Multidisciplinary expertise will be required to avoid eventual hefty fines, EY’s AI experts warn.

It wasn’t that long ago that the GDPR was the buzzword that kept CEOs up at night. A similar landmark piece of European legislation should now be front of mind for executives, given that the first important deadline of the AI Act has already passed.

Companies were obliged to take inventory of all of their AI tools that are classified as banned practices and introduce AI Literacy training for all staff by Feb. 2. This is just the first phase, though.

“If you agree with me on this very radical statement that pretty soon all technology will be AI technology, then you will understand the significance of this legislation and all other regulations that will hopefully be emerging,” states EY’s chief AI expert and president of the PHI Institute, George Tilesch - pictured above.

EY’s lead AI confidence partner, Erik Slooten, warns that executives shouldn’t just assume the AI Act doesn’t concern them or can be put off.

“Right now, people are like, ‘Yeah, okay, it’s coming, we’ll deal with it later.’ That’s a mistake,” the expert notes. “This is not just about banned practices like facial recognition or surveillance; it’s a fundamental shift in how AI is governed in Europe.”

Slooten underlines that the act is not just about curbing extreme AI misuse, but also about setting new standards for AI applications in finance, healthcare, and advertising. Tilesch says companies must assess their own level of risks, what kind of AI they have, and who uses it in what role. Every company is unique in that sense, the expert explains.
 

“We need to think together with companies and craft the unique strategies they need. Providing AI literacy is not a fire hazard ‘checking-the-boxes’ kind of education,” Tilesch stresses. Slooten agrees that AI literacy is essential: you can’t run a company on AI tech without your employees understanding AI fundamentally, he says.

First Consequences This Year

“We are seeing concrete steps from the Hungarian authorities. The ministries in charge are refining their approach, the National Bank [of Hungary] has prepared guidelines, and dedicated AI authorities should be set up by August, so businesses should expect to deal with the first consequences of the act within this calendar year,” says EY law senior manager Adrienn Piskóti.

Hungarian companies must proactively assess their AI systems to avoid future compliance risks. It is important to note that the act affects all businesses that are connected to the technology as providers or deployers; furthermore, market players who use some AI-based solution for business purposes in their business processes must also prepare.

A major challenge is understanding which AI practices may be considered “banned” or “high risk” under the act.
 

“If you’re an insurance company using social scoring to determine creditworthiness or a business using emotion detection in HR processes, you may already be in a grey area,” Slooten cautions. “Many banks and insurers need to evaluate whether their AI-driven risk assessments comply with the new rules.”

The European Commission recently issued detailed documentation outlining banned AI practices, and Tilesch warns that companies cannot afford to be ignorant.

“This is a growing list. What may be acceptable today might be considered high-risk or banned in the future. Businesses must establish governance frameworks that allow them to monitor regulatory updates and adapt accordingly,” Tilesch says.

Broad Framework

While the AI Act is a framework regulation rather than sector-specific, it is clear that industries relying on artificial intelligence will feel its effects the most.

“Eurostat data shows that AI usage is most dominant in scientific and technology fields, as well as administrative and support services,” notes Piskóti. “However, industries like banking, insurance, and healthcare will have to pay special attention, as many of their AI-driven processes may fall into high-risk categories.” She further emphasizes the importance of understanding the AI Act’s core principles.

“This regulation isn’t just about compliance: it’s about safeguarding ethical AI use, preventing social scoring, and protecting fundamental rights. Companies must ensure they are not deploying AI solutions that could be classified as prohibited practices.”

Regarding preparation, artificial intelligence is a socio-technical field; neither IT nor legal expertise alone will do.
 

“This isn’t just a legal issue. It requires a cross-functional team including risk managers, quality control specialists, legal teams, and AI experts,” says Piskóti. Slooten notes that Hungarian companies have begun to engage with EY for AI compliance services, but many still underestimate the complexity.

“Some businesses think they can just hire a chief AI officer or a lead AI thinker. That’s not how this works. AI governance must be embedded across multiple functions in an organization,” he says. On top of providing AI training for employers, clients should map their AI practices against regulatory expectations and do their homework before further essential deadlines pass.

A Blessing or a Curse for EU Competitiveness?

The U.S. innovates, Europe regulates, goes the old saying. Will the AI Act do more good than harm for the EU’s competitiveness? Tilesch believes the U.S. and China may have a short-term advantage, but remains optimistic about Europe’s long-term position.

“Yes, Europe is slower due to regulation, but we are also creating a safer AI ecosystem. In the long run, this could be a competitive edge,” he says. It is a view Piskóti agrees with: “If a company knows that AI developed under European regulations is safer, it may be more willing to adopt it. This could drive greater AI adoption within the EU and even attract international businesses looking for compliant solutions.”

How Hard Will Fines Bite?

Banned and high-risk AI systems carry potential fines of EUR 35 million and EUR 15 mln, or 7% and 3% of global turnover, respectively. However, it is hard to say how harshly authorities will crack down. “We saw it with GDPR; once banks and telecoms started receiving audit notices and financial threats, the industry scrambled to comply. We expect a similar trajectory with the AI Act,” Slooten predicts.

Shadow AI: Know What Your Staff are Doing

“The biggest risk isn’t that people aren’t using AI, it’s that they’re using AI without any oversight,” warns Tilesch. This phenomenon is called shadow AI. “Many employees are already feeding confidential data into their private AI tools like ChatGPT without realizing the risks.

This isn’t just an AI Act issue; it’s a fundamental data security problem.” Slooten, meanwhile, highlights the dangers of the generational gap in AI adoption.

“Younger employees trust AI completely, while older generations are far more skeptical. Businesses must bridge this gap by training their workforce on AI risks, ethical concerns, and best practices.”

*********************************

You're very welcome to comment, discuss and enjoy more stories via our Facebook page: 

Facebook.com/XpatLoopNews + via XpatLoop’s groups: Budapest Expats / Expats Hungary

You can subscribe to our newsletter here: XpatLoop.com/Newsletters

As an independent portal we’re grateful to all commercial supporters who help keep you in the loop with fresh insights and inspiration. Do you want your business to reach tens of thousands of potential high-value expat customers? If so please contact us here.