New AI Act Obligations Effective August 2nd: Key Compliance Requirements for Companies

Starting August 2nd, new provisions of the AI Act will come into effect, focusing on governance, general-purpose AI models (GPAI), and sanctions. The European Commission is expected to approve the AI bill by this date and will publish a Code of Best Practices alongside the guidelines. These new obligations aim to regulate AI usage and protect personal data, aligning with existing data protection laws like GDPR.

From a technical perspective, companies must ensure their AI systems comply with the new regulations. This involves establishing governance structures to oversee AI usage and implementing robust cybersecurity measures to safeguard personal data. The emphasis on GPAI models underscores the EU's concern about the broad impact of these technologies and the necessity for stringent regulations.

The impact on the cybersecurity landscape will be substantial. Companies will need to invest in compliance mechanisms and potentially new technologies to meet regulatory standards. The Code of Best Practices will serve as a crucial resource for companies seeking to comply with the new regulations, offering guidance on responsible AI system implementation.

For cybersecurity professionals, staying updated on the new regulations and ensuring organizational preparedness is essential. This includes assessing AI systems against the new regulations, establishing governance structures, and staying informed about the Code of Best Practices and other guidelines published by the European Commission.