Artificial intelligence and new regulations: what companies need to know now
The second phase of the EU AI Regulation: important changes from August 2025
Developments in artificial intelligence continue to advance in the EU: The second phase of implementation of the European AI Regulation will begin on 2 August 2025. Many companies already rely on AI applications and must now prepare for additional legal requirements that will become binding in several stages until 2027.
One thing is already clear: the AI Regulation will affect not only large corporations, but also providers and operators of AI systems of all kinds, including language models, image and audio generators, and many more. Anyone operating in this area should familiarise themselves with the upcoming obligations in good time.
Which regulations will come into force?
The European AI Regulation (AIoAI) provides for a phased entry into force of its provisions. The following important provisions, among others, will apply from August 2025:
- Notifying authorities and conformity assessment: EU Member States must designate specific authorities to serve as supervisory authorities for high-risk AI systems. These authorities are responsible for designating and supervising conformity assessment bodies.
- Regulations for general-purpose AI models: The regulation lays down specific requirements for so-called ‘general-purpose AI models’. These include transparency obligations, risk management and additional requirements for models that pose a particularly high systemic risk.
- Governance at EU and national level: New bodies will be established, including a central AI office within the European Commission. Each Member State must designate a central market surveillance authority to monitor the implementation of and compliance with the AI Regulation.
- Sanction mechanisms: With the designation of the relevant authorities, the requirements for imposing sanctions will also take effect. Fines, warnings and non-monetary measures are possible – especially with the proviso that SMEs and start-ups should not be disproportionately burdened.
- Confidentiality: Data processed under the AI Regulation is subject to special protection. Trade secrets and security-related information will continue to be subject to high protection requirements.
Relevance and need for action for companies
Who is particularly affected?
Companies that provide AI models for general use or integrate such systems should take action now. This includes providers of large language models and application developers in the fields of text, image, audio or video. From August 2025, these companies will be subject to new obligations, which are set out in detail in the AI Regulation – including information on disclosure, transparency towards users, risk assessments and documentation requirements.
The European Commission has already issued non-binding guidelines and a code of conduct on how these requirements are to be implemented in practice. Although these are not legally binding, they serve as important guidance for the companies affected.
For most companies, however, the most relevant question is likely to be who will act as the competent supervisory authority in Germany. Debates are currently emerging between the Federal Network Agency and the data protection authorities. The aim is to create clear and uniform rules for market surveillance and to avoid duplicate structures. However, the German government has yet to make a final decision on this issue – a formal legislative process has been delayed until at least autumn 2025 due to the change of government.
What should companies focus on now?
Companies that use or offer AI technologies are facing new challenges. They should immediately check which regulations they need to comply with and adapt their internal processes. This applies not only to the technical design of AI systems, but also to training, documentation, data protection and risk management within the company.
The following measures are recommended:
- Analyse whether the AI used is classified as a high-risk system or a model for general use
- Review and adapt internal compliance structures
- Establish systematic monitoring of legal changes relating to the AI Regulation
- Train employees in the compliant use of AI solutions
- Establish documentation and transparency mechanisms in line with legal requirements
Particularly because supervisory authorities will be able to impose sanctions in future, it is advisable to design all AI-related processes in such a way that they comply with legal requirements. Companies that act early not only minimise legal risks, but also strengthen trust among customers and business partners.
Conclusion: Take action now and set the course
The implementation of the AI Regulation as an opportunity and risk factor
The entry into force of the second phase of the AI Regulation marks an important milestone for the regulated use of artificial intelligence in the EU. Companies are now required to take the new obligations seriously and prepare for changes in good time. Those who hesitate not only risk sanctions, but also run the risk of falling behind technologically. At the same time, a structured approach to regulatory requirements offers the opportunity to establish a future-proof, trustworthy AI business model.
Need support? We can help!
The requirements of the AI Regulation are complex and may vary depending on the industry and business model. Do you have questions about the specific implementation in your company or are you unsure whether you are affected? Our team of experts will be happy to support you in the legally compliant use of AI and in setting up a sustainable compliance structure. Get in touch with us – together we will ensure that your company is well positioned for the future!