The EU AI Act came into force today and businesses worldwide should familiarise themselves with the requirements to ensure compliance.

The EU AI Act is the first such regulation of its kind and has sweeping provisions with potentially extensive extraterritorial impacts.

The clock is certainly ticking – the prohibitions will apply from February 2 next year, with fines of up to 7% of worldwide turnover for breaches. Broad obligations around ensuring sufficient levels of AI literacy of staff will also apply to all in-scope organisations from next February.

The geographic scope of the AI Act is very broad, so organisations with any connections to the EU in their business or customer base will need an AI governance programme in place to identify and comply with their obligations.

AI governance will also be important for organisations to limit their litigation exposure, as we may see litigation arising, linked to these complex requirements or simply as a result of AI use. 

The AI Act itself does not create a private right of action for individuals, but the AI Liability Directive – which deals with non-contractual, fault-based claims – may progress after the summer. A revised Product Liability Directive dealing with strict liability for AI is close to being published, too.

There remain some wider questions, however. There is uncertainty at this stage over the definition of AI system itself, as well as when an AI system will be considered high-risk, amongst other questions. These are really important issues for organisations to understand which – if any – of the AI Act’s obligations apply to them.

In terms of the obligations, for many of these, the AI Act sets out the high-level obligation, but the detail of how organisations can comply will be provided by standards and guidance. CEN/CENELEC’s JTC 21 will be responsible for fulfilling the Commission’s standardisation request, publishing European standards, which when published in the Official Journal, become harmonised standards with a presumption of conformity. Particularly in the absence of guidance, we will be following the work of JTC 21 closely.

We also expect the regulatory framework for AI around the world to continue to evolve and grow in complexity, so will also be monitoring developments globally.