This article was written by Nicolas D’Andrea, Cybersecurity Team Leader at Prodware.
Since 1 August 2024, the AI Act (the European Regulation on Artificial Intelligence) has entered into force, marking a historic milestone in the global regulation of AI. As the world’s first comprehensive legal framework for artificial intelligence, it introduces strict obligations and deterrent sanctions comparable to the GDPR.
Illustration of the EU AI Act’s risk-based regulatory approach, showing different categories of AI systems and their respective obligations.
Particularly Deterrent Sanctions
The AI Act establishes a three-tier sanction regime, depending on the severity of the infringement:
Level 1 – Maximum sanctions
Up to €35 million or 7% of global annual turnover for the use of prohibited AI systems, such as:
- Cognitive manipulation
- Social scoring
- Abusive biometric surveillance
Level 2 – Intermediate sanctions
Up to €15 million or 3% of global annual turnover for:
- Non-compliance of high-risk AI systems
- Lack of transparency
- Absence of an impact assessment
Level 3 – Cooperation-related sanctions
Up to €7.5 million or 1.5% of global annual turnover for failure to cooperate with supervisory authorities.
Who Is Concerned?
The AI Act applies to all actors in the AI value chain, including:
- Providers (AI developers)
- Deployers (companies using AI systems)
- Importers and distributors
Importantly, non-EU companies are also concerned if their AI systems affect users within the European Union.
Roles, obligations, and sanctions associated with the European Artificial Intelligence Act (EU AI Act), based on official sources.
A Phased Implementation Timeline
2 February 2025 (already in force)
- Ban on AI systems posing unacceptable risks
- Mandatory AI literacy training for staff
2 August 2025
- Rules governing general-purpose AI models
- Designation of national competent authorities
2 August 2026
- Full application for high-risk AI systems
- User transparency obligations
- Mandatory registration in the European AI database
2 August 2027
- Extension to AI-enabled products (medical devices, vehicles, etc.)
Concrete Obligations for Businesses
Mandatory Staff Training
Since February 2025, companies must ensure a sufficient level of AI knowledge among their teams, covering:
- Understanding how deployed AI systems function
- Identifying potential risks and biases
- Best practices for responsible AI use
High-Risk AI Systems (from August 2026)
For AI used in HR, healthcare, education, security, and similar areas, companies must:
- Register systems in the European database
- Obtain CE marking
- Implement a documented risk management system
- Ensure effective human oversight
- Maintain traceability and logging records
User Transparency
Companies must clearly inform users when:
- They are interacting with an AI system
- They are exposed to AI-generated content
Shared Responsibility
A key point: even if you use an AI system developed by a third party, your company remains responsible for compliance. You cannot rely solely on your vendor to meet regulatory obligations.
Immediate Recommendations
- Map all AI systems currently in use
- Train your teams now (this obligation is already in force)
- Assess risks associated with your AI applications
- Document compliance processes and controls
- Prepare for registration in the European AI database before August 2026
The AI Act is no longer a future consideration – it is a regulatory reality with immediate consequences. Companies that anticipate these requirements gain a decisive competitive advantage.
Prodware Support
At Prodware, we support organizations in achieving AI Act compliance, while helping them harness the full potential of artificial intelligence in a responsible and secure manner.
Leveraging our expertise in Microsoft solutions and innovation, we help our clients integrate AI into their business processes while meeting European regulatory requirements.
Is your organization ready for the upcoming AI Act deadlines?
