Key Points of the ITU Legal Talks ‘The AI Act: EU Regulation with Cross-Border Effect (Review Discussion by Asters)’

On November 27th, an online meeting was held as part of ITU Legal Talks, organised by the IT Ukraine Association with the participation of legal partner — Asters. The topic of the meeting was ‘The AI Act: EU Regulation with Cross-Border Effect (Review Discussion by Asters)’.

 

 

The speaker of the event, Vitaliy  Kulinich, Senior Associate at Asters, discussed the application of the AI Act to Ukrainian developers of AI models and systems, their modifiers, and deployers, as well as general-purpose AI models, prohibited and high-risk AI systems, transparency requirements for such systems, and the penalties for violating the AI Act.

 

Among the information shared:

 

The AI Act, under certain conditions, applies to Ukrainian developers, modifiers, and deployers of AI systems, as well as to developers and modifiers of general-purpose AI models. This includes developers of AI systems whose results are provided or used within the EU.

 

Obligations for suppliers of general-purpose AI models (from 2nd August 2025):

• Suppliers of general-purpose AI models are required to comply with transparency and intellectual property rights obligations. If these models present systemic risks, there are also obligations regarding security and cybersecurity. A practical method to demonstrate compliance with these obligations is through the Code of Practice.
• Modifiers of models, under certain conditions, are considered suppliers of new models, which fully or partially apply the obligations of the model suppliers.
• Obligations for suppliers of AI models may also extend to suppliers of AI systems that integrate such models into their systems.

 

Practices/systems of AI that create unacceptable risks, including those that use manipulation, deception, or assessments based on social characteristics and emotional identification, are prohibited under certain conditions. This includes systems that determine emotions, race, or religious beliefs based on biometric data.

 

Requirements for high-risk AI systems (from 2nd August 2026 – autonomous systems, and from 2nd August 2027 – systems that are components of product safety):

• A risk management system must be created and documented, along with technical documentation.
• Systems must provide automatic event logging, be transparent, and comply with safety, accuracy, and cybersecurity requirements.

 

Obligations for suppliers of high-risk AI systems:

• Suppliers must ensure their systems comply with the Act, maintain and provide the necessary documentation, implement a quality management system, and ensure post-market monitoring and marking of these systems.
• Suppliers must conduct conformity assessments and issue EU declarations of conformity; in certain cases, such assessments are carried out by notified bodies, which issue EU certificates.

 

Representatives established within the EU must confirm the compliance of high-risk AI systems, retain and provide the necessary documentation, and cooperate with authorities for risk assessment and corrective actions.

 

Penalties for violating the provisions of the AI Act can reach up to €35,000,000, or, for companies, up to 7% of their global annual turnover. Penalties are specifically foreseen for violating prohibited practices, failing to meet the obligations of high-risk AI system operators, violating transparency requirements for certain AI systems, and breaching the obligations of AI model suppliers. Penalties are also applied for providing false information or failing to meet documentation requirements.

 

The AI Act presents new challenges for companies working with AI, demanding compliance with regulations aimed at reducing the risks associated with AI models and systems. For successful adaptation, it is important to follow these requirements, implement appropriate policies promptly, conduct assessments, and demonstrate compliance to avoid penalties and retain access to the European market.

 

Got questions? Use Є-Support — the free legal consultation service, also offering cybersecurity consultations for ITU Members.