EU AI Act Compliance Countdown Begins as Germany Approves
Germany has greenlit the EU AI Act, triggering the final countdown for enterprise compliance across the European Union. Market participants have voiced concerns over the operational and documentation burdens imposed by the Act, particularly for high-risk AI systems. The enforcement brings steep penalties, compelling companies to implement robust auditability, transparency, and risk controls in their AI platforms and APIs.
- The EU AI Act introduces a tiered approach to regulation, categorizing AI systems as posing unacceptable, high, limited, or minimal risk. Systems deemed an "unacceptable risk," such as those used for social scoring or exploiting vulnerabilities, are prohibited. High-risk systems, including those in critical infrastructure, medical devices, and law enforcement, face stringent requirements. - Providers of high-risk AI systems must implement a comprehensive risk management system for the entire lifecycle of the AI. This includes ensuring high-quality data governance to prevent biases, maintaining detailed technical documentation, and enabling human oversight to minimize risks to health, safety, and fundamental rights. - The regulation establishes a European AI Office to oversee the implementation and enforcement of the Act, particularly for general-purpose AI (GPAI) models. This office will develop evaluation methodologies, investigate potential rule infringements, and promote a consistent application of the law across all 27 member states. - The Act defines specific obligations for providers of general-purpose AI (GPAI) models, with stricter rules for models classified as presenting "systemic risk". A GPAI model is presumed to have systemic risk if the computing power used for its training exceeds 10^25 floating point operations (FLOPs). - Fines for non-compliance are substantial and can reach up to €35 million or 7% of a company's total worldwide annual turnover for the preceding financial year, whichever is higher, for violations related to prohibited AI practices. For other infringements, such as non-compliance with requirements for high-risk systems, fines can be up to €15 million or 3% of global turnover. - The compliance timeline is staggered. The ban on prohibited AI practices began to apply in February 2025. Obligations for general-purpose AI models will come into effect in August 2025, while the comprehensive rules for high-risk AI systems will be fully applicable by August 2026. An extended transition period until August 2027 is provided for high-risk AI systems that are embedded into regulated products.
