AI Pact: Simplifying EU AI Act compliance for enterprises

While most provisions of the EU AI Act come into effect at the end of a two-year transition period ending in August 2026, some of them enter force as early as February 2, 2025.

The European law on artificial intelligence is extensive and complex and understanding it and integrating it into daily practice requires a great deal of effort, knowledge, and resources, say CIOs, experts and executives from the legal and public policy areas of enterprises, who agree that those two years to reach full compliance are as necessary as ever.

The European Commission is aware of these issues: It has set up an AI Office, a center of expertise on artificial intelligence, and has launched the AI Pact, a working group that all companies can join, on a voluntary basis, to collaborate with the AI Office in clarifying the many aspects of the regulation, suggesting simplifications and proposing best practices that serve as a model for compliance, especially for small and medium-size businesses.

“The hope is to have shared guidelines and harmonized rules: few rules, clear and forward-looking,” says Marco Valentini, group public affairs director at Engineering, an Italian company that is a member of the AI Pact. “We hope to work closely with the AI Office to achieve these goals. The EU has completed a very important initiative by approving one of the world’s first regulations on AI, in an anthropocentric function, protecting fundamental rights and guaranteeing innovation,” Valentini continues. “For this reason, the AI Act is a very nuanced regulation, and an initiative like the AI Pact should help companies clarify its practical application because it brings forward compliance on some key provisions.”

“There are so many laws on digital that the previous European Commission passed: the new Commission is aware of the vastness of the framework and has every intention of helping companies with compliance,” says Matteo Quattrocchi, head of EU AI policy at Cisco, a company that also entered the pact. “The AI Act is complex in that it is the first cross-cutting AI law in the world and companies will have to dedicate a specific focus on AI for the first time, but with intersections with the Data Act, GDPR and other laws as well. It is not easy to master this framework, and AI Pact can also help with the guidance provided by the AI Office.”

According to Alessandro Proietti, customer experience and innovation director of The Adecco Group Italy, another AI Pact member, the AI Act is “a complex, but necessary law: the EU has rightly intervened to regulate AI not in a way that blocks it but to define the perimeter within which it can be used.”

Many companies approach AI by immediately trying to figure out how to apply it to their processes, but one must first know the regulatory framework and know what is possible and what is not, Proietti explains. “Inform and educate” and simplify are the key words, and that’s what the AI Pact is for.

AI Pact: the European initiative to simplify AI Act compliance

The AI Pact, explains the European Commission, was created to help stakeholders prepare for the implementation of the AI Act. The Pact is structured around two pillars. The first consists of information exchange within the AI Pact network. This pillar is open to all stakeholders (companies, NGOs, universities, public officials, and so on); participants contribute to the creation of a collaborative community that exchanges knowledge and experiences, for example through webinars organized by the AI Office in which participants are provided with clarification on the AI Act, their responsibilities, and how to prepare for compliance. In turn, the AI Office gathers information on best practices and difficulties encountered by participants. As part of this, those who participate in the initiative can share their own internal practices and policies that they believe will serve others in their journey toward compliance. Such best practices could also be posted on an AI Office online platform.

The second pillar revolves around AI Act implementation commitments made by individual companies. The aim is to provide a framework that encourages early implementation of some of the measures in the act and to encourage organizations to make public the practices and processes they are implementing to achieve compliance even before the statutory deadline.In particular, companies that use AI systems can share their voluntary commitments to transparency and risk control. These commitments take the form of “pledges” (statement of goals and timelines) posted on the AI Office website.

Support for compliance

The AI Pact’s voluntary commitments are based on the European Commission’s call for compliance with at least three key tasks. The first is to adopt an AI governance strategy that encourages its use in the enterprise and prepares the ground for AI Act compliance; the second is to identify and map AI systems that could fall into the “high risk” category under the Act; and the third is to promote awareness of AI technology and AI Act requirements among staff, ensuring ethical and responsible AI development. At least half of the current AI Pact signatories (numbering more than 130) have made additional commitments, such as risk mitigation, human oversight and transparency in generative AI content.

The three requirements for entering the AI Pact-covering technical, ethical, and legal aspects-are, in themselves, already the basis of AI Act compliance for all companies. In particular, it is essential to map the artificial intelligence systems that are being used to see if they fall into those that are unacceptable or risky under the AI Act and to do training for staff on the ethical and safe use of AI, a requirement that will go into effect as early as February 2025. Cisco’s AI Readiness Index, in which business leaders, including CIOs, in the EU were surveyed, reveals that only 9% of companies feel ready about AI talent (compared to 24% worldwide): Training is critical.

“The AI Pact is a support for us as well, to help with compliance, as well as an opportunity to show the outside world how we are moving on responsible AI,” says Cisco’s Quattrocchi. “In addition, the AI Pact is a network between companies to exchange ideas, and that is also useful. Already we have held workshops to talk about ongoing activities and met with representatives of the AI Office to clarify what the EU expects from the implementation of the AI Act.”

The experience of signatory companies

The Adecco Group joined the AI Pact more than a year ago now, with a global initiative spearheaded by the Zurich-based parent company.

“We joined the pact right away because Adecco is an early adopter: Tthe HR and staffing sector is very impacted by AI,” says Proietti. “We created a Responsible AI Team to promote, precisely, the culture of responsible AI in the company with training and informative actions, to make people understand what the AI Act was and make them aware of what it means to use AI responsibly.”

This initiative had an impact not only on the teams working on the AI that is implemented in Adecco products, but also on all the people who use AI applications daily in their work. Adecco has mapped all internal use cases based on the level of risk, just as outlined in the AI Act, to make sure it is not pursuing activities with unacceptable risk.

“We don’t want to prevent the use of AI, but to create global governance that is reflected across countries, flagging applications that are provided by the company and those that are not,” Proietti says. “On this basis we chose to join the AI Pact, which gives guidelines and helps understand the rules of law.”

Overcoming compliance challenges

According to Quattrocchi, the most complex part of the AI Act is the timing. The law has been in effect since August and imposes a series of deadlines that will follow: by February of this year, prohibited uses must be abolished; by August, the General Purpose LLM rules will be effective; and by August 2026, almost all provisions will be implemented.

“Two years for an effective compliance system is not a long time,” Quattrocchi stresses. “That’s why we need mechanisms like the AI Pact that acts as a regulatory sandbox: a test bed of how the law works.”

The structure of the AI Act is not detailed on vertical industry sectors, the manager points out. Therefore, the European Commission, through the AI Office, will create guidance documents to provide further certainty, especially with regard to high-risk products. An AI Act challenge for companies is also to have an internal team to relate to horizontal and vertical supervisors, and the AI Pact hopes to create a good network among companies and between them and the EU AI Office.

“It will have to be done by mid-2026, which is a tight timeframe, but Cisco only sees benefits to being part of the AI Pact,” Quattrocchi points out. “We are in favor of AI regulations as well as regulatory simplification, also recommended by the Draghi Report, and the effective execution of the AI Act and any new AI regulatory instruments.”

Engineering’s Valentini also sees the need to govern AI and find a common thread in the complexity of the European AI regulatory framework. So many rules involve a long process for compliance that absorbs resources while technological evolution and innovation needs run fast. Another potentially critical issue is integration with any future national AI laws, which will need to be consistent with the EU Regulation. But the positive scope of artificial intelligence is not in question.

“It is a great opportunity for innovation,” says Valentini. “It needs to be regulated intelligently, with the person at the center and all safeguards in place to avert impacts on people’s fundamental rights, but the opportunities are huge and it is important that we can continue to innovate.”

New tasks for the CIO

AI Act compliance certainly involves the CIO, who must coordinate with colleagues in Legal, Government Relations, and HR (for training activities), as well as with oversight bodies.

“The CIO needs to understand where the post-market scrutiny lies. The law is both horizontal and vertical, forces a lot of synergies, and also takes into account the fact that artificial intelligence is complex and constantly evolving,” Quattrocchi points out. “For example, LLMs in the enterprise are modified through training and fine-tuning, and CIOs will have to make sure they always remain compliant both with respect to what the vendor provides and to their customers or users. The CIO is important as a liaison between the various business departments when AI products have to be purchased.”

For Valentini, it is important that, within companies, AI governance is set up, providing for a dedicated AI and compliance team involving cybersecurity, the CIO and other departments such as legal.

“We are doing that,” he says, “and we are also training our employees to create awareness of what the AI Act is and how it impacts their work. I think this is also an essential task for all companies.”

In addition to holding the webinars, the European Commission will invite AI Pact participants to report on their progress on the path to AI Act compliance 12 months after the commitments are published. However, many of the signatories stress the need for the EU “machine” to move quickly by streamlining the steps, as this will give concrete effectiveness to the Pact.

“The AI Pact is working by organizing meetings with the signatories and the AI Office: we will discuss the provisions with the Commission and we hope that compliance will be simplified. For example, given a certain end or result prescribed by the AI Act, the system by which a company will be able to achieve it should be as straightforward and as less ‘bureaucratic’ as possible,” says Valentini. “Now we hope that the Commission will accelerate the pace on the AI Pact work. Certainly the initiative is attracting a lot of interest and new adherents.”

The signatories are convinced: if the European Commission does a good job with the AI Pact, best practices can be created that will set an example for other companies and give everyone guidelines to make AI Act compliance less complex.