AI Act: Key Dates, Penalties, and Compliance Tips

Key Takeaways

• The E.U.’s AI act officially entered into force on Thursday, Aug. 1.
• Provisions of the Act will be rolled out in stages.
• The first rules will come into effect in February 2025. The final ones in August 2027.

The E.U.’s Artificial Intelligence Act (AI Act) officially entered into force on Thursday, Aug. 1, but its provisions don’t apply from day one.

Instead, its enactment starts the clock on a three-year countdown to full implementation, giving the affected companies time to bring their compliance regimes in line.

Enforcement Timeline

In the tradition of E.U. regulation, a phased rollout will stagger the introduction of the AI Act’s provisions from now until August 2027, with the first ones applying in February 2025:

• February 2025: Chapters I (general provisions) and II (prohibited AI systems).
• August 2025: Chapter III Section 4 (notifying authorities), Chapter V (general purpose AI models), Chapter VII (governance), and most of Chapter XII (confidentiality and penalties).
• August 2026: The rest of the AI Act will apply, except for Article 6(1).
• August 2027: Article 6(1) relating to high-risk systems.

AI Act Penalties Explained

The AI Act introduces a tiered penalty system for violations committed by companies subject to the regulation.

1. Up to €35 million or 7% of global annual turnover (whichever is higher): For violations of the prohibited AI practices and the requirements for high-risk AI systems.
2. Up to €7.5 million or 1% of global annual turnover: For providing incorrect, incomplete, or misleading information to the national competent authorities.
3. Up to €15 million or 3% of global annual turnover: For non-compliance with any other obligations under the AI Act.

Compliance Tips

With three years to go before the AI Act is fully implemented, many AI firms have already put measures in place to comply with the new rules. Measures to ensure compliance generally fall into one of two categories: risk management and data governance.

Risk Management

• Identify all AI systems used and classify them according to the AI Act’s risk categories. 
• High-risk systems, such as those used in recruitment or critical infrastructure, require more stringent controls.

Data Governance

• Maintain detailed documentation of data sources, collection methods, and processing techniques for audits and assessments.
• Adhere to E.U. data protection law.
• Ensure personal data used in AI systems is appropriately anonymized or pseudonymized.

The act is reportedly the world’s first legal framework on AI, designed to address the risks associated with artificial intelligence. By establishing clear guidelines and standards for AI, the E.U. aims to promote ethical and human-centric AI development and responsible use of AI technologies.