AI Act: What next?

Cloud infrastructure

After extensive deliberations, the EU legislator officially adopted Regulation (EU) 2024/1689, commonly referred to as the AI Act, on June 13, 2024. This landmark regulation, which sets forth unified rules for artificial intelligence, was subsequently published in the EU’s Official Journal on July 12, 2024.

This publication initiates a transition period for organizations involved in the development and deployment of AI technologies, providing them with the necessary time to comply with the new regulations.

The timeline for compliance will vary depending on the type of AI systems an organization is working with:

  • The majority of requirements, including those for high-risk AI systems as specified in Annex III and systems with specific transparency obligations, will come into effect on August 2, 2026.
  • Obligations for prohibited AI systems and AI literacy will be enforced starting February 2, 2025.
  • Regulations for general-purpose AI models will be applicable from August 2, 2025.
  • High-risk systems listed in Annex I must comply by August 2, 2027.
  • Certain existing AI systems and models may be exempt or have extended deadlines for compliance.

The compliance journey for organizations operating within the EU will differ significantly based on their use of AI. The AI Act employs a risk-based framework, imposing varying levels of requirements based on the associated risks of the AI system in question. The Act categorizes AI systems into prohibited, high-risk, those requiring specific transparency, and general-purpose models. These categories are not mutually exclusive; for instance, a high-risk system might also need to meet transparency requirements.

An organization’s obligations under the AI Act also depend on whether it is merely deploying AI systems or also developing them. Developers face a more stringent set of requirements compared to deployers.

Organizations typically begin their compliance journey with a mapping exercise to identify the AI systems they use, their origins (internally developed or vendor-supplied), their purposes (e.g. recruitment support), and whether they are shared with other entities. Forward-thinking organizations might also consider AI systems they plan to use in the near future to anticipate future compliance needs.

This mapping exercise helps organizations understand their exposure to the AI Act and plan their compliance timeline accordingly.

After assessing their exposure and obligations, organizations should identify relevant stakeholders to develop an AI Act compliance program. Depending on their needs, they may assign this task to existing teams (such as privacy teams) or create new, dedicated teams. Regardless, the compliance team will need support from various internal and external stakeholders, including IT, legal, compliance, HR, IP, privacy teams and technology vendors.

The components of an AI compliance program will vary based on the mapping exercise results. Generally, compliance efforts will involve implementing new technical and organizational measures, drafting compliance documentation, assessing AI’s impact on fundamental rights, training employees and preparing user notices.

Providers of high-risk AI systems will also need to ensure their systems undergo a conformity assessment, potentially requiring collaboration with authorized third-party organizations. Proactive preparation for this assessment is crucial, as it can be a time-consuming and resource-intensive process with significant business implications if not managed properly.

While it is prudent for organizations to begin their AI Act compliance journey now, it is important to note that not all regulatory elements are finalized. For instance, certain harmonized standards are still being developed to facilitate compliance, and many member states have yet to designate national competent authorities, who will provide further guidance on meeting the AI Act’s requirements.


Explore more resources in our Knowledge base or Insights.

Insights published by Media Scope Group are only a small taste of what we do. If you need comprehensive reports, forecasts and monitoring of global affairs, you can contact us and we will come back to you shortly.

Media Scope Group has more than 10,000 international experts, including researchers, analysts and former officials.

This work by Media Scope Group OÜ is licensed under Creative Commons Attribution-ShareAlike 4.0 International.