AI regulation in the EU: what could change in the near future?
At the beginning of May, the Council of the EU and the European Parliament reached a preliminary agreement on amendments to certain rules concerning artificial intelligence (AI). According to the press release, the draft is currently at the stage of final approval by EU bodies. Let us consider what changes business may face in the near future.
1. Changes in timelines
a. Extension of deadlines for high-risk AI systems
Currently, the provisions of the EU AI Act (hereinafter referred to as the “Act”) regarding high-risk AI systems are scheduled to take effect on August 2, 2026. It is proposed to extend the implementation deadlines by up to 16 months.
The new implementation dates are December 2, 2027, for autonomous high-risk AI systems and August 2, 2028, for high-risk AI systems embedded in products.
The European Commission plans to ensure that the necessary standards and tools are in place before the main rules take effect.
b. Postponement of the deadline for establishing regulatory “sandboxes”
An “AI regulatory sandbox” means a controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision (Article 3(55) of the Act).
It is planned to postpone the deadline for establishing national-level AI regulatory sandboxes until August 2, 2027.
Accordingly, AI providers are expected to have additional time to prepare for the upcoming changes.
2. New obligations for AI providers
The obligation for AI providers to register AI systems in the EU database for high-risk systems is reinstated, even if they believe their systems are exempt from such a requirement.
The “strict necessity” standard for processing special categories of personal data is also reinstated, even if such processing is carried out for the purpose of detecting and correcting bias.
Thus, the European regulator is currently not prepared to accept a relaxation of oversight or a reduction in requirements related to registration and data processing, as AI systems still carry a range of privacy-related risks.
What should AI providers do? Conduct an audit of internal processes and prepare their systems for alignment with stricter standards.
3. Changes to transparency and unlawful use provisions
a. Reduction of the adaptation period for AI providers
The implementation period for transparency measures in relation to AI (including the detection and labelling of outputs generated by AI) is planned to be reduced from 6 months to 3 months. The new deadline is December 2, 2026.
This means that AI system providers should begin implementing these measures as early as possible, as the adaptation period may be significantly shortened.
b. Additions regarding unlawful use
The new provision concerns the prohibition of using AI to create sexual and intimate content without the recipient’s consent, as well as materials depicting child sexual abuse.
Although this provision is primarily addressed to users, AI system providers should incorporate such a prohibition into their terms of use, including specific sanctions for violations (for example, forced termination of user access to the AI system).
4. Clarification of interaction with sectoral legislation and new obligations of regulatory authorities
- To avoid duplication of provisions of the Act in sector-specific legislation, it is proposed to use separate implementing acts.
- The machinery sector is excluded from the scope of direct application of the Act. Within the regulation of the machinery sector, the European Commission will be empowered to adopt delegated acts.
- The competences of the AI Office in relation to the supervision of AI systems are further clarified.
| A new obligation is added for the European Commission to provide guidance and recommendations to operators of high-risk AI systems, in order to facilitate and simplify the conformity assessment process for companies. |
These amendments must be approved by the Council of the EU and the European Parliament before the legislative act is formally adopted.
Thus, the European regulator maintains a relatively strict approach to regulating certain aspects of AI, placing emphasis on safety and accountability. In this context, business need to pay particular attention to aligning both external and internal processes with the new requirements.
If your company uses or develops AI systems and is assessing the impact of the new EU AI Act requirements on internal processes, contractual frameworks, or compliance functions, the REVERA team is ready to provide support in the following areas:
- assessing the applicability of EU AI Act requirements;
- developing internal AI governance procedures;
- auditing contractual frameworks and risk allocation;
- supporting the implementation of AI solutions and mitigating regulatory risks.
Contact our lawyer to learn more details
Contact a lawyer