As the first two enforcement dates of the European Union Artificial Intelligence Act approach, businesses must implement compliance plans this year.
The first enforcement date prohibiting certain AI systems from operating within the EU goes into effect Sunday. Prohibited AI use cases, aside from some exemptions for law enforcement, include social scoring, which are systems that evaluate and classify an individual based on age, disability or economic situation, predictive policing, or systems that profile individuals based on personality traits to determine their risk of committing a criminal offense. Use cases also include untargeted facial recognition scanning of internet content and emotional recognition within the workplace or educational institutions.
"What that means is it's the highest of highest risks," said Nitish Mittal, a partner at global research firm Everest Group.
Mittal said the Sunday deadline will be a "watershed moment" for EU AI Act implementation, as it will "tell us a lot about the phased implementation of the EU AI Act." The EU AI Act divides AI system risk into four categories -- unacceptable risk, high risk, limited risk and minimal risk. EU AI Act enforcement operates in a phased approach to allow companies time to plan and comply, Mittal said. Companies that are noncompliant with the EU AI Act could face fines of up to 7% of global annual revenue, or 35 million euros.
While the Sunday enforcement deadline is significant, Mittal said businesses will face greater effects from the upcoming Aug. 2 enforcement deadline, which targets the high-risk classification of AI systems. AI systems considered unacceptable are not as prevalent, he said.
Between now and August, I doubt there will be lots of fines levied.
Nitish MittalPartner, Everest Group
"Between now and August, I doubt there will be lots of fines levied," Mittal said.
2025 deadlines will shed light on enforcement rollout
Along with ensuring companies aren't deploying AI systems in the EU that fall into the unacceptable risk category, businesses will also need to comply with AI literacy provisions by Sunday, Mittal said.
According to the EU AI Act, developers and deployers of AI systems will need to ensure a certain level of AI literacy for their staff and individuals dealing with the operation and use of AI systems. Mittal said it's unclear what the EU will consider a sufficient level of AI literacy, meaning companies should at least prepare executives and management teams.
Mittal said the next six months will reveal how the EU AI Act will scale up enforcement by targeting the smaller amount of unacceptable risk use cases.
All companies with business in the EU, no matter where they're headquartered, will need to be prepared for EU AI Act enforcement, Mittal said. He added that there will be direct and indirect consequences of what companies do from an AI systems perspective.
Mittal said most companies with any possible presence or exposure in the EU will need to monitor EU AI Act compliance.
"Let's say you're a U.S.-based company and you're developing AI products for human resource providers," he said. "You don't operate in the EU, but if those HR companies deploy talent in the EU, are you liable or not? Those are things you need to be aware of."
Companies should view the Sunday deadline as a preparation stepping-stone for the next key deadline, Aug. 2, Forrester Research analyst Enza Iannopollo said in a statement.
Iannopollo said that by the second enforcement date, EU AI Act enforcement mechanisms will be in better shape and "authorities will be much more likely to sanction firms that are not compliant."
"Right now, companies need to be refining their risk assessments to ensure they classify AI use cases in line with the risk thresholds of the act," she said. "They must unplug AI systems that fall within the 'prohibited' category and kick off their operational risk plans to ensure they continue to operate smoothly."
Makenzie Holland is a senior news writer covering big tech and federal regulation. Prior to joining Informa TechTarget, she was a general assignment reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.
