Europe’s New AI Act and Its Implications for Turkey

(My article, published in Inc. Türkiye)

In August 2024, the European Union enacted the Artificial Intelligence Act (EU AI Act), which will come into force in 2026. For technology companies, this is not just a new regulation - it represents a turning point that changes the rules of the game. Even before its implementation, the law has already created a broad impact both in the public and business spheres by being the first to clearly and bindingly define the boundaries of artificial intelligence.

What makes this law even more significant is that it does not only apply within the borders of the European Union. On the contrary, it concerns all companies that offer digital products or services to the European market - regardless of their geographical location. For companies in countries like Turkey, which have strong trade ties with Europe, this represents both a warning and an opportunity.

What the Regulation Brings

Proposed by the European Commission in 2021 and enacted in August 2024, the EU AI Act is the first comprehensive regulation on artificial intelligence. The law classifies AI systems based on the level of risk they pose and imposes different obligations according to these risk levels.

Systems deemed to pose unacceptable risk, such as applications that score citizens using social credit systems, are banned. High-risk systems include AI used in vital areas such as healthcare, transportation, or justice. These systems are subject to strict audit, testing, and transparency criteria. While user notification is considered sufficient for limited-risk systems, minimal-risk systems are not subject to any regulation.

The obligations introduced by the law are particularly extensive for AI systems categorized as “high-risk.” Developers and users must accurately assess which category their systems fall into. For systems in this category, the following requirements apply:

• The quality of the data used must be high and free from bias,

• Documentation explaining how the model works must be prepared,

• Human oversight must be present during system operation,

• Records of potential errors or damages must be kept.

Additionally, special regulations are included for general-purpose AI systems such as ChatGPT. Developers of such systems are required to disclose the datasets used for training, assess security risks, and clearly state usage limitations.

The law also includes severe penalties for non-compliance. These penalties include fines of up to €30 million or up to 6% of the company’s global revenue. Such a penalty level could put even large-scale companies in difficulty. More importantly, AI systems found to be illegal may be completely banned from the European market.

Why Should Companies in Turkey Care About This Law?

Perhaps the most striking aspect of the EU AI Act is that it applies not only to companies operating within the European Union but to all companies offering products or services to Europe. Therefore, an AI application developed in Turkey also falls under this regulation if it is offered to users in Europe.

This could have serious consequences for Turkish tech companies that export software and services to Europe or provide AI-based solutions to EU-based customers. Companies operating in many sectors, from health technologies to finance, from human resources to education, may face serious technical and legal obligations depending on the risk category of their products.

While the EU AI Act introduces new compliance costs for Turkish companies, it also opens new doors of opportunity. Companies that develop ethical and secure AI products in compliance with the European market can gain a competitive advantage in this market. Being prepared for the regulation can allow Turkish companies to compete on equal footing with major players in Europe, especially in highly regulated sectors (finance, healthcare, education, etc.).

Additionally, this law could give rise to a new business ecosystem in Turkey in areas such as AI ethics, data security and auditing, model testing services, and regulatory compliance consulting. Technology consulting firms could prepare “AI compliance packages” for exporters to Europe.

How Will the Process Work?

The law’s implementation process will progress gradually. The complete ban on systems posing unacceptable risk will be implemented immediately, while companies using high-risk systems will need to fully comply by 2026. For general-purpose AI systems, the deadline is expected to be 2025.

Therefore, it is critical that Turkish companies begin preparations now. The following steps are particularly important:

• Conducting risk analyses of their developed systems,

• Identifying systems that fall into the high-risk category and creating a roadmap,

• Planning the necessary resources for technical, legal, and data management processes.

Thanks to its customs union and trade relations with the European Union, Turkey holds an advantageous position in the digital economy. However, for this partnership to remain sustainable in the future, Turkish companies must not only produce quality products but also provide ethical, secure, and transparent digital solutions.

The EU AI Act may serve as a milestone in this transformation. The compliance obligation brought by the regulation could be the key for companies to become more sustainable, more trustworthy, and globally competitive players. In the age of artificial intelligence, competition will be won not only through the power of algorithms but also through trust.

Mustafa İÇİL