EU AI Act Compliance Looms for Political Tech
With the EU AI Act entering its implementation phase, tech vendors face strict new rules for "high-risk" systems used in political campaigns and public sector comms. Experts warn that compliance will shift from abstract principles to operational checklists, requiring features like content labeling and risk assessments. Public sector clients are already shying away from "black-box" tools, making compliance a key product differentiator.
The EU AI Act's tiered compliance deadlines are fast approaching, with rules for prohibited AI practices having already taken effect in February 2025. Obligations for providers of general-purpose AI models will begin on August 2, 2025, with full compliance for all high-risk systems required by August 2, 2026. Penalties for non-compliance are severe and structured in tiers. Violations related to prohibited AI, such as social scoring or manipulation, can result in fines up to €35 million or 7% of a company's global annual turnover, whichever is higher. Breaches of other obligations, including those for high-risk systems, can lead to fines of up to €15 million or 3% of global turnover. AI systems are classified as "high-risk" if they are used in sensitive areas such as critical infrastructure, education, employment, and law enforcement. Specifically for the political sphere, any AI system intended to influence the outcome of an election or the voting behavior of individuals is categorized as high-risk. This classification triggers extensive compliance requirements, including risk management, data governance, human oversight, and detailed technical documentation. Enforcement of the AI Act will be handled by national authorities and the new European AI Office, which was established in February 2024. This office has the power to request documentation, conduct evaluations of AI models, and impose sanctions for non-compliance, ensuring a coordinated enforcement approach across the EU. The Act is already influencing public procurement, with government bodies becoming more cautious about AI solutions that lack transparency. Public authorities are now integrating the AI Act's complex requirements into their procurement processes, demanding that vendors provide clear documentation and demonstrate compliance with rules on data quality, human oversight, and cybersecurity. This shift is making regulatory adherence a critical factor for any tech company selling to the public sector in Europe.
