The EU AI Act

Impact on your business & 5 pragmatic next steps

Download AI Act checklist

Tools such as generative artificial intelligence (GenAI) can create a wide variety of risks and threats to organisations of all sizes. 

To regulate the use and development of AI within the EU and protect our digital footprint, the European Union (EU) has developed the AI Act. Even though the idea of additional regulation can be daunting, the rapid adoption and evolution of AI will make this act be pivotal in managing AI governance. 

 

Key objective & 4 levels of risk

The AI Act is recognised as the world's first comprehensive regulatory framework specifically addressing the threats and risks associated with AI tools and technology. Think for example about biased decision-making in recruitment, opaque credit scoring systems, unsafe applications in healthcare, or manipulative use of generative AI. 

The key objective of this act is to promote safe practices of AI, protect fundamental privacy rights, and promote innovation in a controlled manner. The act establishes a clear framework that includes obligations for both developers and users of AI systems. This includes conducting risk assessments, ensuring the quality of data, and maintaining thorough documentation. 

This piece of legislation aims to categorise AI systems into distinct risk levels based on 

  • the potential impact of an individual’s rights and safety,
  • the context in which the system is deployed,
  • the level of human interaction and control, 
  • and the potential for biased results or the ability to manipulate human behaviours.

The act distinguishes this through four key risk levels: Unacceptable, High, Limited, and Minimal. AI systems with unacceptable risk will be banned, while high-risk systems will face stringent requirements regarding transparency, accountability, and safety. 


AI

The EU AI Act was published in the EU's Official Journal on July 12th, 2024, and formally entered into force on August 1st, 2024. However, like with most substantial regulations, a transitional period of 24 months was introduced. Meaning that the majority of the controls of the act will be applicable from August 2nd, 2026

This period allows developers, providers and users to prepare for the compliance requirements and ensure all new AI tools and practices are aligned to these standards. Once this transitional period is over, non-compliance can carry significant penalties with fines reaching up to €35 million or 7% of global turnover. This makes early preparation critical.

Impact on your organisation – 5 next steps

With the application of the EU AI Act a variety of challenges and opportunities are introduced. To prepare for these upcoming changes, focus first on a handful of practical and pragmatic actions.

1
Identify and classify your AI Estate
Build an inventory of the AI systems and tools you use (in-house and procured). Classify them against the Act’s risk tiers and determine whether any qualify as high-risk under Article 6 and Annex III. This scoping exercise underpins all subsequent obligations.
2
Perform structured risk assessments
For high-risk systems, establish and document a risk management approach across the lifecycle, covering data quality/bias, safety, robustness and cyber security, with evidence regulators can review. (Articles 9–15 set these requirements.)
3
Develop proportionate AI governance
Assign clear responsibilities for oversight and compliance (e.g., system owners, risk/compliance, model risk, legal). Providers of high-risk systems must operate a quality management system, while deployers have obligations when using high-risk systems. (Articles 16–17 for providers; Article 26 for deployers.)
4
Focus on transparent documentation
Make sure you can explain how your systems work and are being used. Keep technical documentation and records current, and provide clear instructions to users of high-risk systems. (Articles 11–13; Annex IV for documentation content.) These documents will be crucial for audits.
5
Improve AI awareness
The AI Act requires organisations to ensure a sufficient level of AI literacy for staff operating or overseeing AI systems, and deployers must assign human oversight with appropriate competence and training. (Article 4; Article 14 on human oversight; Article 26(2) for deployers.)

Though this comes with some additional effort, the AI act will encourage and promote innovation of AI systems with a clearer focus on ethical and responsible practices. There is a chance of potential costs and resource allocation to align with these new regulations but ultimately this is a large step forward in governing advanced and largely uncharted technology.

AI act

BDO’s AI compliance checklist

Not sure whether you need to take urgent actions to be compliant with the EU AI Act? Use our quick and easy checklist to find out if you’re in scope. Depending on the way you use AI and the risk profile in your AI systems, you might face strict requirements.
Download AI Act checklist

How we can help

BDO is dedicated to providing strategic advice and services to help you navigate the evolving landscape of AI regulations:

  • Strategic advice & services: BDO delivers expert guidance in risk management and technology strategy for organisations of all sizes, including AI.
  • Expertise in governance: Leverage our longstanding experience in governance, compliance, and risk management to navigate the complex regulatory landscape.
  • Gap analysis: We conduct thorough assessments of current AI practices against regulatory requirements to identify areas for improvement.
  • Tailored compliance strategies: Develop customised compliance strategies and frameworks that align with your organisation’s specific needs.
  • Continuous support: As technology and regulations evolve, BDO remains committed to providing steadfast support for our partners.
  • Platform Strategy Assessment: Perform structured assessments confirming each application aligns with strategy and operates as intended.

Final note

Over 50% of organisations have adopted AI in at least one business function. This figure is expected to grow significantly as AI becomes more sophisticated. Understanding your legal and ethical requirements in this new age of technology is crucial to continued growth and success.

For organisations looking to navigate the complexities of the EU AI Act and ensure compliance, we are here to provide you with expert guidance and support tailored to your unique needs.

Looking for more info on AI policies? Keep an eye on the insights on our Data & AI page, more coming soon!

Questions? Contact our experts