The EU’s AI Act: How companies turn compliance into competitive edge

by Romane Vernhes - Regulatory Compliance Consultant - Sopra Steria Cybersecurity
| minute read

"The transformative force of our generation." Artificial intelligence will likely dramatically reshape our personal and professional lives in ways we can barely imagine. 

Despite this profound impact, the speed of this transformation is leaving regulators struggling to keep up. Amid this absence of regulation, the European Union's AI Act stands out as a trailblazer, the world's first comprehensive law specifically governing artificial intelligence.  

It positions the EU as a pioneer and, given its first-mover advantage, the AI Act could become the de facto global standard for AI regulation — a phenomenon known as the "Brussels effect" and one that was observed with previous EU regulations, such as the GDPR. 

The AI Act categorises AI systems based on their risk levels and imposes stringent requirements on high-risk AI applications. These regulations aim to foster trust in AI technologies by ensuring transparency, accountability, and human oversight. 

But with this groundbreaking legislation comes a significant challenge for companies. Compliance with the Act’s requirements is not optional, and the deadlines are fast approaching. 

 

The Challenges Ahead: Navigating Tight Deadlines 

The agenda-setting legislation came into force on August 1, 2024, and companies operating in the EU market have been racing to understand its implications and comply, set against a series of staggered deadlines. 

Companies have six months to stop using and developing Al systems and practices which infringe individuals’ fundamental rights, such as untargeted internet scraping for facial images or biometric categorisation of users. 

For "high-risk" AI systems such as those involved in employment, law enforcement, education, and healthcare, the deadline extends to 24 months, while those governing sectors such as industrial and commercial manufacturing must comply within 36 months. 

These deadlines present significant hurdles, particularly in terms of education and technical infrastructure. 

For many companies, the most immediate challenge lies in educating, onboarding and upskilling their workforce. Few organisations currently possess the necessary knowledge and skills to fully understand and implement the requirements of the EU AI Act. 

In addition to team education, another pressing issue is the lack of clarity and progress on the finalised technical standards underpinning the Al Act. 

While the Act itself forms only 50% of the equation, the other half hinges on the development of technical solutions that operationalise the legislation, setting out more details about what exactly the requirements mean. The European Commission has tasked CEN-CENELEC JTC21 with issuing horizontal standards, either by developing new ones or adapting existing ISO standards, with a focus first on high-risk AI systems requirements. Meanwhile, vertical standards, which address sector-specific or technology-specific requirements, are still in development.  

This means companies are thus under pressure to comply within a tight timeframe even as key pieces of the regulatory puzzle remain incomplete. 

Furthermore, the lack of technical maturity in many companies also poses a significant hurdle. Without the necessary technical infrastructure, meeting the compliance requirements of the EU Al Act can be daunting. 

 

Turning Compliance into a Strategic Opportunity 

Despite these challenges, compliance should not be viewed as a burden. In fact, it presents a unique strategic opportunity for businesses.  

For companies, compliance is not just a legal obligation but also an opportunity to stand out in a competitive marketplace. By embracing the demands of the AI Act proactively, businesses can transform compliance into a powerful competitive advantage. 

To unlock this potential, companies must focus on developing comprehensive training programmes that educate employees at all levels about the legal, ethical, and technical dimensions of AI compliance. Hiring legal and technical experts specialising in AI ethics and compliance can also provide essential guidance, ensuring the organisation stays on track. 

Additionally, fostering a culture of continuous learning is key. By regularly organising workshops and seminars, businesses can ensure their teams remain updated on the latest developments and compliance strategies, embedding ethical AI practices throughout the organisation. 

However, to stay ahead, I am convinced that proactive planning is essential. Companies should begin preparations now, using the draft and expected provisions relating to future standards to create a flexible action plan that can be adjusted as more information becomes available. 

In this context, establishing a dedicated task force to monitor the AI Act’s progress and communicate updates to relevant stakeholders is crucial. This will allow businesses to stay ahead of the curve and respond quickly to changes as they arise. 

Furthermore, active engagement with regulatory bodies through consultations and participation in the standardisation process can provide valuable insights. This not only helps companies stay informed but also offers the chance to influence the final form of AI regulations, thereby mitigating the risks associated with last-minute changes. 

Investment in technology is equally critical. Companies should allocate resources to enhance their technical infrastructure, adopting advanced AI tools that ensure compliance with the Act.  

Moreover, adopting an incremental implementation approach can make the transition more manageable. By focusing on high-priority areas first and gradually moving towards full compliance, companies can optimise resources and minimise the risk of non-compliance.  

Taking it a step further, adopting AI labels — especially those focusing on societal, inclusive, and sustainable aspects — can help companies prepare in advance for the AI Act and align with broader CSR strategies. 

 

Compliance as a Differentiator: Time to Act is Now 

I firmly believe that for companies that take the lead in complying with the Act, the long-term benefits are clear: differentiate themselves in the marketplace and gain a reputation for being responsible and forward-thinking. This not only attracts customers and partners who value ethical practices but also positions the company as a leader in the evolving Al landscape. 

Beyond the immediate regulatory requirements, companies that embed ethical AI practices into their operations will see enhanced consumer trust and loyalty — both key drivers of sustained success.  

Furthermore, as future regulations are on the horizon, both within the EU and globally since other regions may look to the EU as a model for future AI regulations, early compliance could provide a strategic advantage in global markets. 

To take full advantage of this opportunity, the time to act is now. 

Companies should start preparing without delay to ensure smooth compliance with the EU AI Act. Partnering with tech firms and consultancies specialising in AI compliance can provide access to cutting-edge solutions and expertise that may not be available in-house. These partnerships can also help organisations navigate the complexities of choosing the right AI label offers that align with their internal strategies. 

I am convinced that by turning compliance into a competitive edge, companies can lead the way in ethical Al development and set a standard for others to follow. 

The EU AI Act presents both a challenge and an opportunity. Those who embrace compliance proactively will not only meet regulatory requirements but position themselves for long-term success. The time to act is now, and those who do will thrive in the new regulatory landscape. 

Search

innovation

artificial-intelligence

cybersecurity

data

Related content

ADEO reshapes its Data Platform with Cloud-based technologies

To sustain its strong growth, the company has laid the extension of its business on a Platform and Data strategy. To propel this ambitious plan, ADEO has decided to migrate its entire IT system into Google Cloud, applying a datacenterless strategy.

Sopra Steria selected as cybersecurity partner of the ecos Consortium to undertake a major technology programme for the European Agencies eu-LISA and Frontex

In this context, Sopra Steria will especially be responsible for cyber security services supporting the Agencies to continuously improve the security of their IT systems and tackle new cyber threats.

Sopra Steria recognized as a Leader in Agile Development & DevOps Services by global analyst firm NelsonHall

NelsonHall’s NEAT vendor evaluation reflects Sopra Steria’s overall ability to meet future client requirements as well as delivering immediate benefits to Agile Development & DevOps Services clients. This evaluation assessed all the major providers in this segment worldwide.