An Article by Andria Thrasyvoulou, Advocate at Pyrgou Vakis Law Firm.
Artificial Intelligence (AI) has rapidly become a pivotal component of technological advancement, affecting the everyday lives of billions of people and businesses. This exponential influence of AI and its use, raised concerns over various aspects of this influence on society, including the economy, governance, privacy, safety and human rights. These prompted the European Union (EU) to establish comprehensive regulations to ensure its ethical and safe deployment effectively protecting its users.
The EU Artificial Intelligence Act (AI Act) represents a landmark effort to create this legal framework and harmonize AI governance across member states, including Cyprus.
How it Started
The journey towards the AI Act began with the European Commission’s publication of the “White Paper on Artificial Intelligence – A European approach to excellence and trust” in February 2020. Following extensive deliberations, the Act was officially proposed in April 2021 and passed by the European Parliament after rigorous negotiations, on March 13, 2024. The EU Council approved the Act on May 21, 2024 and was entered into force on August 1, 2024.
Purpose and Scope of the AI Act
The AI Act aims to regulate AI systems within the EU, ensuring they are safe, transparent, and respect fundamental rights. It introduces a risk-based classification of AI systems, imposing stringent requirements on high-risk applications to mitigate potential harms. The Act also establishes provisions for prohibited AI practices deemed unacceptable, such as social scoring by governments.
Transposition into Cyprus Legislation
As an EU member state, Cyprus is obligated to transpose EU regulations into national law. The AI Act though as a Regulation has directly applicable provisions that do not require separate transposition; however, certain aspects may necessitate national implementation measures. Cyprus has already designated the authorities responsible for the enforcement of the AI Act which are the Commissioner for Personal Data Protection, the Commissioner for Administration and the Protection of Human Rights (Ombudsman) , and the Attorney-General of the Republic of Cyprus.
Cyprus is further expected to establish regulatory sandboxes, and ensure compliance mechanisms are in place by the deadlines specified in the Act. The government and relevant stakeholders are actively working to align national legislation and infrastructure with the AI Act’s requirements, aiming for full compliance by August 2026.
Phased Implementation Timeline
Taking into consideration of the complexity of AI technologies, the AI Act’s enforcement is structured in phases:
- February 2, 2025: Prohibitions on AI systems posing unacceptable risks and general provisions on AI governance come into effect.
- May 2, 2025: Codes of conduct for AI development and usage must be established.
- August 2, 2025: Provisions related to general-purpose AI models and provisions dealing with governance, conformity bodies, enforcement, confidentiality and penalties become applicable.
- August 2, 2026: The majority of the Act’s provisions, especially those concerning high-risk AI systems, are fully enforceable.
- August 2, 2027: Regulations pertaining to high-risk AI systems within the EU product safety framework are enforced.
Who needs to comply?
AI developers, Deployers, providers, authorised representatives (for non-EU-providers) importers, exporters, distributors, manufacturers of goods using AI and all affected persons/users—inside or outside the EU—if their systems are used within the EU market and irrespective if they originate in a third country. Some of the companies that would be most affected include:
- Tech Giants
- AI Startups
- Healthcare and Life Sciences companies
- Finance and Insurance Companies
- Telecommunications & Infrastructure companies
- Schools, Universities and Education companies
- Employment, HR and Workforce companies
Non-compliance comes at a price — companies found in violation may be fined €7.5 million euros to €35 million euros or 1% to 7% of their global annual revenue; a significant financial deterrent with the utter goal of ensuring compliance.
Staying informed and proactive therefore, will be crucial for businesses and legal entities navigating this evolving regulatory landscape.
How can we assist?
We assist companies across high-impact sectors in navigating the EU AI Act by classifying their AI systems, assessing compliance obligations, and advising on transparency, data governance, and risk management requirements. Our team can also support clients with regulatory filings, contractual structuring, liability mitigation, and the development of robust internal AI governance frameworks to ensure both legal compliance and business continuity.
