What Steps Should Companies Take Now to Prepare for the AI Act?

To prepare for the EU AI Act, companies should start by gaining a complete understanding of all the AI systems they use, develop, or distribute, including those that interact with EU users or process EU data. This involves identifying which systems fall under prohibited, high-risk, or general-purpose AI categories and assessing the potential impact on business operations and markets. Any AI applications that engage in banned practices should be removed or replaced, and ongoing audits should ensure continued compliance with these restrictions.

Establishing strong governance is critical. Organisations need clear oversight structures, accountability frameworks, and comprehensive documentation covering model design, training data sources, algorithms, risk assessments, and system performance. Transparency with users, including clear labelling of AI-generated outputs, is also essential. Equally important is building AI literacy across the workforce, ensuring that employees, compliance teams, and executives understand regulatory obligations, risk mitigation, and incident response procedures.

For high-risk AI and general-purpose models, companies must implement thorough compliance measures, including fairness audits, data governance protocols, post-market monitoring, and conformity assessments. Vendor and partner relationships also require review, with contracts updated to reflect new obligations and assurances that distributed AI systems meet regulatory standards. Engaging proactively with regulatory authorities, participating in sandboxes where available, and continuously monitoring guidance and enforcement trends will help companies stay ahead of the evolving requirements.