Europe takes the early lead: Lawmakers pass landmark AI legislation
On March 13, the EU Parliament voted to adopt the EU’s AI Act. The AI Act is the EU’s first comprehensive legislation setting rules regulating artificial intelligence on an EU-wide basis. It will impose new and significant obligations on those developers, distributors, and users of AI systems that affect people in the EU.
The AI Act should appear on the EU’s statute books around May once final procedural steps have concluded. Most provisions are likely to apply from mid-2026, but some provisions, notably the prohibitions with the stiffest penalties, have a shorter transition period and will apply as soon as the end of this year.
The AI Act prohibits some types of AI, such as emotion recognition systems in the workplace and in education or inappropriate use of social scoring. For types of AI deemed to be “high-risk”, it imposes a wide range of obligations on providers (i.e. those developing the systems), including risk assessments, governance, and maintaining documentation, public registration and conformity assessments and declarations. Users of these systems, referred to as “deployers”, need to comply with much more limited obligations such implementing technical and organizational measures to ensure the provider’s restrictions on use are followed and providing appropriate and competent human oversight. Meanwhile, providers of “general purpose AI”, such as large language models, will need to meet requirements designed to allow providers and deployers incorporating them into AI systems to better understand their capabilities and limitations and to address other inherent issues such as potential infringements caused by their training (the latter point addressed through putting in place a policy to respect EU copyright law and a summary of the content used to train the model). There are also various transparency obligations that require individuals to be informed they are interacted with AI systems or AI generated content.
What should you do to prepare?
- Create an AI inventory
- Identify prohibited practices and high risk AI
- Establish your governance process
You can continue to build your governance process while traveling—some top tips for your toolkit:
- Start small but understand what best practice looks like for all stakeholders involve
- Establish where key stakeholders will fit in and what information they need—business units, IT development teams, data office, procurement, legal, HR.
- Create a library of legal risks with playbooks to allow some evaluation by non-experts.