The AI Act is the new European law that, for the first time, establishes clear and common rules on the use of artificial intelligence by companies. Approved and entered into force in the summer of 2024, it represents a historic turning point: from now on, companies adopting AI solutions must do so with greater responsibility, integrating aspects of safety, transparency, and personal data protection.

With this regulation, Europe aims to become a global reference point for more trustworthy, safe, and “human-centered” artificial intelligence: a tool that fosters competitiveness without sacrificing fundamental values such as ethics and privacy.

In this context, Artificialy positions itself as a partner to accompany businesses along their AI adoption journey: not only to ensure compliance with the new rules, but also to develop models that are truly reliable, traceable, sustainable, and fully governable.

Risk Classification

At the core of the AI Act lies a key principle: the risk-based approach. The regulation does not prohibit the use of AI but regulates its conditions depending on the potential impact on rights, safety, and individual freedoms.

Systems are classified into four levels of risk:

• Unacceptable risk, meaning systems with an impact considered unacceptable on safety, fundamental rights, or human dignity, such as social scoring. These models cannot be marketed in any way;

• High risk, applications that may have significant consequences on health, safety, or fundamental rights, such as in healthcare, education, infrastructure, or recruitment. They are subject to strict requirements, including quality, transparency, human oversight, and compliance assessments;

• Limited risk, systems with moderate risks, which require transparency obligations, such as informing users that they are interacting with an AI, like chatbots;

• Minimal risk, the vast majority of AI systems, such as spam filters or other “harmless” automations, for which no specific regulatory obligations are foreseen.

Each level entails different obligations for providers, users, and distributors.

For companies, the challenge is twofold: on the one hand, adapting to a new, complex, and evolving regulatory framework; on the other, maintaining the ability to innovate, without letting compliance become a paralyzing constraint.

This is where a shift in mindset is needed: regulatory compliance must no longer be approached as an isolated requirement or a top-down imposition, but as a way to innovate the technical and organizational governance of artificial intelligence itself. This is where partners like Artificialy come into play.

A Gradual but Non-Deferrable Process

The entry into force of the AI Act does not imply the immediate and uniform implementation of all its provisions. Instead, the regulation foresees a phased application, with differentiated deadlines depending on the type of obligation:

• From February 2, 2025, provisions on prohibited (unacceptable risk) systems and AI literacy obligations take effect;

• From August 2, 2025, transparency and governance obligations for general-purpose AI models (GPAI) come into force;

• From August 2, 2026, rules will apply to high-risk systems;

• Until August 2, 2027, a transitional period will remain in place for high-risk systems integrated into products subject to other regulations (e.g., medical devices or industrial machinery).

This timeline allows companies to organize their compliance journey in stages, avoiding emergency-driven approaches. However, waiting until the last minute would be a strategic mistake: the “dynamic” nature of the regulation, subject to implementing guidelines, updates, and new codes of conduct, requires companies to set up internal structures now, capable of correctly interpreting and applying regulatory developments.

At Artificialy, we constantly follow the official webinars of the European AI Office to keep up with the timeline and promptly update our clients.

Model Governance: Towards a New Organizational Culture

The AI Act offers companies an opportunity to develop an internal classification of AI models and their use cases. This step, often overlooked, is the foundation for any risk assessment, allocation of responsibilities, and traceability of algorithmic decisions.

In this sense, the regulation becomes a governance tool rather than a mere regulatory constraint. A concrete example? The requirement for every organization to set up a “model register”, a structured, updated, and documented inventory, enables companies to gain a unified view of their AI initiatives, fostering coordination between IT, legal, compliance, and business units.

Moreover, a strategic approach to compliance also means integrating risk assessment into the model’s lifecycle: from design to validation, adoption, and continuous monitoring. This includes technical documentation, data traceability, testing procedures, post-deployment monitoring, and user training. These are precisely the areas where Artificialy positions itself from the very beginning as a partner to support businesses.

From Regulation to Implementation: the Role of Artificialy

At Artificialy, we are supporting companies through this transition with a structured and progressive approach. The most common questions we receive concern model classification by risk level, obligations and traceable data, as well as the tools to adopt for documentation.

The request is clear: businesses need unambiguous answers and a concrete roadmap that translates regulatory language into operational actions.

Our activities in this field include:

• Mapping and inventory projects for existing AI models;

• Internal audits to identify risks and intervention priorities;

• Targeted training on the AI Act, with a focus on privacy, security, and algorithmic accountability;

• Support in developing compliant governance models, both for existing projects and new developments.

These initiatives also meet growing market demand: more and more companies are seeking partners capable of combining technical expertise with regulatory knowledge, in a context where non-compliance risks can result in significant financial penalties and reputational damage.

A Necessary Regulation, A Strategic Opportunity

The AI Act is not simply a regulatory constraint but a paradigm shift in the approach to artificial intelligence. Clearly defining the legal and technical responsibility for model use is essential to strengthen trust in AI adoption, both among citizens and within companies themselves.

Unsurprisingly, recent attempts by European big tech companies to delay the process, citing a supposed negative impact of the new regulation on the economic and production ecosystem, were rejected by the European Commission. No extensions were granted: the EU reaffirmed its determination to stick to the implementation roadmap of the AI Act.

Today, the real risk for businesses is to stand still, hoping that complexity will resolve itself. Experience shows that an incremental, continuous, and well-documented approach, exactly the one we adopt at Artificialy, both for our clients and ourselves, is the key to meeting deadlines without stifling growth.