The European AI Act (Regulation (EU) 2024/1689) was published in the EU’s Official Journal on 12 July 2024 and entered into force on 1 August 2024. The timetable for the phased transition of the Act can now be determined:
1 August 2024:
- The AI Act enters into force (20 days after publication in the OJ)
1 February 2025:
- Prohibitions on unacceptable risk AI systems come into force
- General provisions on subject matter, scope, definitions and AI literacy become effective
1 May 2025:
- Codes of conduct need to be ready and will start to be applicable
1 August 2025:
- Provisions on general-purpose AI become effective
- Provisions dealing with governance, conformity bodies, enforcement, confidentiality and penalties come into force
1 August 2026:
- All other provisions come into force, including regulation of high-risk AI systems listed in Annex III of the Act (but not AI systems within the EU product safety regulation regime listed in Annex II, e.g. physical products such as machinery, toys and medical devices)
1 August 2027:
- Regulation of high-risk systems within the EU product safety regulation regime (listed in Annex II) comes into force
This timetable shows the AI Act’s implementation approach, which is designed to give businesses and other organisations sufficient time to adapt their policies to the new regulations.
Any organisation using AI will now need to undertake the following actions:
- Conduct an AI mapping exercise to identify all AI systems and general-purpose AI (GPAI) models which are being (or will be) used or developed in the organisation.
- Clarifying how the AI systems and models are being used and the organisation’s role (e.g., provider, deployer, importer, distributor) to allow determination of the specific obligations under the Act.
- Determining which AI systems and models fall within the scope of the AI Act, by assessing whether these are “placed on the market” or “put into service” in the EU.
- Incorporating the AI Act’s requirements into due diligence processes and contracts.
- Assessing and hiring resources needed to support AI governance obligations.
- For the “high-risk AI systems”, preparing for compliance with requirements such as risk management systems, data governance, technical documentation, record-keeping, transparency, and human oversight.
- Businesses outside the EU will also need to comply with the requirements if the AI systems or their outputs are accessible or used in the EU.
- Monitoring the future codes of conduct and upcoming guidance.
With our technical and legal experience, we shall support businesses in their compliance obligations. Indeed, full compliance with the Act is not immediately required. However, as with the implementation of the European GDPR rules, early preparation can help avoid rushed implementation in the future.