The EU AI Act is now in force, and its extraterritorial reach means many Southeast Asian companies will need to comply. Here’s what you need to know about the timeline, requirements, and practical steps to prepare.
Who Needs to Comply?
The EU AI Act applies to Southeast Asian companies if they:
- Provide AI systems or services to EU customers
- Have AI systems used within the EU
- Operate subsidiaries or offices in the EU
- Process data of EU residents through AI systems
Key Requirements
High-Risk AI Systems
Systems used in critical areas like healthcare, transportation, and employment must undergo:
- Conformity assessments
- CE marking
- Risk management systems
- Data governance measures
- Human oversight requirements
Prohibited AI Practices
Certain AI applications are banned outright, including:
- Social scoring systems
- Subliminal manipulation techniques
- Biometric categorization based on sensitive characteristics
- Real-time biometric identification in public spaces (with exceptions)
Implementation Timeline
- August 2024: Act enters into force
- February 2025: Prohibited practices ban takes effect
- August 2025: General-purpose AI model requirements
- August 2026: High-risk system requirements
- August 2027: Full implementation
Practical Steps for Compliance
1. Assess Your Exposure
Determine which of your AI systems fall under EU jurisdiction and their risk classification.
2. Develop Compliance Strategy
Create a roadmap for meeting requirements based on the implementation timeline.
3. Implement Technical Measures
Deploy necessary technical controls for risk management, monitoring, and documentation.
4. Establish Governance
Set up processes for ongoing compliance monitoring and reporting.
Getting Help
Given the complexity of the EU AI Act, many Southeast Asian companies will benefit from expert guidance to ensure compliance while maintaining business operations.