The emergence of AI may conflict with human rights and their protection in various normative texts, which is why we emphasise that its use must be ethical and in accordance with the fundamental rights of all people.

AI systems cannot be exempt from respecting the social consensuses reached around the minimum rights guaranteed to all, but on the contrary, the application of AI must be promoted to be appropriate and in accordance with these. And not only in its creation, but also during all its phases and use.

This is why we say that the relationship between the IA Act and human rights is close and cooperative because they are the basis for well-functioning IA systems.

The IA Act entered into force on 1 August 2024, twenty days after its publication in the EU Official Journal on 12 July.

However, not all the obligations contained in the regulation are already enforceable. Article 113 of the IA Act provides for different deadlines for some sections, with the aim of giving subjects time to adapt to its requirements.

It is for this reason that the rules relating to prohibited practices will not apply until 2 February 2025. Provisions related to generative AI systems, biometric categorisation, emotion recognition, and general-purpose models will be enforceable from 2 August 2025.

As for the rules applicable to high-risk systems, they will be enforceable from 2 August 2026 for systems listed in Annex III of the IA Act (systems relating to areas with a particular impact on fundamental rights, e.g. health), and from 2 August 2027 for systems listed in Annex I (systems already covered by EU product regulation).

Yes, it is advisable that, even if your system is not expressly covered by the IA Act, you adopt measures to comply with the standards it contains. It should be kept in mind that the regulations contained in the IA Act also function as an adaptation to the ethical parameters and, therefore, allow progress to be made in the so-called ethical and responsible AI.

It should also be noted that the categorisation of systems in the current version of the IA Act is not immutable, but that the Act itself gives the Commission the power to include more types of systems in the established categories. Consequently, the fact that your system is not currently affected by the legislation does not mean that it cannot be affected in the future. Therefore, starting to work towards compliance with the requirements of the IA Act can give you security in the face of any possible changes in the legislation.

The IA Act classifies IA systems into 4 risk categories: 1) unacceptable risk systems, which refers to systems intended for uses prohibited by article 5 of the IA Act; 2) high risk systems, listed in section 6 of the IA Act, which are considered as such because their use is considered likely to endanger fundamental rights and freedoms, the health and safety of persons, the environment and/or democracy and the rule of law; 3) systems of limited risk, a category which includes various types of systems for which certain transparency obligations apply; and 4) systems of minimal risk, which are not considered potentially dangerous and are therefore not covered by the legislation.

Possible sanctions for non-compliance with the AI Act are set out in Chapter XII of the regulation. Infringement of the rules on prohibited uses set out in Article 5 of the legislation can lead to an administrative fine of up to EUR 35,000,000, or 7% of global turnover if the latter figure is higher. As for non-compliance with the requirements set out for high-risk systems or transparency obligations in relation to generative AI systems, biometric categorisation, recognition of emotions thereof can lead to a fine of up to 15,000,000 euros, or 3% of turnover, again depending on whether the latter figure is higher than the former.

Likewise, the IA Act contemplates the potential imposition of fines of up to 3% of the overall turnover, or 15,000,000 euros, whichever is higher, on providers of general-purpose forms who intentionally or negligently infringe the regulation.

The AI Act is the European regulation that introduces a common regulatory and legal framework on artificial intelligence for all EU member states, but it is not the only one.

Thus, we note that the following legal texts also contain regulation on AI: the AI Liability Act; the Directive on accessibility requirements for products and services; the Directive on the accessibility of public sector websites and mobile applications; the Directive on data protection for the purpose of prevention, investigation, detection, prosecution or execution of criminal offences; the Directive on copyright and related rights in the information society; the Directive on copyright and related rights in the digital single market; the European Data Governance Act; the General Data Protection Regulation; and the Regulation on the protection of data processed by Union institutions, bodies, offices and agencies.

This is without including ethical and legal recommendations, so we encourage you to use the PIO Model to go ahead and act in a way that is consistent with the expected legal requirements and ethical standards.