EU's AI Act Poses Major Global Compliance Challenge

- The regulation has a staggered implementation timeline; a ban on AI systems with unacceptable risks began on February 2, 2025. Obligations for general-purpose AI models start on August 2, 2025, with the full act becoming applicable on August 2, 2026. Rules for high-risk AI systems embedded in regulated products have an extended transition until August 2, 2027. - Non-compliance carries significant financial penalties, with fines for prohibited AI practices reaching up to €35 million or 7% of a company's total worldwide annual turnover, whichever is higher. Other violations can result in fines of up to €15 million or 3% of turnover, while supplying incorrect information can lead to fines of up to €7.5 million or 1% of turnover. - The Act categorizes AI systems into four risk levels: unacceptable, high, limited, and minimal. Prohibited "unacceptable" uses include social scoring and real-time biometric identification in public spaces. "High-risk" applications, such as those used in critical infrastructure, education, or for credit scoring, face strict obligations including risk assessments, high-quality data requirements, and human oversight. - The Act's extraterritorial reach applies to any company, regardless of its location, if it places an AI system on the EU market or if the output produced by its AI system is used within the EU. This "market location" principle is similar to the scope of the GDPR. - The joint statement on AI-generated imagery was signed by 61 data protection authorities from around the globe. It calls for organizations to implement robust safeguards, ensure transparency about AI system capabilities, and provide accessible channels for individuals to request the removal of harmful content.