EU AI Act Enters Implementation Phase
The European Union's AI Act is moving into its implementation phase, compelling companies and standards organizations to accelerate their compliance and governance strategies. The Act's risk-based approach requires robust governance frameworks and conformity assessments. Technical standards to support the legislation are expected to be led by bodies like ISO/IEC JTC 1/SC 42 and CEN/CENELEC task forces, shaping global best practices.
- The Act follows a phased implementation timeline: the ban on prohibited AI practices began in early 2025, rules for general-purpose AI (GPAI) models apply from August 2025, and obligations for high-risk systems will take effect in August 2026. - A new European AI Office has been established within the European Commission to oversee the Act's enforcement, especially for general-purpose AI models, and is supported by a European Artificial Intelligence Board composed of representatives from each member state to ensure consistent application. - Penalties for non-compliance are substantial, with fines for prohibited AI practices reaching up to €35 million or 7% of a company's global annual turnover, whichever is higher, exceeding the fine structure of the GDPR. - Providers of high-risk AI systems must implement extensive compliance measures, including continuous risk management, stringent data governance for training datasets, detailed technical documentation, human oversight mechanisms, and a third-party conformity assessment before market entry. - The development of harmonized technical standards by CEN-CENELEC's Joint Technical Committee 21 is crucial for compliance but is reportedly behind the original schedule, with completion now expected in 2026. These standards will translate legal requirements into technical specifications for areas like risk management, cybersecurity, and data quality. - The EU’s horizontal, risk-based framework contrasts with China's vertical approach, which uses separate, state-driven regulations for specific AI applications like generative AI and deepfakes to maintain social stability and national security. - The US continues a more sector-specific, pro-innovation approach without a single comprehensive federal law, relying on voluntary frameworks like the NIST AI Risk Management Framework and state-level legislation such as the Colorado and California AI Acts. - While European standards bodies lead the harmonization effort, they often leverage existing international standards from bodies like ISO/IEC JTC 1/SC 42 to ensure global consistency and prevent technical barriers to trade, a key aspect for international interoperability.
