Automated 'Compliance Cards' Proposed for EU AI Act

- The EU AI Act's requirements for "high-risk" systems are extensive, mandating detailed technical documentation under Article 11 that specifies the system's purpose, data governance, testing procedures, risk management, and post-market monitoring plans. - A recent report highlighted the operational burden of these rules, finding 68% of European companies find the Act difficult to interpret, with compliance projected to absorb 40% of their IT budgets. - The Act's obligations cascade through the supply chain, as importers and distributors are also responsible for verifying that an AI system has undergone the required conformity assessment and is accompanied by the correct documentation before being sold in the EU. - This compliance framework is part of a larger trend in Regulatory Technology (RegTech), where automated solutions are being developed to continuously monitor AI systems, collect evidence, and generate audit-ready reports for frameworks like the EU AI Act and ISO 42001. - Companies face a key distinction in their legal roles as either a "provider" (placing an AI system on the market) or a "deployer" (using an AI system), with different obligations for each; a company can be both simultaneously for different use cases, complicating compliance. - The core compliance requirements for high-risk AI systems are scheduled to become fully applicable on August 2, 2026, with an extended deadline of August 2, 2027, for AI embedded in products already regulated under other specific EU laws. - Penalties for non-compliance are designed to be significant, with fines for violations reaching as high as €35 million or 7% of a company's total worldwide annual turnover from the preceding financial year, whichever is greater.