EU adopts AI Act – Member States now to appoint AI regulators

As the EU AI Act was formally adopted by the Council of the European Union on 21 May, privacy experts gathered at the CPDP conference in Brussels to debate the future of AI governance.

A session addressed the need for international interoperability - Brazil has issued a draft law, and Canada has a proposal for one. Brazil’s draft AI Act was mentioned as a good example of a broad application of fundamental rights impact assessments – something that in the EU regime will be required only in certain sectors such as credit scoring or insurance.

EU Member States are now required to appoint enforcement authorities, and data experts envisage that there will be considerable fragmentation as to what type of entities will be put in charge. At the EU level, an AI Office within the EU Commission will implement the AI Act for general-purpose AI. It was questioned at the conference whether this model gives too much power for the European Commission in contrast to the GDPR model which relies on the One-Stop-Shop, Data Protection Authorities and the European Data Protection Board.

The AI Act will enter into force twenty days after publication in the EU’s Official Journal, which will be in the coming days. The Act will then enter into force in twenty days, and will apply in two years’ time, with some exceptions for specific provisions.


The June issue of PL&B International Report will include an article on Brazil’s draft law.

The CPDP conference continues today and Friday.