding who is affected, what requirements must be met, and how governance frameworks need to be adapted, organizations can not only avoid sanctions but also build trust and gain competitive advantages in a rapidly evolving market.