On 02.08.2025 a significant part of the provisions of Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules on artificial intelligence (“the Regulation”) began to apply. The Regulation is the first piece of legislation regulating the use of artificial intelligence systems at global level and aims to promote the development and deployment of artificial intelligence systems (“AI”) that are reliable and human-centric.
The Regulation applies to suppliers, implementers, importers, and distributors of AI systems that are established in or operate AI systems in the European Union (“EU”).
The Regulation prohibits certain uses of AI systems that disproportionately infringe on the fundamental rights and freedoms of EU citizens or threaten the very order of the Union. These prohibited forms of use include: the use of manipulative and deceptive techniques, the exploitation of individuals' vulnerabilities, social scoring, the prediction of criminal behaviour through profiling, the creation of facial recognition databases through mass image collection, biometric categorization based on sensitive characteristics and biometric identification for law enforcement purposes, unless it is for the purpose of searching for a crime victim, preventing a threat to life/terrorist attack, or identifying suspects in serious crimes.
Control of the lawful use of AI systems is entrusted to conformity assessment bodies. These bodies will carry out prior and ongoing monitoring, verify the technical files and documentation of AI systems, and be competent to issue certificates of conformity for the latter. To ensure that conformity assessment is carried out by reliable and qualified institutions, Member States shall designate an administrative authority to assess applicants for conformity assessment bodies, verify that they meet the criteria of competence, impartiality, and independence, and supervise them (Bulgaria has not yet designated such a national authority).
As of 02.08.2025, the obligations of suppliers of general-purpose AI systems and general-purpose AI systems posing a systemic risk are also applicable.
With regard to general-purpose AI systems (e.g., large language models such as ChatGPT), providers should prepare and maintain detailed documentation describing the characteristics, including the architecture, training methods, data used, and limitations of the AI system, comply with copyright law, provide users with the necessary information, and register the AI system in the EU public database.
In addition to the above obligations, suppliers of AI systems posing a systemic risk should assess those risks and implement measures to mitigate them, conduct tests and ensure a high level of cybersecurity, submit regular safety reports and test results to the European Commission, and register their systems with the appropriate designation.
Notwithstanding the above, the sanction regime for suppliers of general-purpose AI models that are in breach of the provisions of the Regulation will not apply before 2 August 2026. This permission will allow businesses to adapt to the new legal framework in line with the requirements of the regulatory authorities without incurring financial risk.
Another permission aimed at helping businesses is related to the possibility for European authorities with competence in the field of AI to draw up codes of good practice. These codes are non-binding guidelines that help companies establish internal mechanisms for implementing the regulation and facilitate their compliance with the obligations imposed by it. At the beginning of August, the first code of good practice came into force on https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai?utm_source=chatgpt.com.
The Regulation marks a new stage in the regulation of emerging technologies, setting clear standards for safety, transparency, and the protection of fundamental rights of citizens. The implementation of its key provisions means that all actors in the supply chain and use of AI systems must take timely action to bring their activities into line with the new rules, including the introduction of internal procedures, the preparation of technical documentation, and risk control mechanisms. This not only minimizes regulatory and reputational risks, but also opens up opportunities for the safe and ethical deployment of AI in the single market. In this context, timely legal advice and support in adapting to the new requirements can be key to the smooth functioning and sustainable development of the business.
