The Splitblog in February: Everything Companies Need to Know About the EU AI Act Now
The EU AI Act has been in force since August 2024. A current draft bill for an implementing act has now been adopted. The Federal Network Agency (Bundesnetzagentur) is to serve as the central point of contact for monitoring the EU requirements on artificial intelligence.
The EU AI Act is the first comprehensive legal framework for artificial intelligence worldwide. It is intended to promote trustworthy AI in Europe, minimise risks, and at the same time enable innovation. For companies, it is crucial to understand and implement the new requirements in order to avoid legal risks and secure competitive advantages.
What is the EU AI Act?
The EU AI Act is a framework that classifies AI systems according to their risk potential and defines corresponding regulatory requirements. The aim is to ensure safety, transparency, and compliance with fundamental rights when using AI.
Risk-based approach and categorisation of AI systems
The EU AI Act divides AI systems into four categories:
Unacceptable risk (prohibited)
Examples: Social scoring systems, manipulation of children, biometric categorisation based on sensitive characteristics.
Regulation: These systems are prohibited in the EU.
High risk
Examples: AI in medical devices, transport systems, recruitment, law enforcement.
Regulation: Strict requirements such as risk management, data governance, technical documentation, and human oversight.
Limited risk
Examples: Chatbots, deepfakes.
Regulation: Transparency obligations, e.g. labelling AI-generated content.
Low/no risk
Examples: Spam filters, AI in video games.
Regulation: No additional obligations, but general principles such as non-discrimination apply.
Conformity requirements for high-risk AI systems
Companies that use high-risk AI systems must meet the following requirements:
- Risk management: Continuous risk assessment and mitigation.
- Data governance: High-quality, representative, and error-free training data.
- Technical documentation: Proof of conformity.
- Logging: Automated recording of events for at least 10 years.
- Transparency: Clear information about capabilities, limitations, and risks.
- Human oversight: Mechanisms to control AI functions.
- Certification: Third parties must confirm compliance with the regulations.
- CE marking: Proof of conformity for the EU market.
Steps for implementation and compliance
- Determine the risk category
Use tools such as the AI Act Compliance Checker to review the classification of your AI system.
- Conduct risk assessments
Identify potential harms and implement risk mitigation measures.
- Create documentation
Maintain technical documentation, training data, and compliance evidence.
- Implement human oversight
Ensure that AI systems are controlled and monitored by humans.
- Meet transparency obligations
Inform users about AI-generated content and system limitations.
- Use a regulatory sandbox
Test AI systems in controlled environments to ensure compliance.
- Watch for updates
The EU AI Act will be further refined, e.g. through simplified implementation rules.
Implementation dates and penalties for non-compliance
- February 2025: Prohibited practices and AI literacy obligations enter into force.
- August 2025: Governance rules for General-Purpose AI (GPAI).
- August 2027: Full application for high-risk AI systems.
Penalties for non-compliance:
- Up to €35 million or 7% of global turnover for breaches of prohibitions.
- Up to €15 million or 3% of turnover for other breaches.
- Lower penalties for SMEs.
Conclusion: Why the EU AI Act matters
The EU AI Act ensures that AI is developed safely, transparently, and in line with European values. Companies that implement the requirements early can avoid legal risks, strengthen consumer trust, and position themselves in the EU market. Compliance with the AI Act is not only a legal obligation, but also an opportunity to drive responsible AI innovation.
For more information, please visit the official EU AI Act website.
Note: This article was created with the help of AI.
