IA

AI ACT - Implementation

The AI Act is the very first legal framework addressing the risks of AI and enabling Europe to play a leading role on the global stage.

Contents
Schedule a discussion

Reading time:

7 min

The AI Act is the very first legal framework addressing the risks of AI and enabling Europe to play a leading role on the global stage.

The AI Act (Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence) is the very first comprehensive legal framework on AI worldwide. The aim of these rules is to foster trustworthy AI in Europe.

The AI Act sets out a clear set of risk-based rules for AI developers and deployers regarding specific uses of AI.

Should you need a digital law attorney, you can read our dedicated page.

WHY DO WE NEED TO REGULATE AI?

The AI Act ensures that members of the European Union can trust what AI has to offer. While most AI systems pose limited or no risk and can help address many societal challenges, certain AI systems create risks that we must address in order to avoid undesirable outcomes.

Although existing legislation provides some protection, it is insufficient to address the specific challenges that AI systems may pose.

A RISK-BASED APPROACH

The AI Act defines four levels of risk for AI systems:

UNACCEPTABLE RISK

Since 2 February 2025, under Article 5 of the AI ACT, all AI systems considered a clear threat to the safety, livelihoods and rights of individuals are prohibited.

Let's discuss your needs for 15 minutes!

The AI Act prohibits eight practices, namely:

  1. Harmful AI-based manipulation and deception
  2. Harmful AI-based exploitation of vulnerabilities
  3. Social scoring
  4. Assessing or predicting the risk of an individual committing a criminal offence
  5. Untargeted scraping of the internet or CCTV footage to create or expand facial recognition databases
  6. Emotion recognition in the workplace and educational institutions
  7. Biometric categorisation to infer certain protected characteristics
  8. Real-time remote biometric identification for law enforcement purposes in publicly accessible spaces.

HIGH RISK

AI use cases that may pose serious risks to health, safety or fundamental rights are classified as high risk.

These high-risk use cases include:

  1. AI safety components in critical infrastructure (for example, transport), the failure of which could endanger citizens' life and health
  2. AI solutions used in educational institutions, which may determine access to education and the course of a person's professional life (for example, exam scoring)
  3. AI-based safety components of products (for example, the application of AI in robot-assisted surgery)
  4. AI tools for employment, worker management and access to self-employment (for example, CV-sorting software for recruitment).
  5. Certain AI use cases for granting access to essential private and public services (for example, credit scoring that prevents citizens from obtaining a loan)
  6. AI systems used for remote biometric identification, emotion recognition and biometric categorisation (for example, an AI system to retrospectively identify a shoplifter).
  7. AI use cases in law enforcement that may interfere with people's fundamental rights (for example, assessing the reliability of evidence)
  8. AI use cases in migration management, asylum and border control (for example, the automated examination of visa applications)
  9. AI solutions used in the administration of justice and democratic processes (for example, AI solutions to prepare court decisions).

High-risk AI systems are subject to strict obligations before they can be placed on the market:

I want reliable legal documents!

  • Adequate risk assessment and mitigation systems
  • High quality of the datasets feeding the system in order to minimise the risk of discriminatory outcomes
  • Logging of activity to ensure the traceability of results
  • Detailed documentation providing all the information necessary about the system and its purpose to enable authorities to assess its compliance
  • Clear and adequate information for the deployer
  • Appropriate human oversight measures
  • A high level of robustness, cybersecurity and accuracy.

TRANSPARENCY RISK

These are the risks associated with the need for transparency regarding the use of AI. The AI Act introduces specific information obligations to ensure that humans are informed when necessary to preserve trust. For example, when using AI systems such as chatbots, humans must be made aware that they are interacting with a machine so that they can make an informed decision.

In addition, providers of generative AI must ensure that AI-generated content is identifiable. Certain AI-generated content must be clearly and visibly labelled, in particular deep fakes and text published for the purpose of informing the public on matters of public interest.

MINIMAL OR NO RISK

The AI Act does not introduce rules for AI deemed to present minimal or no risk. The vast majority of AI systems currently used in the EU fall into this category. These include applications such as AI-based video games or spam filters.

HOW DOES THIS WORK IN PRACTICE FOR PROVIDERS OF HIGH-RISK AI SYSTEMS?

Once an AI system is on the market, authorities are responsible for market surveillance, deployers ensure human oversight and monitoring, and providers have a post-market monitoring system in place. Providers and deployers also report serious incidents and malfunctions.

A SOLUTION FOR THE TRUSTWORTHY USE OF LARGE AI MODELS

General-purpose AI models can perform a wide range of tasks and are becoming the basis for many AI systems in the EU. Some of these models could carry systemic risks if they are highly capable or widely used. In order to ensure safe and trustworthy AI, the AI Act establishes rules for the providers of these models.

These rules cover, in particular, transparency and copyright. For models that may pose systemic risks, providers must assess and mitigate those risks.

The AI Act rules on general-purpose AI will enter into force in August 2025. The European AI Office has undertaken the development of a code of practice to detail these rules. This code is expected to be a central tool enabling providers to demonstrate compliance with the AI Act and to incorporate the latest practices.

GOVERNANCE AND IMPLEMENTATION

The European AI Office, established in February 2024 within the Commission, oversees the enforcement and implementation of the AI Act in the EU Member States. It will also be responsible for overseeing the most powerful AI models, known as general-purpose AI models. The EU Member States oversee the rules applicable to AI systems and must designate supervisory authorities by 2 August 2025.

The governance of the AI Act will be ensured by three advisory bodies, namely

  • The European Artificial Intelligence Board, composed of representatives of the EU Member States
  • The scientific panel, composed of independent experts in the field of AI
  • The advisory forum, which represents a varied selection of stakeholders, both commercial and non-commercial.

This multi-stakeholder governance will ensure a balanced approach to the implementation of the AI Act.

NEXT STEPS

The AI Act entered into force on 1 August 2024 and will be fully applicable two years later, on 2 August 2026, with a few exceptions:

  • The prohibitions and AI literacy obligations have applied from 2 February 2025
  • The governance rules and obligations relating to general-purpose AI models apply from 2 August 2025
  • The rules relating to high-risk AI systems - embedded in regulated products - benefit from an extended transition period until 2 August 2027

Sources:

https://artificialintelligenceact.eu/fr

https://digital-strategy.ec.europa.eu/fr/policies/regulatory-framework-ai

https://www.cnil.fr/fr/entree-en-vigueur-du-reglement-europeen-sur-lia-les-premieres-questions-reponses-de-la-cnil

https://www.info.gouv.fr/actualite/quest-ce-que-lai-act

To learn more

What is the AI Act?

The AI Act (Regulation (EU) 2024/1689) is the first comprehensive legal framework on artificial intelligence worldwide. It establishes harmonised, risk-based rules for AI developers and deployers, in order to foster trustworthy artificial intelligence in Europe while regulating the most sensitive uses.

What approach is the AI Act based on?

The AI Act is based on a risk-based approach, with four levels: unacceptable risk (prohibited practices), high risk (strictly regulated uses), limited risk (transparency obligations) and minimal risk (unrestricted). The more risks an AI system poses to rights and safety, the stricter the obligations.

Which AI practices are prohibited by the AI Act?

Since 2 February 2025, Article 5 prohibits eight practices, including harmful AI-based manipulation, the exploitation of vulnerabilities, social scoring, the assessment of individual criminal risk, the untargeted scraping of facial images, emotion recognition at work and at school, and certain biometric categorisations and identifications.

What is a high-risk AI system?

These are systems likely to pose serious risks to health, safety or fundamental rights: safety components of critical infrastructure, AI in education, recruitment, access to essential services such as credit, or biometric identification. These uses are permitted but subject to strict obligations.

When does the AI Act take effect?

The AI Act takes effect in stages. The prohibitions under Article 5 have applied since 2 February 2025. Other obligations, in particular for high-risk systems and general-purpose AI models, are phased in over the following months and years. Companies must anticipate these successive deadlines.

What obligations apply to high-risk AI?

High-risk systems must meet strict requirements: risk management, data quality, technical documentation, transparency, human oversight, robustness and cybersecurity. Providers must carry out a conformity assessment before placing the system on the market. These obligations aim to ensure a safe and controlled use.

Does the AI Act impose transparency obligations?

Yes. For limited-risk systems, the AI Act imposes transparency obligations: informing users that they are interacting with an AI, and flagging AI-generated content. Generative AI is particularly concerned. These obligations aim to prevent deception and to enable an informed use of these technologies.

How can you prepare for the AI Act?

Preparation involves taking an inventory of the AI systems used or developed, classifying them by risk level, analysing the applicable obligations and achieving compliance (documentation, transparency, oversight). Anticipating these deadlines avoids being caught out by the timeline. Legal support helps to qualify uses and to structure compliance.

Still have questions?

Our team is available!

Have a question?

Vos informations restent strictement confidentielles.
Thank you! We will get back to you shortly. If you'd like to speed things up, schedule a time with me directly here:
Schedule a 15-minute call
Oops! Something went wrong while submitting the form.
Homme en costume bleu foncé avec cravate et pochette blanche, bras croisés, regardant vers l'avant.

Ressources

Aller plus loin

00
article(s) affiché(s) sur
00

7 min

AI ACT - Implementation
The AI Act is the very first legal framework addressing the risks of AI and enabling Europe to play a leading role on the global stage.

6 min

Inter-trade reserves in the wine sector: price regulation under debate
In a context where agricultural markets, and the wine sector in particular, are experiencing significant price fluctuations, the issue of inter-trade reserves is emerging forcefully. The French Competition Authority was recently asked to assess the possibility of putting in pl

6 min

Commercial agent outside the EU: does French law apply?
The question of whether French law applies to a commercial agent operating outside the EU is of particular importance.

6 min

Drafting and posting your legal notices on Shopify
Mandatory in France, notably on e-commerce sites built on Shopify, a website's legal notices are information that allows internet users to know who they are dealing with and how they can get in contact with the website's owners. These

11 min

How to legally secure your cloud migration project?
Let's break down together the key points to watch in order to legally secure your cloud migration project.

12 min

Offshore software development: the essential contractual clauses to secure your international project
The globalisation of the IT sector has considerably reshaped the software development landscape, with increasing reliance on service providers located abroad. This approach, commonly referred to as offshore development, offers undeniable economic and technical advantages, but
Prendre rendez-vous
Book an appointment