European Parliament briefing highlights implementation of the EU Artificial Intelligence Act

The European Parliamentary Research Service (EPRS) has published an updated briefing on the Artificial Intelligence Act (AI Act), providing an overview of the legislation following its formal adoption and entry into force.

The briefing explains the main provisions of the AI Act, outlines the risk-based regulatory framework, summarises the legislative process, and highlights the key implementation milestones that will apply over the coming years.

AI Act establishes a risk-based regulatory framework

According to the briefing, the AI Act introduces a harmonised legal framework for AI systems placed on the EU market or used within the European Union.

The regulation classifies AI systems according to their level of risk, with different regulatory obligations applying to each category:

• Prohibited AI practices, which are banned because they present unacceptable risks;

• High-risk AI systems, which are permitted but must comply with specific regulatory requirements;

• AI systems subject to transparency obligations, such as certain systems interacting directly with individuals or generating AI content;

• Minimal-risk AI systems, which are generally not subject to additional obligations beyond existing legislation.

The briefing also explains that the AI Act introduces specific rules for General-Purpose AI (GPAI) models, including additional obligations for models considered to pose systemic risks.

High-risk AI systems

The briefing notes that AI systems may be classified as high-risk where they can adversely affect health, safety or fundamental rights.

This includes AI systems that are safety components of products covered by sector-specific EU legislation, including medical devices, as well as AI systems used in specific areas listed in the AI Act.

Before being placed on the EU market, providers of high-risk AI systems must complete a conformity assessment and comply with requirements covering areas such as:

• Risk management;

• Testing;

• Data governance and training;

• Human oversight;

• Technical documentation;

• Cybersecurity;

• Post-market monitoring.

Compliance with future harmonised European standards is expected to provide a presumption of conformity with the AI Act requirements.

AI regulatory sandboxes

The briefing explains that the AI Act strengthens support for innovation through the establishment of AI regulatory sandboxes.

Member States will be required to establish at least one national AI regulatory sandbox to facilitate the development, testing and validation of innovative AI systems under regulatory supervision.

The regulation also allows, under specific conditions, real-world testing of certain high-risk AI systems before they are placed on the market.

Implementation timeline

According to the briefing, the AI Act entered into force on 1 August 2024, with different provisions applying progressively:

• Prohibited AI practices: 6 months after entry into force;

• General-Purpose AI (GPAI) obligations and penalties: 12 months;

• High-risk AI systems: 24 months;

• High-risk AI systems covered by existing EU product legislation: 36 months.

The European Commission is expected to publish additional implementing acts, delegated acts, guidelines and codes of practice to support implementation.

Impact for medical device and IVD manufacturers

Although the briefing provides a general overview of the AI Act rather than new regulatory requirements, it highlights several aspects that are relevant for manufacturers of medical devices and in vitro diagnostic medical devices (IVDs).

In particular, the briefing identifies medical devices as examples of products that may incorporate high-risk AI systemswhere AI forms part of a safety component or falls within the scope of sector-specific EU legislation.

The document also highlights that providers of such high-risk AI systems will be required to comply with conformity assessment procedures and obligations relating to testing, data governance, cybersecurity and post-market monitoring before placing these systems on the EU market.

Manufacturers developing AI-enabled medical devices should also be aware that additional implementation measures, including harmonised standards, Commission guidance and codes of practice, are expected as the AI Act is progressively implemented.

Next steps

The EPRS briefing notes that implementation of the AI Act will continue over the coming months and years through the adoption of implementing acts, delegated acts, harmonised standards and guidance documents.

These measures are expected to support the practical application of the AI Act across the European Union as the different obligations become applicable.