The AI Act is EU legislation designed to regulate AI systems within the single market, using a risk-based approach to ensure safety and uphold human rights.
Organisations must understand the new compliance requirements and deadlines to adapt effectively. This guide delves into the essentials of the AI Act, focusing on its implications, timelines, and integration with the GDPR.
What is The AI Act?
The AI Act establishes a regulatory framework for AI systems within the EU. It takes a risk-based approach, categorising AI systems by their impact on safety, human rights, and societal well-being. Some AI systems are banned, while high-risk systems face stricter requirements. Compliance levels vary with risk, ranging from prohibited to high and low risk.
How will the AI Act and the GDPR work together?
The AI Act complements the GDPR. While the AI Act focuses on product safety and responsible AI deployment, the GDPR protects fundamental human privacy rights. Both laws work hand in hand to ensure AI technologies are used responsibly and ethically.
Where Are We At The Moment?
The European Council approved the AI Act on 21 May 2024. Its phased implementation over two years gives organisations time to adjust. This legislation applies to public and private entities operating within the EU’s single market, including companies, institutions, government bodies, and research organisations.
When will the AI Act apply?
The AI Act will be published in the Official Journal of the European Union and will enter into force twenty days later. The new law applies from 2026. The EU AI Office, established on 16 June 2024, will support implementation across Member States.
Important deadlines include a six-month compliance period for AI systems with unacceptable risks and a twelve-month deadline for General Purpose AI rules. High-risk AI providers must follow monitoring plans issued eighteen months post-implementation.
Timeline and Important Deadlines
The Act becomes law by mid-2024, with various stages for compliance:
Six months later: Ban on AI systems posing unacceptable risks.
Nine months later: The AI Office finalises codes of conduct for responsible AI development and use.
Twelve months later: Rules for General Purpose AI (GPAI) come into effect.
Eighteen months later: Implementing acts for high-risk AI providers.
Stricter Requirements for High-Risk Systems
High-risk AI systems include biometric technologies like fingerprint and facial recognition. These must comply with Annex III regulations within 24 months of the AI Act’s application. Providers must adhere to strict monitoring to identify and address risks.
By 2026, all high-risk systems must meet Annex III standards. In 2027, additional regulations outlined in Annex I will be enforced.
Conclusion
The AI Act signifies a major regulatory shift for AI users in the EU, necessitating stringent criteria and assessments for high-risk systems.
Staying informed and adaptable is vital for organisations to leverage AI’s potential while complying with new legal obligations.
The AI Act is pivotal for regulating AI deployment within the EU. Organisations must adhere to strict compliance timelines and requirements, particularly for high-risk systems.
With AI continuing to evolve, staying updated and flexible will be essential for maximising its benefits whilst fulfilling legal duties.