EU AI Act Enters Implementation Phase

The EU AI Act's implementation is unfolding in phases, with the first major provisions prohibiting AI systems with unacceptable risks having taken effect on February 2, 2025. Subsequent deadlines are staggered: obligations for general-purpose AI models start on August 2, 2025, rules for high-risk systems apply from August 2, 2026, and comprehensive application across all risk categories is set for August 2, 2027. A new European AI Office, established within the Commission, is central to enforcement and is already operational as of February 2024. This office, led by Director Lucilla Sioli, plays a key role in supervising general-purpose AI models and supports the European AI Board, which consists of representatives from each member state to ensure consistent application of the Act. The AI Office is structured into several units, including "Regulation and Compliance" and "AI Safety," to manage the uniform enforcement of the rules. Penalties for non-compliance are severe and significantly exceed those of GDPR in some cases. Violating the ban on prohibited AI practices can lead to fines of up to €35 million or 7% of a company's global annual turnover, whichever is higher. Other violations, such as non-compliance with obligations for high-risk systems, can incur fines up to €15 million or 3% of global turnover. The Act's extraterritorial reach means it applies to any company, including those in China, whose AI systems produce outputs used in the EU, regardless of where the company is based. This has significant implications for Chinese enterprises in sectors like electric vehicles and e-commerce that operate in the European market. Harmonized technical standards are being developed to provide a presumption of conformity with the Act's requirements. European Standards Organizations CEN and CENELEC, through their Joint Technical Committee 21 (JTC 21), are leading this effort, which involves over 300 experts. Key standards under development address risk management, data governance, transparency, and quality management systems. The timeline for finalizing these crucial harmonized standards is tight. While the European Commission's initial request targeted completion by April 2025, the chair of JTC 21 has indicated a more likely completion by the end of 2025. This compressed schedule leaves companies with a narrow window to implement the standards before the August 2026 enforcement date for high-risk systems. Other standards bodies like ETSI are also actively contributing. ETSI is developing practical documentation templates and recently released a technical specification for a "Continuous Auditing-Based Conformity Assessment" framework to help organizations ensure AI systems remain compliant throughout their lifecycle. This work aligns with international frameworks from bodies like ISO/IEC and NIST.