The EU AI Act Is Formally Adopted: 5 Reasons Why Organizations Must Care

Steptoe LLP


In more than 100 years of practice, Steptoe has earned an international reputation for vigorous representation of clients before governmental agencies, successful advocacy in litigation and arbitration, and creative and practical advice in structuring business transactions. Steptoe has more than 500 lawyers and professional staff across the US, Europe and Asia.
On May 21, 2024, the EU Regulation laying down harmonized rules on artificial intelligence, the "EU AI Act", was formally adopted. The EU AI Act is a game-changer for organizations across the globe...
United States Privacy
To print this article, all you need is to be registered or login on

On May 21, 2024, the EU Regulation laying down harmonized rules on artificial intelligence, the "EU AI Act", was formally adopted. The EU AI Act is a game-changer for organizations across the globe. Establishing a harmonized set of rules on artificial intelligence, it aims to foster a consistent EU legal framework to ensure that AI systems and General-purpose AI models placed on the market, put into service, or used within the EU are not only safe but also adhere to EU's fundamental rights and values. It also seeks to address the risks associated with specific AI uses. Here are five key reasons why organizations must care about the EU AI Act.

1. Broad spectrum of AI technologies covered

The EU AI Act will apply to:

  • AI systems: namely AI systems presenting the key characteristics of (i) autonomy; (ii) adaptiveness after deployment; and (iii) capacity to infer, from the input it receives, how to generate outputs. This extensive definition covers a broad spectrum of AI technologies, and is meant to be technology neutral and innovation-proofed.
  • General-purpose AI models: namely AI models that (i) displays significant generality and is capable of competently performing a wide range of distinct tasks, and (ii) that can be integrated into a variety of downstream systems or applications.

2. Extensive Territorial Scope

The EU AI Act bears extensive applicability, pertaining to:

  • Providers who place on the market or put into service an AI system or General-purpose AI models in the EU, or whose AI system's output is used in the EU, regardless of their place of establishment;
  • Deployers (=users) established in the EU, or established outside of the EU provided that the AI system's output is used in the EU;
  • Importers and distributors of AI systems within the EU;
  • Product manufacturers who place on the market or put into service in the EU an AI system together with their product and under their own name or trademark;
  • Authorized Representatives of AI system providers not established in the EU.

Hence, the EU AI Act's applicability is determined not solely by the organization's location or establishment, but also by the use of the AI system's output within the EU. This makes the EU AI Act's territorial scope very broad and it will therefore impact organizations globally.

3. Onerous Obligations For All Actors Across the AI Value Chain

The EU AI Act is a horizontal regulation that will apply across sectors.

It provides for a series of obligations that vary depending on the level of risk posed by an AI system or General-purpose AI models. In a nutshell:

  • Some AI systems will be banned in the EU;
  • Some AI systems will be classified as high-risk and will be subject to stringent pre-market and post-market obligations;
  • Some AI systems will be subject to specific transparency obligations;
  • Specific rules will apply to General-Purpose AI models, and additional obligations will apply to General-Purpose AI systems with systemic risks.

Further, the EU AI Act takes an all-encompassing approach which entails onerous obligations for all organizations across the AI value chain and the responsibility to ensure that each actor has complied with its respective requirements.

4. Stringent Sanctions

Failure to adhere to the obligations outlined in the EU AI Act may result in penalties, with fines reaching up to €40 million or 7% of the total worldwide annual turnover. These sanctions are particularly severe, and in addition to their financial implications, they pose a significant risk to the reputation of the organizations they are imposed upon. EU regulators are already gearing up to begin their enforcement duties.

5. The EU Is Likely Setting Global Standards For AI Governance

The legislative process of the EU AI Act has garnered substantial attention worldwide. Being the world's first comprehensive AI legal framework, it is inspiring other jurisdictions to formulate their own AI strategies. Similar to the General Data Protection Regulation (GDPR), which is regarded as a global benchmark for data protection compliance, the EU AI Act is expected to become the new global standard for AI governance. Compliance with the EU AI Act may thus ensure compliance with upcoming AI regulations to a significant extent.

Next Steps

The EU AI Act will undergo a linguistic review and will be translated into the EU's official languages. The EU AI Act will come into effect 20 days after its publication in the EU Official Journal, while most of its provisions will become applicable 24 months after the entry into force.

Much more to explore! Follow our EU AI Act Decoded Series on our LinkedIn page and on our StepTechToe blog as we delve into the intricacies of the EU AI Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More