EU Focuses on AI Act Compliance Frameworks
European Union policymakers and technology industry leaders are collaborating to develop frameworks for complying with the new EU AI Act. The emerging guidelines emphasize risk-based governance, thorough documentation, and traceability for all AI systems. This is particularly critical for high-risk applications, such as those used in public services.
- The European AI Office, established within the European Commission, is central to the AI Act's implementation, tasked with enforcing rules for general-purpose AI models and supporting governance bodies in member states. This office also promotes the development of trustworthy AI and fosters international cooperation on AI governance. - The AI Act follows a risk-based classification system with four tiers: unacceptable risk (banned systems), high-risk, limited risk, and minimal risk. Prohibited practices include government-run social scoring, predictive policing, and real-time biometric identification in public spaces, with these bans having taken effect in February 2025. - High-risk AI applications, which are subject to stringent requirements, include systems used for credit scoring, recruitment, educational assessments, and determining eligibility for essential public services like social benefits. Compliance for these systems, including detailed documentation and human oversight, is required by August 2026. - To bridge the gap until formal harmonized standards are developed, the European AI Office has facilitated the creation of a voluntary General-Purpose AI Code of Practice. Adherence to this code, which covers transparency, copyright, and safety, can be used by developers to demonstrate compliance with the Act's obligations for general-purpose AI models. - The regulation establishes specific roles and responsibilities for AI system providers, users (deployers), importers, and distributors, meaning that even public sector bodies that only use AI systems developed by third parties have compliance obligations. - Each EU member state is required to establish at least one AI regulatory sandbox by August 2026. These sandboxes will allow companies and public authorities to test AI systems in a controlled environment before they are placed on the market. - The AI Act is part of a broader "Europe fit for a digital age" strategy, complementing other regulations like the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the Digital Markets Act (DMA). - A recent EU report indicates that Europe now has more public sector AI projects than the US and the UK, with 50% of European GovTech investment deals in 2024 being AI-focused. This signals a strong push for AI adoption within European public services, which will now be guided by the AI Act's framework.
