The obligations of the EU Artificial Intelligence Regulation

The AI Act categorises certain practices as unlawful because they violate the fundamental rights and ethical standards of the EU. These include:

• Manipulative techniques: Systems that influence people’s behaviour and decisions in such a way that they could harm them
• Exploitation of weaknesses: The use of AI to exploit the weaknesses of certain groups, e.g. minors or people with disabilities.
• Social scoring: An assessment of the behaviour or personality of individuals by public bodies.
• Real-time biometric surveillance in public spaces: With a few exceptions, the use of such technologies is prohibited.
• Emotion recognition: The use of AI systems to recognise and analyse a person’s emotional state is prohibited.
• Facial databases: The creation and use of large-scale facial databases, in particular to monitor or track individuals, is prohibited.

Companies must ensure that all employees who work with or use AI systems have sufficient knowledge and skills in handling them. This includes:

• Understanding of AI basics: How AI systems work, what data they use and what results they deliver
• Risk identification: Being able to recognise and assess potential ethical, legal and technical risks when using AI.
• Responsible use: Ensure that AI systems are used fairly, transparently and safely.

To meet the AI Act deadline of 2 February 2025, companies should prioritise the following steps:

1. Assess your AI systems: Analyse whether your deployed or developed AI systems comply with the requirements. Identify possible risks and ensure that your company fulfils the necessary requirements.

2. Identify possible risks and ensure that your company fulfils the necessary requirements.Conduct training for employees: Develop training programmes to ensure the AI competence of your employees. Focus on practical training and certified further training.

3. Internal guidelines, transparency and external communication: Adapt your internal processes and guidelines to the requirements of the AI Act. This includes clear rules on the use, monitoring and documentation of AI systems. Ensure that the functioning and use of your AI systems are comprehensible – this is particularly important for your customers and partners.

4. Use AI management frameworks: Use established standards such as ISO 42001, which offer a technology- and regulation-independent approach to the governance of AI. Such frameworks help to establish clear structures and processes for the safe and responsible use of AI.

Apart from the deadline of 2 February 2025, there are other important deadlines that companies should be aware of:

• August 2025: From this date, specific regulations will apply to general-purpose AI systems – i.e. those that can be used for a variety of applications
• August 2026: High-risk AI systems in accordance with Annex III of the AI Act must meet the specified requirements. This includes applications in areas such as education, labour and law enforcement.
• August 2027: The regulations for high-risk AI systems in accordance with Annex I come into force. These mainly concern basic infrastructures and technologies of particular importance for public security.

It is crucial for companies to prepare for these deadlines at an early stage. A long-term plan and continuous adaptation to the legal requirements are essential in order to effectively minimise legal and economic risks and to be able to use AI fully and safely in the future.