cyberbytes issue 3/24 – The Who, What, When, and Why: Artificial Intelligence (AI) Act, 2024 (EU)

icon-reading-time-white5 min

Image created with Canva


who (will the AI Act impact)?


The EU AI Act will impact various stakeholders including but not limited to developers, businesses, governmental bodies, and consumers within the European Union.


Developers will face stricter regulations on AI systems, requiring transparency, accountability, and adherence to ethical guidelines. Businesses utilizing or developing AI will need to ensure compliance with new requirements, potentially altering their development and deployment strategies. Consumers will benefit from increased protection against AI misuse and discrimination, with clearer information on how AI systems affect their rights and choices. Governments within the EU will be held to stricter standards when it comes to the use of AI in public services and governance.


The Act will also impact entities outside of the EU, with non-EU governments likely facing increased pressure to align their AI policies with EU standards to facilitate trade and collaboration. Similarly, non-EU companies exporting AI products and services to the EU will also be affected by the Act’s regulations, fostering a global influence on AI development and deployment standards.

what (is the AI Act)?


The EU AI Act is a regulatory framework adopted in March 2024 that aims to govern the development and use of artificial intelligence (AI) within its member states. It aims to ensure AI systems are trustworthy, transparent, and aligned with EU values and seeks to balance innovation with protection of individuals’ rights and safety. The Act outlines requirements for high-risk AI applications, such as those in healthcare and law enforcement, including rules on data quality, transparency, and human oversight while prohibiting certain AI practices outright, like social scoring (social credit systems) by governments.


Some of its major provisions include: accounting for powerful ‘foundation models’ which form the basis for many of the most popular GPTs in use today; requiring tech companies to notify users when they are engaging with chatbots, biometric categorisation, and emotion recognition systems; mandating the labelling of deepfakes and AI generated content as well as incorporating detectability of AI-generated media into system designs; requiring essential services (e.g., insurance, finance, healthcare, education, border security etc.) to conduct impact assessments on and pay special attention to the potential effects of AI on fundamental rights; devoting special attention to and setting out special rules for ‘high-risk’ AI systems including risk mitigation, high-quality data, documentation, and human oversight.


when (is the deadline for AI Act implementation)?


  • Prohibitions on AI systems with unacceptable risk (Art. 85): 6 months after entry into force


  • Finalization of codes of practice for GPAI (Art. 85): 9 months after entry into force


  • Provisions concerning GPAI (Art. 85) and appointment of competent authorities in Member States (Art. 59): 12 months after entry into force


  • Post-market monitoring plans for providers of high-risk AI systems (Art. 6): 18 months after entry into force


  • Obligations on high-risk AI systems listed in Annex III (Art. 83) and rules on related penalties (Art. 53): 24 months after entry into force


  • Remaining obligations related to high-risk AI systems (Art. 85): 36 months after entry into force


  • Obligations concerning AI systems that form a part of large-scale IT systems (Art. 83): by December 2030


why (does the AI Act matter)?


As one of the first comprehensive regulatory frameworks for AI, the EU AI Act has the potential to set a global precedent, influencing AI regulations in other regions and shaping the future development and deployment of AI technologies on a global scale. By establishing a comprehensive regulatory framework for artificial intelligence (AI) within the European Union, explicitly addressing rights, and setting clear guidelines and standards for AI development and deployment across the European region, the Act helps to ensure trustworthiness, transparency, and accountability in AI systems. Furthermore, the Act fosters innovation by providing businesses with a stable legal environment in which to operate, while also promoting harmonization across EU member states, thus facilitating the free flow of AI technologies and services within the EU market.


For businesses, it provides clear guidelines for the development and deployment of AI systems, promoting innovation while introducing new ethical standards and legal requirements with which businesses will need to comply. Researchers will benefit from a framework that encourages responsible AI development and fosters collaboration across EU member states. Consumers will gain increased transparency and accountability in AI systems, safeguarding their fundamental rights and values. Governments across the region will be tasked with enforcing the Act’s regulations, ensuring the responsible use of AI and protecting societal interests.


Additionally, the Act influences global AI governance by setting a precedent for ethical and transparent AI regulation, potentially shaping international standards and practices. However, challenges may arise in implementation, particularly for businesses operating in high-risk AI sectors, which will now need to navigate complex regulatory requirements. Overall, the EU AI Act aims to balance innovation with protection, fostering much needed trust in AI technologies while addressing risks and ensuring their responsible and ethical use across stakeholders.


find out more:


interested in what the EU AI Act means for your business?

Joshua Bucheli (cyberunity AG) and John Corona (Osmond GmbH) look forward to hearing from you!


stay tuned for morelook out for our next cyberbyte on Operational Resilience & BCM

download pdf