AI ACT: WHAT ARE YOUR OBLIGATIONS FROM 2 FEBRUARY 2025?

Author of the article: Mgr. Filip Ondřej, ARROWS (office@arws.cz, +420 245 007 740)

First comprehensive AI regulation in Europe

The AI ACT, or Regulation (EU) 2024/1689 of the European Parliament and of the Council, represents the first comprehensive legal framework for artificial intelligence that is (so far) unparalleled in the world.

It aims to ensure that AI systems are safe, transparent and in line with European values.

The regulation brings stricter rules for the development and use of AI, while at the same time trying to ensure that such regulation is not detrimental to innovation and the competitiveness of European companies.

As of February 2, 2025, some of the provisions of this regulation will take effect - and certain obligations will apply to companies and AI providers from that date.

Prohibited practices - what will no longer be possible?

The AI ACT Regulation sets out strict prohibitions on certain uses of AI that may pose a risk to the fundamental rights and security of citizens. The most significant prohibited practices include:

• social scoring - the evaluation of individuals based on their behaviour, economic situation or personal characteristics,
• real-time remote biometric identification in public places, except use by the police in serious criminal investigations,
• manipulative AI techniques that purposefully exploit the vulnerabilities of individuals (for example, children or the disabled).

What does this mean for companies? If your AI solution falls into these categories, you may need to modify it or stop using it altogether. Failure to comply with these prohibitions can lead to significant penalties for AI providers and Notified Entities in the future, see below.

Obligations of AI providers and users

The AI ACT introduces new obligations not only for AI developers, but also for companies that use AI technologies. Some of these obligations are already in effect as of 2 February.

What does this mean for your company? AI literacy will no longer be a choice, but a necessity

If you are implementing AI systems in your company or planning to use them, you cannot avoid one key obligation, namely the obligation to ensure a sufficient level of AI literacy in your company.

This doesn't just apply to IT professionals or executives, but to everyone who comes into contact with AI - from administrative staff to sales departments. The goal is for employees to understand not only how AI works, but also to be able to critically assess its outputs and be aware of the potential risks associated with its use.

What does the AI literacy obligation specifically mean?

You will need to put measures in place to ensure that people in your company understand the principles of AI, its possibilities and its risks. This can include training tailored to the knowledge level of individual employees, whether it's a basic introduction to AI or specialised training for technical staff. Companies will need to consider not only internal processes but also the context in which their AI systems operate.

Although direct sanctions for non-compliance with this obligation have not yet been established, failure to comply with the AI literacy obligation may be a key circumstance in the future that can be hypothetically argued against the AI company, e.g. in litigation.

Therefore, companies should start preparing and implementing AI literacy training programs as soon as possible to be prepared for the upcoming changes and to fully leverage the potential of AI in their business.

Other important milestones

2 August 2025 - extending regulation to other sectors, introducing additional obligations for AI providers. From this date, AI providers (or notified bodies notified under the Regulation) will additionally face significant penalties for non-compliance with the AI ACT:

• non-compliance with the prohibition on AI practices under Article 5 of the AI ACT will result in a fine of up to EUR 35 million or, in the case of an undertaking, up to 7% of its total worldwide annual turnover for the previous financial year, whichever is higher,
• non-compliance with Article 99(4) AI ACT in relation to AI providers or notified bodies not listed in Article 5 AI ACT will be subject to a fine of up to EUR 15 million or, in the case of an undertaking, up to 3% of the total worldwide annual turnover for the previous financial year, whichever is higher,
• providing correct, complete and not misleading information to notified bodies or competent national authorities in response to a request will result in a fine of up to €7.5 million or, in the case of an undertaking, up to 1% of the total worldwide annual turnover for the previous financial year, whichever is higher.

2 February 2027 - the remaining provisions of the AI ACT come into force, including the provision relating to penalties for providers of generic AI models.

Not sure how AI ACT will affect your business? Contact ARROWS legal experts to help you with a risk analysis and compliance strategy.

Don't wait - get ready now! Contact us.