The EU's AI Act has officially entered into law, and European businesses will have to start complying with the new rules in less than three weeks.
The Act was published today in the EU Journal, which is one of the final stages in its journey through the Parliament's legislative process.
This means the Act will come into force in 20 days on 1 August, 2024, and will be fully applicable within 36 months.
The Act covers any AI system within the EU that is “on the market”, and affects both AI providers (vendors) and deployers (the organisations using these systems).
Charlie Bromley-Griffiths, corporate counsel at business software provider Conga, said: “The legal countdown has started. From a compliance perspective, businesses need to move fast. Indeed, many organisations still need to educate AI and train these systems, but this is very much reliant on their own internal data architecture.”
She added: “Companies need to ensure all data is accurate and readily available, and that their current AI applications are compliant with the new regulation. The Act is characterised by a risk-based approach, which is also reflected in the structure of the transitional periods.”
Organisations will need to be “scrupulous” with their data management and ensure they have measures in place to comply with the new law and the evolving regulatory landscape, said Bromley-Griffiths.
“Given the pace at which this technology has evolved, it’s likely that more regulatory shifts are on the horizon, especially as the political bodies continue to map out these laws and better understand the technology and its capabilities.
“As such, organisations should remain proactive, ensuring they meet current requirements while also being in the best position to adapt to future legislation,” Bromley-Griffiths added.
The potential maximum penalties for non-compliance are severe. Companies could face fines of up to €30m, or 7% of their global annual revenue. Different tiers apply depending on violations, as defined by the Act.
