Compliance Briefing — March 13, 2024

Executive briefing: On March 13, 2024, Members of the European Parliament voted to adopt the Artificial Intelligence Act. The legislation codifies prohibitions on certain AI uses, stringent requirements for high-risk systems, and transparency duties for general-purpose AI models.

Immediate compliance priorities

• Risk classification. Catalogue AI use cases and assign risk tiers, preparing documentation for high-risk systems and assessing any prohibited applications.
• General-purpose AI governance. For foundation model developers and deployers, build compliance programs addressing technical documentation, model evaluations, and watermarking obligations.
• Timeline planning. Map staged obligations, including near-term bans on prohibited systems, 2025 high-risk requirements, and later deadlines for general-purpose AI codes of practice.

Control alignment

• Quality management. Align lifecycle monitoring, data governance, and human oversight controls with Annex IV documentation expectations.
• Transparency. Prepare user disclosures, record-keeping, and incident reporting mechanisms required for high-risk deployments.
• Third-party diligence. Update procurement and vendor assessments to include AI Act conformity attestations.

Enablement moves

• Engage national competent authorities and notified bodies early to understand conformity assessment pathways.
• Develop board reporting on AI governance maturity and compliance roadmap milestones.
• Track delegated acts, harmonized standards, and codes of practice shaping detailed technical obligations.

Sources

• European Parliament: Parliament approves landmark AI Act
• Council of the EU: AI Act legislative timeline

Zeph Tech partners with AI leaders to deliver conformity assessments, transparency tooling, and governance programs aligned to the EU AI Act.

Related briefings

Curated signals from the same pillar or overlapping topics.

Compliance · Credibility 88/100 · December 9, 2023

Compliance Briefing — December 9, 2023

EU co-legislators struck a provisional agreement on the AI Act, cementing risk-based obligations for providers, deployers, and general-purpose AI systems ahead of formal adoption in 2024.

Compliance · Credibility 89/100 · May 21, 2024

Compliance Briefing — May 21, 2024

The Council of the European Union gave final approval to the AI Act, clearing the last legislative hurdle before publication and staged enforcement.

Compliance · Credibility 86/100 · August 29, 2025

AI governance roadmap — EU AI Act high-risk QMS build-out

High-risk AI providers have less than a year to finalise quality management systems, conformity assessments, and post-market monitoring before the EU AI Act’s core obligations activate in 2026, making August 2025 the…

Compliance · Credibility 89/100 · October 30, 2023

Compliance Briefing — October 30, 2023

U.S. Executive Order 14110 commands federal agencies and critical sectors to institute AI safety governance, phased implementation, and DSAR-aligned transparency around model evaluations, data usage, and rights to…

Compliance · Credibility 86/100 · March 15, 2024

Compliance Briefing — March 15, 2024

Greenhouse Gas Reporting Program facilities have two weeks to certify 2023 emissions in e-GGRT, verify third-party QA, and document methodology updates before the March 31 deadline.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook — Zeph Tech

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room — Zeph Tech

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• SOX Modernization Control Playbook — Zeph Tech

  Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.