Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)Text with EEA relevance, otherwise known as the AI Act, was published in the Official Journal on Friday 12 July 2024.
This means that the AI Act will enter into force on 1 August 2024. Now that the AI Act’s effective date is at last known, the timetable for phased transition can be determined:
1 August 2024:
- The AI Act will enter into force (20 days after publication)
1 February 2025:
- Prohibitions on unacceptable risk AI systems come into force
- General provisions on subject matter, scope, definitions and AI literacy become effective
1 May 2025:
- Codes of conduct must be ready, and start to be applicable
1 August 2025:
- Provisions on general-purpose AI become effective
- Provisions dealing with governance, conformity bodies, enforcement, confidentiality and penalties come into force
1 August 2026:
- All other provisions come into force, including regulation of high-risk AI systems listed in Annex III (but not AI systems within the EU product safety regulation regime listed in Annex II, e.g. physical products such as machinery, toys and medical devices)
1 August 2027:
- Regulation of high-risk systems within the EU product safety regulation regime (listed in Annex II) comes into force
The timetable reflects the staggered implementation approach of the AI Act, allowing businesses and organisations time to adapt to the new regulations gradually.
Key actions which should be taken now include:
- Conducting an AI mapping exercise to identify all AI systems and general purpose AI (GPAI) models which are or will be used or developed.
- Clarifying the organisation's role for each AI system and GPAI (e.g., provider, deployer, importer, distributor), in order to determine the specific obligations under the Act.
- Determining which AI systems and GPAI models fall within the scope of the AI Act, by assessing whether they are "placed on the market" or "put into service" in the EU.
- Incorporating the AI Act’s requirements into due diligence processes and contracts.
- Assessing and hiring resources needed to support governance activities, as demand for AI governance professionals is likely to increase.
- For high-risk AI systems, preparing for compliance with requirements such as risk management systems, data governance, technical documentation, record-keeping, transparency, and human oversight.
- For non-EU businesses, assessing whether AI systems or their outputs are accessible or used in the EU, as the AI Act will likely still apply.
- Keeping informed about upcoming guidance and codes of conduct, which will provide more detailed information on compliance requirements.
By taking proactive steps now, businesses can position themselves to comply with the AI Act's requirements as they come into force over the next few years. Whilst full compliance is not immediately required, early preparation can help avoid rushed implementation and the risk of potential penalties later on.
Please do get in touch with Tim Wright or your usual Fladgate contact to discuss how we can assist with your AI compliance programme.