The legislative process on artificial intelligence (AI) in the European Union has reached an important milestone, after the EU Council approved the final text of the AI Act on 21 May, so the AI Act can enter into force shortly, 20 days after its publication in the Official Journal.

As a general rule, the AI Act provides a 24-month grace period after its entry into force (i.e. until 02.02.2026, the requirements set out in the regulation become applicable after the expiry of this period), but there are important exceptions:

• 6 months is provided to stop the so-called prohibited AI practices (Chapter 1 - General provisions and Chapter 2 - prohibited AI practices become applicable 6 months after AI Act´s entry into force, i.e. after 02.02.2025),
• the AI Act provides 12 months (i.e. until 02.08.2025) for preparing for the application of the rules related to general purpose AI systems (see in particular Chapter V), for designating and setting up authorities and organisational systems that play a key role in the implementation and enforcement of the AI Act (see e.g. Chapter 3, Section 4, Chapter VII) and for sanctions (Chapter XII) to become applicable;
• the provisions of Article 6(1) concerning classification rules for high-risk AI systems and the related obligations will apply 36 months after AI Act´s entry into force (i.e. until 02.08.2027).

Given that the preparation and application of the AI Act will be a challenging task for businesses and other organizations, I will try to present certain provisions of the AI Act in more detail in the below and also in further posts, covering the details essential for the application of this new law in practice. In this post, I discuss the expected impact of the adoption of the AI Act, the first steps of preparation, and who will be obliged to comply with the adoption of the AI Act.

1. What does the adoption of the AI Act mean? What should we prepare for?

The adoption of the AI Act is the result of a long legislative process that will make a comprehensive, horizontal legislation in the form of a regulation directly applicable in all EU Member States. 

Some key features of the AI Act include:

• the AI Act aims to (i) improve the functioning of the internal market, (ii) promote the uptake of human-centric and trustworthy AI while ensuring a high level of protection of health, safety and fundamental rights against the adverse effects of AI systems in the EU, (iii) support innovation (see Article 1);
• the AI Act naturally applies only to areas covered by EU law and provides for exemptions in certain areas, such as systems used exclusively for military and defence and research purposes;
• the AI Act follows a so-called 'risk-based' approach, i.e. the requirements for a given AI system are adapted to the degree of risk posed by the system.

Thus, the adoption of AI Act means compliance and preparation tasks for both the private and public sectors within the transition and preparation period briefly described above.

The entities concerned should therefore assess, inter alia, with regard to the AIA:

• whether a system that is used, developed, placed on the market, put into operation, etc. qualifies as an AI system or a general-purpose AI model under the AI Act,
• if yes, what role they play in relation to the AI system (service providers, deployers, distributors, importers, etc.),
• whether there might be exceptions applicable to them under the requirements of the AI Act (e.g. for systems used exclusively for military, defence or national security purposes, or for AI systems or AI models specifically developed and put into service for the sole purpose of scientific research and development);
• the risk classification of the AI system (prohibited AI practice, high-risk AI system, other lower-risk AI system),
• what obligations apply and by what deadline, based on the risk classification and the role of the entity in the AI value chain,
• what requirements beyond the AI Act may arise for the AI system concerned (e.g. data protection, copyright, etc.) and how compliance can be ensured with regard to them, taking into account the obligations set out in the AI Act.

Therefore, the adoption of the AI Act requires a wide range of current and planned future practices to be reconsidered, reviewed and processes developed that may be suitable for continuously ensuring compliance with the AI Act.

In many ways, the situation is similar to the preparation for the application of the GDPR, the EU's General Data Protection Regulation, as it was a comprehensive regulation that affected (and continues to affect) almost every organization and business to a greater or lesser extent and prompted a rethinking of existing processes and organizational system to ensure continuous compliance. Moreover, the application of the two regulations is closely linked in relation to the use of AI systems, since in many cases the development and the deployment of AI systems also involves the processing of personal data, in which case the GDPR must also be complied with.

2. Who is covered by the AI Act?

The AI Act covers the following actors:

• providers
• deployers
• importers
• distributors
• product manufacturers
• authorised representatives of non-EU service providers.

 The definition of the different actors includes:

Based on their role in the supply chain, geographical operation and precise activity, the activities of the different actors are naturally interlinked. 

In relation to individual actors, it is also important to clarify what the terms "placing on the market", "putting into service" and "making available on the market" mean in the AI Act:

• "placing on the market" means the first making available of an AI system or a general-purpose AI model on the Union market;
• "making available on the market" means the supply of an AI system or a general-purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;
• "putting into service" means the supply of an AI system for first use directly to the deployer or for own use in the Union for its intended purpose.

Based on the above concepts, it is important to underline that the above activities should be targeted at the EU, given the scope of the AIA. It is also important, as stated in the concept of "making available on the market", but also in the definition of provider itself, that the AIA applies to both the free and paid provision of AI products and/or services, i.e. the mere presence or absence of consideration is not a determining element for the applicability of the rules. 

In the next post(s) I will deal with the concept of an AI system and its interpretation, the content of each of the above roles and related obligations, the scope of the AI Act, prohibited AI practices, high-risk AI systems and many other issues relevant for the application of the rules.