EU AI Act: the final step is coming

At the International Conference on “Applications of Intelligent Systems” (APPIS 2024) held in January 2024 in Las Palmas de Gran Canaria, our talk was “AI - Data Protection and Privacy - Some Legal Aspects Analysis between Europe and USA”, and we described the EU AI Act status at that time.

Here, we propose a short description of the most recent EU AI Act crucial events, starting from the trilogue to the forthcoming activities in the legislative process of the AI Act, without recalling the previous solid work from the very beginning (maybe we will publish a more extensive article later).

The trilogue

The trilogue, which kept many people glued to their devices to follow the news from 7 December 2023, ended on 9 December 2023 after an exhausting three-day, marathon-style discussion.

Parliament and Council must formally adopt the agreed text to become EU law.

Parliament’s Internal Market and Civil Liberties committees would have voted on the agreement in a forthcoming meeting.

What’s happened after the trilogue?

On 13 February 2024 the European Parliament’s LIBE and IMCO committees adopted the final text of the EU’s Artificial Intelligence Act in a joint vote with an overwhelming majority (71 votes in favor, 8 votes against, and 7 abstentions).

The Council’s negotiators approved the text as well in February 2024.

Next and final steps

Initially scheduled for April 2024, the final vote was brought forward to March.
Indeed, according to the European Parliament’s agenda, the final vote will take place in Strasbourg on 13 March 2024 at noon.

When will the EU AI Act be applicable?

The EU AI Act will come into force 20 days after its publication in the Official Journal of the European Union and then become fully applicable after that in four phases:



AI Act rules


6 months

Chapter I (General provisions)
Chapter II (Prohibited artificial intelligence practices)

12 months

Chapter III - Section 4 (Notifying authorities and notified bodies)
Chapter V (General-purpose AI models)
Chapter VII (Governance)
Chapter XII (Penalties)
with the exception of Article 101 (Fines for providers of general-purpose AI models)

24 months

All rules of the AI Act become applicable

36 months

Article 6(1) (High-risk AI systems) and the corresponding obligations

EU AI Act and the GDPR: some very brief thoughts

After the EU AI Act becomes applicable, it will have some implications on data protection regulation apart from those already laid down by the same AI Act.

First of all, according to Article 36 of the GDPR, “in the absence of measures taken by the controller to mitigate the risk,” every high-risk AI system should entail prior checking, and so the need to consult the supervisory authority with the primary involvement of the DPO. Thus, it should be necessary to both check the AI system’s ability to be qualified as high-risk and the measures taken by the controller.

As demonstrated by some international standards already adopted by ISO, the AI Act requires management systems and an appropriate audit process.

Last but not least, we should seriously consider ethics, which has a primary role given the ethical implications on any AI system.

In the end, the EU AI Act, already the subject of many comments and discussions, represents a challenge, and those who will work on it should be prepared and highly skilled.

If this resource was helpful, you could contribute by

Buy me a coffee

Or donate via


Follow us on Mastodon

Stay tuned!