Fachbücher zu Daten­schutz und IT-Sicher­heit finden Sie hier.
  1. Home
  2. News
  3. How the EU AI Regulation will change your business from 2025 – what you need to know and do now
  • Data Protection

How the EU AI Regulation will change your business from 2025 – what you need to know and do now

Artificial intelligence and new regulations: what companies need to know now

The second phase of the EU AI Regulation: important changes from August 2025

Developments in artificial intelligence continue to advance in the EU: The second phase of implementation of the European AI Regulation will begin on 2 August 2025. Many companies already rely on AI applications and must now prepare for additional legal requirements that will become binding in several stages until 2027.

One thing is already clear: the AI Regulation will affect not only large corporations, but also providers and operators of AI systems of all kinds, including language models, image and audio generators, and many more. Anyone operating in this area should familiarise themselves with the upcoming obligations in good time.

Which regulations will come into force?

The European AI Regulation (AIoAI) provides for a phased entry into force of its provisions. The following important provisions, among others, will apply from August 2025:

  • Notifying authorities and conformity assessment: EU Member States must designate specific authorities to serve as supervisory authorities for high-risk AI systems. These authorities are responsible for designating and supervising conformity assessment bodies.
  • Regulations for general-purpose AI models: The regulation lays down specific requirements for so-called ‘general-purpose AI models’. These include transparency obligations, risk management and additional requirements for models that pose a particularly high systemic risk.
  • Governance at EU and national level: New bodies will be established, including a central AI office within the European Commission. Each Member State must designate a central market surveillance authority to monitor the implementation of and compliance with the AI Regulation.
  • Sanction mechanisms: With the designation of the relevant authorities, the requirements for imposing sanctions will also take effect. Fines, warnings and non-monetary measures are possible – especially with the proviso that SMEs and start-ups should not be disproportionately burdened.
  • Confidentiality: Data processed under the AI Regulation is subject to special protection. Trade secrets and security-related information will continue to be subject to high protection requirements.

Relevance and need for action for companies

Who is particularly affected?

Companies that provide AI models for general use or integrate such systems should take action now. This includes providers of large language models and application developers in the fields of text, image, audio or video. From August 2025, these companies will be subject to new obligations, which are set out in detail in the AI Regulation – including information on disclosure, transparency towards users, risk assessments and documentation requirements.

The European Commission has already issued non-binding guidelines and a code of conduct on how these requirements are to be implemented in practice. Although these are not legally binding, they serve as important guidance for the companies affected.

For most companies, however, the most relevant question is likely to be who will act as the competent supervisory authority in Germany. Debates are currently emerging between the Federal Network Agency and the data protection authorities. The aim is to create clear and uniform rules for market surveillance and to avoid duplicate structures. However, the German government has yet to make a final decision on this issue – a formal legislative process has been delayed until at least autumn 2025 due to the change of government.

What should companies focus on now?

Companies that use or offer AI technologies are facing new challenges. They should immediately check which regulations they need to comply with and adapt their internal processes. This applies not only to the technical design of AI systems, but also to training, documentation, data protection and risk management within the company.

The following measures are recommended:

  • Analyse whether the AI used is classified as a high-risk system or a model for general use
  • Review and adapt internal compliance structures
  • Establish systematic monitoring of legal changes relating to the AI Regulation
  • Train employees in the compliant use of AI solutions
  • Establish documentation and transparency mechanisms in line with legal requirements

Particularly because supervisory authorities will be able to impose sanctions in future, it is advisable to design all AI-related processes in such a way that they comply with legal requirements. Companies that act early not only minimise legal risks, but also strengthen trust among customers and business partners.

Conclusion: Take action now and set the course

The implementation of the AI Regulation as an opportunity and risk factor

The entry into force of the second phase of the AI Regulation marks an important milestone for the regulated use of artificial intelligence in the EU. Companies are now required to take the new obligations seriously and prepare for changes in good time. Those who hesitate not only risk sanctions, but also run the risk of falling behind technologically. At the same time, a structured approach to regulatory requirements offers the opportunity to establish a future-proof, trustworthy AI business model.

Need support? We can help!

The requirements of the AI Regulation are complex and may vary depending on the industry and business model. Do you have questions about the specific implementation in your company or are you unsure whether you are affected? Our team of experts will be happy to support you in the legally compliant use of AI and in setting up a sustainable compliance structure. Get in touch with us – together we will ensure that your company is well positioned for the future!

Back
© 2011–2025 GINDAT GmbH

About Cookies

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.
Mandatory

These cookies are needed for a smooth operation of our website.

Name Purpose Lifetime Type Provider
CookieConsent Saves your consent to using cookies. 1 year HTML Website
fe_typo_user Assigns your browser to a session on the server. session HTTP Website
PHPSESSID Temporary cookies which is required by PHP to temporarily store data. session HTTP Website
__cfduid missing translation: trackingobject.__cfduid.desc 30 missing translation: duration.days-session HTTP Cloudflare/ report-uri.com
Statistics

With the help of these statistics cookies we check how visitors interact with our website. The information is collected anonymously.

Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
_pk_cvar Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
MATOMO_SESSID Temporary cookies which is set when the Matomo Out-out is used. session HTTP Matomo
_pk_testcookie missing translation: trackingobject._pk_testcookie.desc session HTML Matomo