Deutsch

Keyword search

Find your lawyers

Further activation of the provisions of the AI Act

08/04/2025

Author

Florian Kranebitter

Partner

Since 2 August 2025, further key new provisions of the AI Act have come into force. Businesses may also be subject to reporting requirements for AI-assisted systems.

With the AI Act, the European Union has created comprehensive regulations for artificial intelligence that are also directly applicable in Austria. The fundamental goal of the AI Act is to enable innovation while minimizing risks to society and fundamental rights. The regulation entered into force on 1 August 2024,   and will be implemented in stages. Other key provisions have been in force since 2 August 2025.

Who is affected by the AI Act?

The AI Act basically affects companies that develop, distribute, or use AI systems, regardless of whether they are based in the EU. This includes providers of so-called general-purpose AI (GPAI), i.e., AI models with a wide range of applications (e.g., large language models), and operators of AI applications in sensitive areas such as health, justice, education, or public administration.

Four risk classes for AI systems

The AI Act distinguishes between four basic risk categories:

(i)          prohibited AI systems – such as social scoring or manipulative technologies,

(ii)         high-risk systems – such as AI in medicine or personnel recruitment, with strict requirements for safety, transparency, and documentation,

(iii)        systems with limited risk – such as chatbots, which must be clearly identifiable as such, and

(iv)        systems with minimal risk – such as spam filters, which are hardly regulated.

Depending on their risk class, companies must create technical documentation, ensure transparency for users, build up internal expertise, and systematically assess risks.

Obligations of GPAI providers

Since 2 August 2025, GPAI providers must disclose how their models were trained, what content was used, and how copyrights are protected. On 10 July 2025, the EU Commission also published an official code of conduct that serves as a guideline for responsible development and use.

Competent authority in Austria

The Austrian Broadcasting and Telecommunications Regulatory Authority (RTR - Rundfunk und Telekom Regulierungs-GmbH) is the central reporting and regulatory authority for the AI Act in Austria and can impose heavy fines for violations of the AI Act. The amount of fines depends on the severity of the violation and, similar to the GDPR, can amount to several million euros or a percentage of global annual turnover.

Practical example

The following example shows how relevant the AI Act can already be for companies in practice: An Austrian company in Austria uses an AI system for the automated pre-selection of applicants. As this is an application in the field of human resources, the system falls into the "high risk" category. Since 2 August 2, 2025, the company must now (a) carry out and document a risk assessment, (b) ensure that the AI does not discriminate (e.g., based on gender or origin), (c) make the decision-making logic transparent to applicants, (d) and register the application with the competent national supervisory authority.

Conclusion

The AI Act fundamentally changes how AI is handled, both for providers and users. With the further regulations set which came to come into force on 2 August 2, 2025, every company should check whether they are operating in line with the provisions of the AI Act.

Author

Florian Kranebitter

Partner