AI Act: challenges (and opportunities) of the new european regulation on Artificial Intelligence

With the official approval of Regulation (EU) 2024/1689, known as the AI Act, the European Union has, for the first time—and as the first in the world—established a specific regulatory framework to govern the use of artificial intelligence (AI) systems. Comparable in significance and structure to the GDPR, the AI Act was published in the EU Official Journal in July 2024 and formally entered into force on august 1, 2024. The regulation will become fully applicable on August 2, 2026, with certain provisions already mandatory starting in 2025.

The AI Act classifies systems that use AI into four main categories, based on associated risks:

1. Unacceptable risk. Completely prohibited, such as social scoring, mass biometric surveillance, and subliminal manipulation.
2. High risk. Critical systems that are strictly regulated—for example, applications in the medical, financial, law enforcement, education, and security sectors; these must meet stringent requirements.
3. Limited risk. Systems subject to limited transparency obligations toward users, such as chatbots and generated content (e.g., deepfakes).
4. Minimal risk. No specific obligations, but certain voluntary best practices are strongly encouraged.

Obligations and compliance requirements for companies

Companies that develop or use artificial intelligence systems must significantly adapt their internal processes to comply with the new regulatory obligations set forth by the AI Act. This requires action at organizational, technical, and governance levels. One of the primary needs is to accurately assess and classify the risk associated with the AI systems in use, in order to define the necessary compliance requirements. Additionally, it is essential to prepare detailed technical documentation that thoroughly describes the systems, the algorithms used, the datasets employed, the design decisions made, and the security measures implemented.

Businesses must also implement appropriate security controls, integrate human oversight systems into AI usage processes, and launch mandatory training programs for involved personnel to ensure awareness of the related ethical and legal aspects. Compliance cannot be addressed as a one-time effort; it requires ongoing management, including regular audits and continuous updates. Finally, it is essential to adopt a “compliance by design” approach, embedding regulatory principles into the system development lifecycle from the earliest stages.

Failure to comply with these obligations can result in very severe penalties, even exceeding those set by the GDPR: fines can reach up to 7% of global annual turnover or €35 million, depending on the severity of the violation and the type of AI system involved.

Partnering with Mashfrog for effective AI compliance

Addressing the AI Act is not just about fulfilling legal obligations: it is a complex process that requires technical, legal, and organizational knowledge, along with a strategic vision for the role of artificial intelligence in business operations. Mashfrog Group, backed by extensive experience in the technology and digital sectors, offers companies highly specialized consulting services to ensure full, effective, and sustainable long-term compliance.

Mashfrog's expertise covers the entire AI lifecycle:

• AI systems analysis and risk Assessment: Mashfrog conducts in-depth assessments of AI models used by companies, classifying them according to the risk levels defined by the regulation. This enables rapid identification of intervention priorities and the specific regulatory requirements that must be met.
• Ethical AI design and governance: The company supports the creation of governance frameworks, ensuring that every phase of AI development or deployment—from design to production—is aligned with the principles of the AI Act. Internal audits, human oversight mechanisms, and accountability guidelines are implemented.
• Technical documentation production: Mashfrog provides methodological and editorial expertise for the preparation of the required technical dossiers, including details on datasets, algorithms, performance metrics, risk mitigation, and security measures.
• AI audits & bias testing: Through independent analysis, Mashfrog conducts checks for bias in models, technical robustness, and output transparency to ensure reliability and the protection of fundamental rights.
• Targeted corporate training: The company organizes technical and regulatory training programs for teams involved in AI projects, fostering a culture of responsibility and ethical awareness in the use of technology.
• Certification support and operational compliance: Mashfrog guides businesses through the certification process, working with notified bodies and preparing the necessary documentation. It also offers software tools and post-implementation services to ensure compliance is maintained over time.

Thanks to a multidisciplinary team of data scientists, software engineers, legal experts, and business consultants, Mashfrog positions itself as the ideal strategic partner for companies aiming to adopt a structured, secure, and competitive approach to artificial intelligence within the new European regulatory landscape.

From challenge to opportunity: turning compliance into a competitive advantage

The AI Act represents a significant challenge for european businesses, but also a major opportunity to strengthen customer trust and enhance competitive positioning by building more transparent, reliable, competitive, and responsible systems through the use of artificial intelligence.

To successfully meet these challenges, it is essential to anticipate the changes required by the AI Act. It's important to understand that compliance with the regulation is not a one-time task, but an ongoing process that demands continuous commitment. Professionals will need to incorporate new practices into their daily routines and devote significant attention to documentation and data management.

Our targeted and comprehensive consulting enables companies to quickly and effectively adapt to this new regulatory landscape—not only ensuring legal compliance, but also turning obligations into a true competitive advantage.