The upcoming AI Act raises many questions about the requirements and obligations it imposes. A significant part of the regulations focuses on high-risk AI systems, which will partially come into effect on August 2, 2026. Categorizing AI systems correctly as “high risk” might be challenging. By February 2026, the EU Commission will provide a list with specific characteristics to clarify this categorization. This list will also help in assessing the impact of high-risk AI systems through examples.
The rules for “high-risk AI” still need further clarification by lawmakers. Unlike the transparency obligations for certain AI systems, which aim to label AI products and communication systems clearly, the new rules for high-risk AI systems lack clarity. A useful tool to understand the AI Act is the AI Act Explorer.
Although the AI Act demands special care for high-risk AI, it allows room for interpretation in details. The AI Act distinguishes between requirements and obligations for high-risk AI systems, with different responsibilities for providers and operators. The requirements include data governance, technical documentation, risk management, and transparency.
ISO 42001 is an international standard that aligns with many of the AI Act’s requirements, such as quality management and data governance. This standard helps in establishing a certifiable AI management system early, which can later be adapted to the AI Act more easily.
Chapter III of the AI Act deals with high-risk AI systems, distinguishing between requirements (Section 2) and obligations (Section 3). Requirements apply to every high-risk AI system as a specification guideline. Obligations differ for providers and operators, depending on their role with the high-risk AI system. This can result in uncertainties, mainly for providers.
Understanding the AI Act and preparing for it can be aided by ISO 42001. This standard provides a framework for implementing quality management and data governance, which are crucial components of the AI Act for high-risk systems. By aligning with ISO 42001, organizations can set up a management system that is easier to adapt to the AI Act’s requirements.
As the AI Act continues to evolve, staying informed about its developments and how standards like ISO 42001 can help is essential. The AI Act Explorer and other resources can assist in navigating these changes and ensuring compliance with the upcoming regulations.