Governance Briefing — EU AI Act Published in the Official Journal
The EU AI Act became law on July 12, 2024 with its publication as Regulation (EU) 2024/1689, triggering compliance deadlines that start with unacceptable-risk bans in February 2025 and high-risk obligations in 2026.
Executive briefing: The European Union published the Artificial Intelligence Act in the Official Journal of the European Union on July 12, 2024 as Regulation (EU) 2024/1689. The law enters into force on August 1, 2024 and establishes a staged, risk-based compliance schedule: unacceptable-risk systems must cease within six months, general-purpose AI (GPAI) providers face transparency duties after 12 months, and high-risk deployments must meet conformity assessment, quality management, and fundamental rights obligations within 24 months.
Key provisions now in force
- Risk-tiered obligations. Providers of high-risk AI systems must implement documented quality management, post-market monitoring, incident reporting, and human oversight controls aligned with Annex IV technical documentation requirements.
- General-purpose AI governance. GPAI providers must publish detailed training data summaries, technical documentation, and usage instructions, with additional model evaluation duties when the European Commission designates a systemic-risk model.
- AI Office and national regulators. The Act creates an EU-level AI Office to coordinate enforcement and requires Member States to designate market surveillance authorities and notified bodies for conformity assessments.
- Fundamental rights impact assessments. Public sector deployers of high-risk systems must complete impact assessments before use, documenting mitigation for fundamental rights, health, and safety risks.
Implementation guidance
- Map deadlines. Track the 6-month (February 2025) bans on unacceptable-risk uses, 12-month (August 2025) GPAI transparency requirements, and 24-month (August 2026) high-risk system obligations; some product safety integrations extend to August 2027.
- Update product development lifecycles. Embed Annex IV documentation, logging, and human-in-the-loop checkpoints into software development and ML Ops pipelines now to avoid remediation crunches.
- Coordinate with EU economic operators. Clarify responsibilities between providers, deployers, importers, and distributors so supply-chain partners understand conformity assessment ownership and reporting duties.
Next steps for compliance leaders
- Launch cross-functional readiness sprints with legal, product, and privacy teams to draft fundamental rights impact assessment templates and GPAI transparency disclosures.
- Prioritise inventory of AI systems deployed in the EU, tagging risk tiers, affected business processes, and dependencies on third-party GPAI services.
- Engage notified bodies early for high-risk systems that rely on existing CE marking frameworks to confirm testing, documentation, and surveillance expectations.
Sources
- Official Journal of the European Union: Regulation (EU) 2024/1689 (July 12, 2024)
- Council of the EU press release: Council gives final green light to the AI Act (May 21, 2024)
- European Commission: European approach to artificial intelligence (accessed July 2024)
Zeph Tech guides compliance, product, and assurance teams through EU AI Act readiness—from risk tiering and Annex IV documentation to GPAI supplier audits.