EU AI Act: What if the EU is Oceans Away?
Why Asian Businesses Need to Pay Attention
The European Union's AI Act is poised to become the global standard in regulating the inevitable and powerful wave of AI systems now driving the world economy. While it may seem distant to most, the implications of the EU AI Act extend far beyond Europe, affecting companies worldwide, including in Asia.
Businesses in North America and other regions have their own complex series of regulatory initiatives to keep their eyes on. Broadly speaking, however, Asian jurisdictions watch North America for potential actions and the EU for defensive reactions.
This article explores why Asian businesses should be considering defensive reactions related to AI right now. At the least, for many businesses the thresholds have been breached for beginning investment in understanding EU AI Act compliance. The best time to act will be in the period of relative calm in parallel with the EU’s own deadlines, regardless of whether entering the EU market is on the horizon.
The Lagging State of AI Regulation in Asia
AI regulation in Asia is, generally, in a wait-and-see posture in terms of consumer protection and large AI model transparency.
This is in parallel to some diverse AI regulatory activity in other areas, shaped by each country's unique priorities and regulatory philosophies. For example, in China, AI regulation is marked by high compliance thresholds emphasizing stringent security-based regulations designed to safeguard national security and data integrity. Japan adopts a more balanced approach with moderate compliance thresholds, combining robust data protection laws with voluntary guidelines to foster innovation while ensuring safety in traditional non-AI areas of concern. Singapore, on the other hand, offers a more flexible regulatory environment with lower compliance thresholds, promoting a more open market for AI development.
This variability in Asia hides a lack of consumer protection initiatives related to AI. At the first signs of widespread AI integration and the resulting potential for consumer harm, the emerging global standards set by frameworks like the EU AI Act appear likely to fill this void.
The ground reality is that massive and transformative widespread AI integration into almost all business areas is now near and inevitable. Workers are globally taking on the gains of AI privately (as “secret cyborgs”) and it’s only a matter of time before management and governments around the world shake off their AI fatigue and begin the rush to catch up.
The EU AI Act: Basic Scope, Timelines, and Implications
As a reminder, the Act is a comprehensive regulatory framework designed to address the risks associated with AI systems. Unlike the GDPR, which focused primarily on data and data privacy, the AI Act covers a broad range of subjects and issues, including potentially all products and services in the economy and the transparency, accountability, and ethical considerations of AI systems. The Act categorizes AI systems into different risk levels—prohibited, high-risk, limited risk, and general-purpose—and businesses into different roles—provider, deployer, importer, distributor, and authorized representative. Each category and role are subject to specific obligations and restrictions.
Obligations surrounding prohibited, and general-purpose AI systems go into effect in 2025 and deserve significant attention from Asian businesses that may fall into those categories. However, those businesses are relatively few.
Most Asian businesses will be concerned with the regulations on the “providers” of “limited” and “high-risk” AI systems. The primary benefits, for those outside the EU, will be either to use the rules in these categories as guidance to design their own safety audits or as guidance to how to strategically remain in the limited risk category and avoid falling into the high-risk category at all.
Obligations for limited and high-risk AI systems come into effect in August of 2026 and 2027, and businesses should note where their products or services most closely overlap.
The August 2026 deadline for “high risk systems” under Annex III covers broad areas of biometrics, critical infrastructure, education and vocational training, employment and workers management, access to essential services, law enforcement, migration and border control, administration of justice. The August 2027 deadline for other “high risk systems” (or the safety components included the products) under Annex I: machinery, toys, recreational craft, elevators, explosive atmosphere equipment, radios, pressure equipment, cableway installations, protective equipment, gas appliances, medical devices, in vitro diagnostic devices; aviation security, two- or three-wheel vehicles, agricultural and forestry vehicles, marine equipment, rail interoperability equipment, motor vehicles and trailers, and civil aviation
Understanding Business Thresholds for Considering Pre-Emptive AI Compliance
In short, we are discussing the business thresholds that are the tipping points that compel a company to invest in regulatory compliance, even in the absence of immediate legal obligations. There are three main ones for Asian firms evaluating their engagement with the EU AI Act:
Specific Market Engagement: The first threshold is the simplest: whether a company is operating in (or has products or services in) the EU market or plans to expand into regions with converging regulatory standards. Note that the EU AI Act's influence may extend to directly into areas with similar regulatory aspirations, such as Turkey and South America, making early compliance a strategic move for companies in those regions looking to avoid future disruptions.
Products and Sectoral Reputation and Trust: The second threshold involves the rate at which a company’s product offerings and the sectors in which it operates are adopting and integrating AI. If an industry is now or soon-to-be consumed with AI-related safety issues, early investment in the most structured and strict compliance regime is the best move.
For instance, sectors such as healthcare, finance, and the automotive industry are experiencing rapid AI adoption, which could increase regulatory scrutiny in any jurisdiction, leveraging existing regulations to capture AI risks. Evaluating how products align with the EU's definitions of “high-risk” AI systems can help determine whether immediate compliance efforts may be helpful.
Long-Term Future-Proofing and Strategic Positioning: The final threshold focuses on a company’s strategic positioning for the future. As AI technology continues to evolve, so will the legal frameworks governing its use. Companies need to anticipate these changes and position themselves to adapt quickly. This might involve investing in robust compliance frameworks that can evolve with regulatory updates or establishing partnerships that enhance their AI governance capabilities. Given the global trend towards more AI and stricter AI regulations, aligning with the EU AI Act can serve as a benchmark for advanced compliance and foster trust and reputation with customers and regulators at home.
While it may seem like a distant concern for Asian businesses, AI’s compliance impact is likely to reach all shores. By understanding the thresholds for AI compliance and strategic positioning for the future, we can dodge the risks and be ready for neighboring opportunities.