AI Act: The first provisions take effect on February 2, 2025.
AI Act: Entry into force of the first provisions
Gianpaolo Todisco Partner
February 2, 2025 marks a milestone for the AI Act, with the entry into force of the first EU-wide regulations. This regulation establishes a harmonized legal framework for all Member States, imposing common rules on those who develop, market, or use artificial intelligence systems in the EU. The main objective is to reduce regulatory fragmentation, protect the fundamental rights enshrined in Article 1, and promote an internal market in accordance with the Charter of Nice.
Parties involved
The new provisions mainly concern two categories:
• Artificial intelligence developers and providers, who must ensure that their systems comply with the criteria set forth in the AI Act before they are brought to market.
• End users and organizations operating in regulated sectors, which are required to comply with applicable regulations, particularly for applications classified as high-risk.
Key Requirements for Businesses and Organizations
Effective February 2, 2025, businesses and organizations that use artificial intelligence must comply with two main requirements:
1. Prohibition of artificial intelligence practices that pose an unacceptable risk
The AI Act takes a risk-based approach, dividing AI systems into four categories:
• Minimal risk: systems such as spam filters, which are not subject to regulatory restrictions.
• Limited risk: applications such as chatbots, which are subject to transparency requirements.
High risk: systems used in critical sectors (healthcare, justice, personnel evaluation) that are subject to strict compliance and monitoring measures.
Unacceptable risk: practices prohibited as of February 2, 2025.
Prohibited practices include:
• Subliminal or deceptive manipulation, i.e., systems that influence behavior without consent.
• Exploitation of the vulnerabilities of specific groups, such as minors or people with disabilities.
• Social scoring, reputation assessment systems based on personal data, with discriminatory effects.
• Real-time biometric identification in public spaces, with specific exceptions.
• Recognition of emotions in sensitive contexts, such as the workplace and education.
• Creation of biometric databases through scraping, which is the unauthorized collection of biometric data online.
Companies must ensure that they do not engage in these practices in their products and services. Violations may result in fines of up to €35 million or 7% of global annual turnover, whichever is higher.
1. AI Literacy Requirement
Section 4 of the AI Act requires businesses and public administrations to provide adequate training on how artificial intelligence works and the risks it poses. This requirement also applies to those who, while not operating directly in the technology sector, use AI in their processes.
• The required measures include:
• Training programs for employees on the opportunities and risks of AI.
• Internal guidelines for the responsible use of artificial intelligence.
2. Raising awareness of the ethical and legal implications of AI.
The AI Act applies not only to providers established in the EU, but also to those outside the EU whose systems are used within the EU.
Next steps and new requirements
The AI Act will be implemented gradually, with key milestones over the next few years.
3. August 2025
Specific provisions on AI governance and requirements for general-purpose AI models will take effect. Companies will be required to:
• Maintain detailed documentation on system testing and development.
• Adopt standardized procedures to ensure security throughout the system's lifecycle.
• Conduct periodic compliance assessments.
Failure to comply with these provisions will result in significant penalties.
4. August 2026
The AI Act will be fully operational and will apply to all artificial intelligence systems, including those classified as high-risk. Organizations will be required to take additional measures, including:
• Impact assessments to identify and mitigate risks.
• Continuous monitoring to detect anomalies in AI systems.
Conclusion
The AI Act represents a crucial step in regulating artificial intelligence in Europe, ensuring that technological development is safe and respects fundamental rights. Companies and organizations must gradually adapt to the new requirements to avoid penalties and ensure the ethical and responsible use of AI.