Businesses have been urged to prepare for the EU AI Act as the regulation is set to be enforced over the coming months.
Having released the regulation in full in its Official Journal, the EU now looks to force businesses to take action ahead of the act officially coming into force on 1 August 2024.
This date marks the beginning of a staggered rollout, meaning the regulatory demands of the EU’s risk-based strategy will begin to mandate organizations gradually over the next two years.
Six months after the act becomes operational in early 2025, the EU’s policy on prohibited AI will be enforced, meaning organizations using AI systems deemed as “unacceptable” in risk will need to cease or comply.
The EU’s prohibited use cases include AI systems that exploit users based on “age, disability or a specific social or economic situation,” as well as systems that are used “to assess or predict the risk of a natural person committing a criminal offense.”
By April 2025, the EU’s codes of practice will apply to AI application developers - codes which the bloc’s AI Office shall “encourage and facilitate the drawing up of” in communication with unions.
Businesses will then face obligations for general-purpose AI models in August 2025, around 12 months after the act has been made official, with obligations for high-risk AI models set to come into effect after two years.
“In twenty days, the Act enters into force, setting a global standard for AI regulation,” Maria Koskinen, AI Policy Manager at Saidot, told ITPro.
“Its phased implementation timeline offers an immediate roadmap for businesses to adapt … this staggered approach allows organizations time to understand their obligations and align their operations with the Act’s requirements,” she added.
Shadow IT could frustrate compliance with the EU AI Act
According to Richard Wainwright, field CTO at Veritas Technologies, many workers are already using public generative AI tools at work and this could affect compliance with the act.
“The biggest challenge many businesses will face when it comes to compliance and AI is shadow IT, where employees may use it without the knowledge of IT teams,” he told ITPro.
“It’s therefore essential that proper training is provided to teams, so even if AI is being used, it is done so in a compliant and risk-free way,” he added.
Businesses need to clearly communicate policies around AI to use the technology effectively, Wainwright said, and he noted that the EU AI Act would likely come as a welcome development to businesses looking for guidance.
“The publication of the EU AI Act will be seen as a positive first step to many businesses and individuals who want to see more guidance and legislative processes in place around the use of AI technologies in the workplace,” he said.
