The compliance countdown has begun for AI businesses operating in the EU
The AI law is a broad set of rules for technology companies operating in the EU, banning certain uses of artificial intelligence tools and imposing transparency requirements on developers. The law was officially passed in March after two years of hesitation and includes several compliance steps that will be rolled out in waves. Now that the full text has been published, the clock is ticking on the compliance deadlines that companies must meet. The AI law will come into force in 20 days, on August 1, and the next deadlines will be tied to that date.
The new law prohibits certain uses of AI, and these prohibitions are part of Article 1. The AI law bans the use of applications that "threaten the rights of citizens," such as biometric classification to obtain information such as sexual orientation or religion, or the inappropriate removal of individuals from the internet or surveillance camera footage. Systems that attempt to read emotions are banned in the workplace and schools, as are social rating systems, and in some cases, predictive policing tools. Such use is considered to pose an “unacceptable risk” and tech companies will have until February 2, 2025 to comply.
Nine months after the law comes into force, on May 2, 2025, developers will have codes of practice - a set of rules that outline what compliance with the legislation looks like: what criteria they must meet; key performance indicators; specific transparency requirements; and more. In three months, in August 2025, "general purpose artificial intelligence systems" such as chatbots will have to comply with copyright law and transparency requirements, such as sharing summaries of data used to train the systems.
By August 2026, the rules of the AI Act will apply generally to companies operating in the EU. Developers of certain “high-risk” AI systems will have up to 36 months (until August 2027) to comply with rules covering areas such as risk assessment and human oversight. This level of risk includes applications integrated into infrastructure, employment, essential services such as banking and healthcare, and the justice system. If they don’t, violating companies will be subject to fines equal to a percentage of their total turnover or a specified amount, with the maximum fine being 35 million euros (about $38 million), equivalent to 7 percent of annual global turnover, for violations of prohibited regimes.