With the European Union’s Artificial Intelligence Act (AI Act) enforcement window rapidly approaching, AI providers—from global tech giants to agile startups—are sounding the alarm. Scheduled to take effect on August 2, 2025, the Act introduces sweeping obligations for general-purpose AI (GPAI) models, including transparency, training data disclosure, copyright compliance, and risk management. Yet persistent uncertainties around implementation have triggered widespread concern over legal gray areas that threaten innovation and breed compliance risk.
Table of Contents
The AI Act Implementation Timeline
- August 1, 2024: AI Act formally entered into force.
- February 2, 2025: First wave of rules activated—prohibitions on certain high‑risk AI practices and AI literacy obligations.
- May 2, 2025: Initial target date for the EU’s voluntary Code of Practice for GPAI, now widely delayed.
- August 2, 2025: GPAI‑related obligations kick in, including documentation, risk assessment, and transparency rules.
- August 2, 2026: Enforcement for high‑risk AI systems begins, subject to fines.
- August 2, 2027: Final compliance deadline for AI systems already in operation before 2025.
Essential supporting elements—like technical standards and the formal Code—remain unfinished or delayed, creating a murky compliance terrain.
What Is the Code of Practice — and Why It’s Delayed
A voluntary Code of Practice for GPAI models is intended as a practical blueprint for navigating the Act’s rules on transparency, copyright, safety, and security. While not legally binding, its adoption signals a pathway toward regulatory goodwill.
Originally slated for release in May 2025, the Code is now postponed—likely until late 2025 or even August—due to negotiations over content, stakeholder input, and legal alignment. Without the Code, providers must interpret vague legal language under time pressure.
Companies that are uncertain how to apply the rules—particularly surrounding copyrighted datasets and transparency obligations—face exposure to fines up to 7% of global annual revenue, or €35 million, depending on the infraction.
Legal Ambiguities Fuel Provider Frustration
Copyright vs. Transparency
AI firms remain unclear about how to attribute or document copyrighted materials in their training datasets. Explicit expectations regarding metadata disclosure and provenance are yet to be formally codified in technical guidance.
Scope of Obligations
Startups and cloud providers alike are grappling over who qualifies as a “provider” or “deployer” under the Act, and what constitutes a “general‑purpose” vs. a “high‑risk” model. That distinction deeply affects their regulatory responsibilities.
Technical Standards Gap
Essential harmonised standards that underpin compliance mechanisms—risk frameworks, testing procedures, security-by‑design protocols—are not yet available. Early drafts exist, but validation and endorsement remain pending.
Industry Pushback Grows
European Corporates Weigh In
Over 45 major European firms—including Airbus, BNP Paribas, Philips, SAP, and Spotify—have urged the EU to freeze or delay enforcement for up to two years, citing unclear guidance and escalating compliance costs.
Tech Giants’ Split Reactions
- Meta has refused to sign the Code of Practice altogether, with Chief Global Affairs Officer Joel Kaplan calling it an “overreach” laden with legal uncertainty.
- Google has committed to signing the full Code, though it publicly noted concern about the burdens imposed by copyright and data transparency rules.
- OpenAI, Mistral, and Microsoft have indicated support for the Code.
- xAI (Elon Musk’s company) plans to sign only the safety & security chapter, rejecting sections on copyright and transparency.
EU’s Official Response: Firm but Flexible
The European Commission has taken a firm stance: “there is no pause, no clock-stop, no grace period.” Prospective enforcement dates are legally binding.
Still, at a digital ministers’ meeting in Luxembourg, Executive Vice President Henna Virkkunen acknowledged the possibility of postponing implementation of select provisions if supporting standards are not finalised in time.
The Commission has promised simplifications—particularly for SMEs—later this year and plans to launch an AI Act Service Desk in summer 2025 to assist organisations with compliance planning.
What Providers Are Doing Now
Compliance Bootcamps
Firms are ramping up internal documentation: logging data sources, annotating models, building explainability layers, and aligning with GDPR. Risk registers and compliance matrices have become central to project management.
Legal Scenario Planning
Legal teams are drafting policies around copyright exceptions (e.g. fair use), preparing to justify missing provenance, and planning for disclosing disproportionate burden cases, particularly for legacy models already trained.
Stakeholder Dialogue
Industry bodies—including CCIA Europe, AI Champions, and VCs—are engaging in ongoing dialogue with Brussels on softening unclear obligations and aligning expectations.
Why EU AI Act Matters
- Global Tech Leaders Are Watching: The EU AI Act is the first comprehensive AI regulation globally. Its success—or failure—will influence policymaking in the U.S., UK, China, and beyond.
- European Innovation at Risk: Critics warn that poorly defined obligations may stifle EU startups, create regulatory arbitrage, and favour U.S./Chinese AI platforms.
- Risk of Scaled Enforcement Gaps: Without finalised standards, providers may over-interpret the law or under-prepare, and could face heavy penalties for non-compliance.
- Transparency vs. Trade Secrets: Firms must balance disclosure with intellectual property concerns. The tension between providing accountability and protecting innovation is front and centre—hence the label “legal grey areas.”
What’s Next
Code of Practice Finalisation
Whether the EU publishes the Code in late 2025 or just before the August 2 deadline remains key. Providers should monitor the European AI Office closely.
Industry‑EU Mediation
Expect further engagement between regulators and industry associations to refine implementation guidance and clarify definitions, especially around GPAI vs. high‑risk systems.
Simplification Proposals
By the end of 2025, the Commission intends to propose simplifications to ease the regulatory burden for smaller firms. These could take the form of adjusted reporting thresholds, tiered obligations, or phased reporting timelines.
Support Structures
Formal resources—such as the AI Act Service Desk, FAQs, and guidance documents—will become available. Companies must integrate these with existing compliance frameworks like ISO, GDPR and NIST.
Conclusion
The countdown to August 2, 2025 is more than a calendar reminder—it’s a pressure cooker for tech providers balancing innovation and regulatory compliance. As critical gaps in guidance and legal scope persist, the legal grey areas around training data, transparency, and high-risk classification threaten not only business continuity but Europe’s competitive edge in AI.
Providers must act now—documenting responsibly, engaging proactively, and planning legally robust strategies. Uncertainty may be unavoidable, but preparedness is key. The EU AI Act is unprecedented, and how businesses navigate its ambiguities today may shape the future of AI governance globally.
Join Our Social Media Channels:
WhatsApp: NaijaEyes
Facebook: NaijaEyes
Twitter: NaijaEyes
Instagram: NaijaEyes
TikTok: NaijaEyes
