Written By: Tim Porter, CPA, CISA
Jan 29, 2025
Navigating the EU AI Act: A Guide for Mid-Sized AI Companies
As artificial intelligence (AI) continues to transform industries, regulatory frameworks are scrambling to ensure its safe and ethical use. One of the most significant pieces of legislation in this space is the EU AI Act. For mid-sized AI companies, understanding and complying with this Act is crucial. Here's what you need to know:
1. Understanding the Scope and Applicability
The EU AI Act is designed to regulate AI systems that are developed, used, or marketed within the European Union. Importantly, this legislation also applies to companies based outside the EU if their AI systems are used or have an impact within the EU. This broad scope means that even mid-sized AI companies with a global reach must pay close attention to the Act's requirements.
2. A Risk-Based Approach to Regulation
The Act categorizes AI systems into different risk levels:
3. Key Compliance Requirements
For high-risk AI systems, companies must implement several measures to ensure compliance:
4. Documentation and Reporting Obligations
Companies are required to maintain detailed documentation of their AI systems. This includes technical specifications, risk assessments, and compliance measures. Such documentation must be readily available for regulatory review, ensuring that companies can demonstrate their adherence to the Act's requirements.
5. Penalties for Non-Compliance
The EU AI Act imposes significant penalties for non-compliance. Companies can face fines of up to 30 million or 6% of their annual global turnover, whichever is higher. These substantial penalties underscore the importance of adhering to the Act's provisions.
6. Support for SMEs
Recognizing the challenges faced by small and medium-sized enterprises (SMEs), the Act includes provisions to ease the compliance burden. This includes simplified procedures and potential financial support to help SMEs meet the regulatory requirements.
7. Timeline for Compliance
The EU AI Act is expected to come into full effect by 2026. While this provides a window for companies to align their practices with the new regulations, it's crucial to start preparing early. Proactive measures will ensure that mid-sized AI companies are well-positioned to comply with the Act when it becomes enforceable.
Conclusion
For mid-sized AI companies, the EU AI Act represents both a challenge and an opportunity. By understanding the Act's requirements and taking proactive steps to ensure compliance, companies can not only avoid penalties but also build trust with clients and stakeholders. Engaging with legal and compliance experts, investing in robust risk management and data governance practices, and maintaining thorough documentation will be key to navigating this new regulatory landscape.
Comic Compliance Relief
After a few calls with clients with AI systems that are used in the EU I found myself struggling to say EU AI Act fast, three times. And when I posed the tongue twister to my in laws this past weekend my witty father-in-law replied with the remark Old MacDonald 'EU AI Act. E-I-E-I-Oh!' Pair that with Copilot and you have an image of Old MacDonald developing a livestock health monitoring device that uses AI for early detection of illness and reduce veterinary costs.
Want to know what risk level your AI system falls under and/or what next steps you should take? Book a meeting with me here: Book time with Tim Porter: 30 minutes meeting
