EU Member States Formally Approve AI Act
European Union member states have formally approved the landmark AI Act, with a European Parliament vote expected in March or April. The legislation codifies a risk-based approach, imposing obligations for technical documentation, risk management, and auditable oversight on providers of high-risk and general-purpose AI. Legal analysis highlights that compliance is becoming a core design principle for enterprise AI systems.
- The regulation introduces a tiered compliance timeline; the ban on prohibited AI practices like social scoring began on February 2, 2025, while obligations for general-purpose AI models will apply from August 2, 2025. Rules for high-risk systems will largely come into effect by August 2, 2026, with a further extension to August 2, 2027, for certain systems embedded in regulated products. - A new European AI Office has been established within the European Commission to oversee the implementation of the Act, especially for general-purpose AI models. This office will be supported by a European Artificial Intelligence Board, composed of representatives from each member state, to ensure consistent application of the regulation. - Fines for non-compliance are substantial and structured in tiers, with violations of prohibited AI practices attracting the highest penalties of up to €35 million or 7% of a company's total worldwide annual turnover, whichever is higher. Breaches related to other obligations can result in fines of up to €15 million or 3% of global turnover. - The Act defines specific roles with distinct responsibilities, including "providers" who develop and place AI systems on the market and "deployers" who use AI systems in their professional activities. If a deployer substantially modifies a high-risk AI system, they may assume the responsibilities of a provider. - For general-purpose AI models, providers must offer detailed technical documentation, a policy for respecting copyright law, and a comprehensive summary of the content used for training. Models trained with a computing power greater than 10^25 FLOPs are considered to have systemic risks and face stricter obligations, including model evaluations and adversarial testing. - While not explicitly named, agentic AI systems capable of autonomous decision-making will likely fall under the high-risk category depending on their application, triggering stringent requirements for transparency, human oversight, and record-keeping of their actions. This is especially true for their use in critical areas like infrastructure, education, and employment. - To foster innovation, the Act requires all member states to establish at least one AI regulatory sandbox by August 2, 2026. These sandboxes will allow for the development, training, and testing of innovative AI systems in a controlled environment under the supervision of national authorities.
