Compliance Deadlines, Opportunities, and Implications under the EU AI Act

In this exclusive interview, Christian Piovano, Lawyer at ZF Group, shares key compliance deadlines under the EU AI Act, such as the upcoming February 2025 enforcement of AI literacy and prohibited AI practices, and he discusses how the automotive businesses can adapt to these regulations.

Christian further explores topics including the potential impact on AI innovation, the importance of governance structures, and the need for companies to invest in compliance measures.

Q: What are the key upcoming dates and developments related to the EU AI Act and its implementation? 

Christian: 2 February 2025 is the next important date: Art. 4 (AI literacy) and Art. 5 (prohibited AI practices) of the AI Act will enter into force. Training and an internal inventory are necessary steps to comply with these two obligations.

Q: How will the EU AI Act regulations impact businesses in the automotive sector?

Christian: The AI Act will lead to a greater focus on artificial intelligence as a technology. As a result of the increased attention on AI, it can be expected that the technology will be further developed and used more frequently. As software and services are expected to account for an increasing share of value creation in the future, this trend is likely to increase. Especially as AI technology can contribute to significant efficiency gains, many companies in the automotive sector will use AI internally. In doing so, they will need to fully apply the AI Act as deployers. Although products in the automotive sector will initially be largely excluded from the scope of the AI Act as far as products with or as AI systems are concerned, it is expected that in the future there will be regulations for automotive products that will regulate AI accordingly. The automotive sector should therefore be proactive in preparing for these requirements.

Q: In what ways could the EU AI Act limit innovation, and how are companies adapting to this?

Christian: The EU AI Act will require governance structures to be put in place to avoid potential liability risks and fines, which will require significant investment. This raises concerns about whether small and medium-sized enterprises can afford or are willing to make such investments. In addition, companies may think twice before bringing to market or operating high-risk AI systems due to the high risk of liability and fines. This could result in certain AI systems not being marketed. Furthermore, the complexity of the regulations leads to transaction costs, which can further hinder innovation. To adapt, companies need to invest in compliance measures and focus on developing AI systems that meet the requirements of the AI Act.

Q: What opportunities exist within the EU AI Act framework to foster innovation? 

Christian: The CE mark as a result of compliance with the AI Act can serve as a kind of "seal of quality" that increases trust in AI solutions. This mark is likely to become a global benchmark, meaning that companies that comply with it will be well prepared for international standards and will have proof of their trustworthy AI system. By ensuring compliance with the AI Act, EU companies can position themselves as leaders in the global marketplace and gain a competitive advantage in the future. Also, as a result of the AI Act, companies will need to develop strategies to deal with the liability risks posed by AI. This proactive approach triggered by the AI regulation can create a more stable and predictable environment for innovation, encouraging companies to invest in new AI technologies with confidence. In addition, the EU AI Act can help foster innovation by pushing companies to get a handle on data governance, which is important to the development and deployment of AI systems and can also lead to new business models and products.

Q: What alternatives are available for systems identified as high-risk by the EU AI Act, and how will they be replaced?

Christian: As the AI Act does not prohibit 'high-risk AI systems', but only regulates them, there is no need to replace them. It is only necessary to ensure that the requirements of the AI Act are met, including the consideration that certain AI practices are prohibited (Art. 5 AI Act).

Q: What are the key deadlines for compliance with the EU AI Act, and what immediate actions should businesses take?

Christian: In order to comply with the upcoming obligations on 2 February 2025 regarding AI literacy (Art. 4 AI Act) and prohibited AI practices (Art. 5 AI Act), it is crucial to implement both general and role-specific internal training programmes to ensure that all employees are aware of the new regulations. The next important date will be 2 August 2027, when the main articles on high-risk AI systems will also come into force. To be prepared for this, companies should set up a thorough inventory of their AI systems, especially given the challenges posed by role transitions (e.g., from deployer to provider). This inventory should include AI systems in or as products, as well as AI systems that are only used internally. In addition, organisations should establish a governance structure for AI compliance and incorporate requirements into their development processes.

Q: What strategies should businesses adopt to ensure compliance with the new regulations for systems integrated into critical processes?

Christian: To ensure compliance with the AI Act, companies should adopt a multi-faceted strategy. Establishing a governance structure that is both flexible and comprehensive is essential. This structure should consider not only external products, but also the internal use of AI. In addition, organisations need to pay particular attention to role transitions, as deployers can quickly become providers of an external AI system. It is advisable to draw parallels with data protection governance, as some of the obligations are similar. This approach will help companies navigate the complexities of compliance while maintaining operational efficiency.