The EU AI Act’s obligations begin to apply from 2 February. The first obligations to apply are the prohibitions, which ban the provision or use of AI in some scenarios. Fines are up to 7% of total worldwide annual turnover for non-compliance.

Global application

The AI Act will have a truly global application. That’s because it applies not only to organisations in the EU using AI or those providing, importing or distributing AI to the EU market, but also AI provision and use where the output is used in the EU. So, for instance, a company using AI for recruitment in the EU – even if it is based elsewhere – would still be captured by these new rules.

The Commission’s AI Office is expected to provide guidance on the scope of the prohibitions shortly, as well as on which ‘AI systems’ come within the scope of the AI Act.  

What do businesses need to do?

At this stage, businesses must first understand where AI is being used in their organisation, so that they can then assess whether any use cases may trigger the prohibitions. Building on that initial inventory, a wider governance process can then be introduced to ensure AI use is assessed, remains outside the prohibitions, and complies with the AI Act. This must also address the many other relevant legal risks and obligations – such as data protection, IP or discrimination.

What else happens on 2 February?

From 2 February, any organisations in scope must also take measures to ensure their staff - and anyone else dealing with the operation and use of their AI systems on their behalf - have a sufficient level of AI literacy. 

The AI Office will be exploring what this could look like in a webinar on 20 February and the Dutch data protection authority has already published brief guidance. AI literacy will play a vital role in AI Act compliance, as those involved in governing and using AI must understand the risks they are managing.