EU AI Act Implementation in 2024: What German Companies Must Know

The EU AI Act, the world's first comprehensive AI legislation, became effective in August 2024. Authorities and companies are now actively engaged in its implementation across member states. German companies, like others in the EU, must ensure their AI systems comply with the new regulations.

The act categorizes AI systems into four risk levels: minimal, limited, high, and unacceptable. High-risk AI systems, used in sensitive areas such as HR, education, critical infrastructure, and law enforcement, face stringent requirements. These include risk management systems, high-quality training data, and human oversight.

To facilitate compliance, national competent authorities, notified bodies, and market surveillance authorities are being established. The EU is also introducing regulatory sandboxes – controlled environments for testing new AI applications, balancing innovation with safety and regulatory adherence.

The risk-based approach is central. While most AI applications fall under minimal risk, high-risk systems demand extensive documentation, high accuracy, and robust cybersecurity. Prohibited practices, such as social scoring or certain real-time biometric identification, are strictly forbidden.

Companies must now assess their AI systems to identify potential risks and compliance gaps. Preparing for the EU AI Act is an ongoing process requiring an active approach and specialized expertise.