The European AI Act and what it means for my business

The European AI Act has just earned a provisional sign-off, and while it still needs further discussion, we are on the brink of significant change. 

In many ways, it’s the world-first we all knew was coming. Ever since the capabilities of AI hit the global stage eighteen months ago, keen eyes have been watching regulators to see what laws they would approve. 

This week, we have come one step closer. But while you might think the new AI act is all based on tech, the reality is that those in governance need to know a lot about it.

In December 2023, European Union member states agreed on a provisional text for the bloc’s upcoming Artificial Intelligence Act – expected to bring sweeping new regulations to how AI is governed in Europe. 

The text still needs fine-tuning by experts and approval by the European Parliament. Still, nobody expects the overall plans to be derailed or significantly altered, meaning we can expect the new laws and provisions to take effect in 2026.

A lot. 

It will use a risk-based approach to dictate what kind of AI controls must be in place. 

• Minimal risk systems (like spam filters or AI-based recommender systems) will remain unregulated. 

• High-risk systems (such as medical devices and systems for immigration, education access and law enforcement) will require a heavy degree of control and reporting. Companies responsible must take steps like recording datasets, defining human oversight and clarifying cybersecurity. 

• Specific transparency risk systems will need to be flagged as such. In other words, people need to be told when they are talking to a machine (like a chatbot), are subject to biometric readings, or are consuming AI-generated content. 
• Unacceptable risk systems (such as any that might manipulate human behaviour or enable social scoring) will be banned outright.

You will be fined – anywhere from €7.5 million or 1.5% of global annual turnover for minor offences to €35 million or 7% for more severe offences.

Every business is different, but there has definitely been a healthy opposition to the law. 

In June, over 160 company executives from firms including Renault to Meta signed an open letter to the EU criticising the proposals. 

They claimed the new law would cause too high a liability risk and compliance requirements for European companies, meaning many might move their operations abroad, reducing Europe’s competitiveness. 

It’s a complicated case, though. This worry has been juxtaposed by other open letters – some signed by figures like Sam Altman and Elon Musk – calling for AI regulations. 

The trick is in the balance.

In the middle are directors and executives facing strict new regulations and continuing debate around them when all they want is clarity for the years ahead. 

Take Ireland as an example, where three-quarters of surveyed directors recently said they were not aware of the extensive scope of the Act and what it means for their business.

It means you need a plan, and it’s not a plan you can simply leave to your tech employees to sort out. This plan needs dedicated attention at the highest levels of governance. 

Here are some things you need to figure out:

• Does your company use AI? If not, will it use AI in future?
• What risk category (above) does your AI system fall into? 
• If the high or specific transparency risk categories apply to you, do you have the capacity to comply with all the new requirements?

They can – and make no mistake, they will do the bulk of the day-to-day work on it – but your board does itself a massive disservice by not having AI expertise within its ranks. 

Good boards reflect the company’s strategic needs, so if your strategy includes AI, you need to have someone with inside-out knowledge of how your business can conform to sweeping new rules. 

This person can review, advise and warn on what’s likely to be a critical issue for the rest of the decade and beyond. 

Of course, expertise like this won’t always be readily available, but it’s not impossible to find. 

If you have no luck through your usual recruitment channels, broaden your horizons in terms of age and experience, or seek training for current board members so they will be more up to speed.

The AI act is coming, even if the debate around it continues. Your job as a governance professional is to ensure your company can adapt if the new rules affect them. You can’t do that if you don’t have the right leaders on your team.