Firms operating in the European Union are facing mounting risks from the impending EU AI Act, according to Yaryna Kobel, Corporate Governance Analyst at HSBC.
In her report, “The EU AI Act: Understanding the Impact on Sectors,” Kobel highlights increased compliance costs, regulatory uncertainty, and heightened litigation risks as significant challenges for companies utilising artificial intelligence (AI) technologies.
Challenges posed by the Act are likely to impact firms across multiple industries, with smaller enterprises particularly vulnerable to the financial strain of compliance.
Kobel points out that adhering to the Act will require companies to invest heavily in AI governance programmes, leading to a sharp rise in operational costs.
The financial penalties for non-compliance are another major concern.
Kobel underscores that violations of the Act could result in fines as high as €35 million or 7% of a firm’s global annual turnover for prohibited practices. At today’s Euro to Pound exchange rate, this would amount to £26M.
Providers of General-Purpose AI models also face steep penalties of up to €15 million (£12.5M) or 3% of global turnover for breaching the Act’s provisions.
Such fines underscore the need for businesses to prioritise compliance despite the considerable operational and financial challenges involved.
HSBC thinks the regulations will be especially burdensome for small and medium-sized enterprises (SMEs) and start-ups, which often lack the resources to meet such stringent requirements.
Adding to this pressure is the Act’s mandatory disclosure rule for copyrighted materials used to train AI models, which Kobel warns could expose firms to increased litigation risks.
She notes that although the Act does not explicitly regulate the use of copyrighted materials, public disclosure of such information could spark legal challenges, especially given the current lack of clarity in how these cases might unfold.
Regulatory uncertainty further complicates the landscape for businesses.
Kobel highlights that while the Act’s accompanying codes of practice, expected by mid-2025, aim to provide a compliance framework, their absence leaves firms in a state of ambiguity.
This uncertainty is magnified for companies in sectors like automotive and healthcare, where the Act intersects with existing industry-specific regulations.
In the automotive industry, for example, the “harmonisation rule” requires that AI safety standards be integrated into sectoral legislation, prolonging uncertainty for firms until these updates are finalised.
In the healthcare sector, many AI systems are expected to be classified as “high-risk,” subjecting them to stringent compliance obligations under both the Act and EU medical device regulations. Kobel notes that limited guidance on navigating these overlapping frameworks adds significant complexity for manufacturers.
While the EU AI Act aims to foster responsible AI development and use, it poses significant risks for firms operating in the region.
Kobel emphasises that companies must prepare for these challenges by proactively investing in compliance strategies and addressing sector-specific complexities.
She warns that failure to adapt could not only expose businesses to substantial financial penalties but also hinder their ability to remain competitive in an increasingly regulated market.
The Act, though well-intentioned, requires firms to navigate a challenging and uncertain regulatory environment with far-reaching implications across multiple sectors.