The EU AI Act reached a provisional agreement on 9 December 2023 and was unanimously endorsed by Coreper I on 2 February 2024, making it likely to be official once voted on by the European Parliament in April 2024. After adoption, there will be a two-year grace period for implementation and enforcement, during which the Commission will conduct the AI Pact to encourage early commitment to the Act's rules and principles. Companies should begin preparing for compliance with the Act to maximize alignment. Holistic AI offers governance, risk, and compliance platforms and innovative solutions to help companies navigate the Act's rules and requirements.

The EU has set the gold standard for data protection regulation with the GDPR and is on its way to doing the same in the AI space with the AI Act. The Data Act, which is part of the European Data Strategy, governs connected products and related services' handling of data, including IoT devices, and requires full disclosure from companies on how they collect, store and share users' data. Data holders are bound to provide free, secure, and fair data access while safeguarding trade secrets and user confidentiality, affecting AI systems' deployment and functionality. The Data Act does not have specific provisions for AI systems, but it affects AI systems deployed in connection with connected products or related services. Compliance with the Data Act and the EU AI Act cannot automatically provide compliance with the other, but the requirements may affect each other. A holistic approach, using technical as well as regulatory tools concurrently, is needed to comply with both regulations.

The European Commission has announced the creation of the European Artificial Intelligence Office (AI Office), a key part of the forthcoming AI Act. The office will contribute to the implementation and enforcement of the act, and will sit within the Commission's DG CNECT department. The AI Office will be financed by the Digital Europe Programme. The EU is expected to promote early voluntary compliance with the AI Act through the Commission and the AI Office. The act is likely to come into force in the coming months.

The Council of Europe has published a Draft Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law (DFC), which sets out principles and norms for AI aligned with human rights, democracy, and the rule of law. The Convention's primary objective is to ensure AI systems uphold these values throughout their entire lifecycle. The DFC aligns with the OECD by adopting the same definition for “AI system,” which is significant for clarity and consistency in international AI discourse and regulation. The Framework Convention does not classify specific use of AI systems as prohibited or high-risk systems but rather handles this issue at the level of the scope by covering all AI systems “that have potential to interfere with human rights, democracy, and the rule of law” and requiring appropriate risk assessment and mitigation measures to be implemented for all of them. The DFC does not specify what oversight mechanisms should be used but requires each party to establish or designate at least one effective mechanism to oversee compliance with the DFC. The enforcement of the DFC is multifaceted and involves a combination of national implementation, international cooperation, and a follow-up mechanism for oversight and consultation.

European co-legislators have agreed a provisional agreement on the EU AI Act which seeks to harmonise AI regulations across the EU. The agreement balances innovation with fundamental rights and safety and positions the EU as a leader in digital regulation. The EU AI Act includes prohibitions on biometric identification, updated requirements for high-risk AI systems, and a two-tiered approach for general purpose AI systems. It is expected to gradually enter into force with provisions on prohibitions coming into effect within six months and provisions on transparency and governance coming into effect after twelve months. The EU AI Act will likely set a global benchmark for the ethical and responsible design, development, and deployment of AI systems.