Malaysia is poised to generate as much as US$113.4 billion in productive capacity – a quarter of the country’s 2023 gross domestic product – through the adoption of generative artificial intelligence (AI). This promising outlook has spurred the government to introduce various initiatives, including AI upskilling courses such as the AI untuk Rakyat self-learning online program, in an endeavor to propel the nation towards achieving high-income status.

But alongside the exciting prospects of technological advancement, there are inherent risks. The implementation of robust guardrails and legislation becomes paramount to address emerging risks associated with AI – a priority that is already prominently featured on the government's agenda.

Blazing this trail is the European Parliament, Council and Commission, which recently reached a provisional agreement on the groundbreaking EU AI Act. This Act is expected to set a new global standard for AI regulation and is slated to become law in 2024, with most AI systems needing to comply by 2026.

The AI Act takes a risk-based approach to safeguard fundamental rights, democracy, the rule of law, and environmental sustainability. It aims to strike a balance between fostering AI adoption and upholding individuals' rights to responsible, ethical and trustworthy AI use.

Download PDF

Decoding the EU AI Act

Discover the potential impact of the AI Act to your organization.



Download PDF (1.8 MB) ⤓



EU AI Act Overview


AI holds immense promise to expand the horizon of what is achievable and to impact the world for our benefit — but managing AI’s risks and potential known and unknown negative consequences will be critical. The AI Act is set to be finalized in 2024 and aims to ensure that AI systems are safe, respect fundamental rights, foster AI investment, improve governance, and encourage a harmonized single EU market for AI.




The AI Act's definition of AI is anticipated to be broad and include various technologies and systems. As a result, organizations are likely to be significantly impacted by the AI Act. Most of the obligations are expected to take effect in early 2026. However, prohibited AI systems will have to be phased out six months after the AI Act comes into force. The rules for governing general-purpose AI are expected to apply in early 2025.1




The AI Act applies a risk-based approach, dividing AI systems into different risk levels: unacceptable, high, limited and minimal risk.2


High-risk AI systems are permitted but subject to the most stringent obligations. These obligations will affect not only users but also so-called ‘providers’ of AI systems. The term ‘provider’ in the AI Act covers developing bodies of AI systems, including organizations that develop AI systems for strictly internal use. It is important to know that an organization can be both a user and a provider.


Providers will likely need to ensure compliance with strict standards concerning risk management, data quality, transparency, human oversight, and robustness.


Users are responsible for operating these AI systems within the AI Act’s legal boundaries and according to the provider's specific instructions. This includes obligations on the intended purpose and use cases, data handling, human oversight and monitoring.




New provisions have been added to address the recent advancements in general-purpose AI (GPAI) models, including large generative AI models.3 These models can be used for a variety of tasks and can be integrated into a large number of AI systems, including high-risk systems, and are increasingly becoming the basis for many AI systems in the EU. To account for the wide range of tasks AI systems can accomplish and the rapid expansion of their capabilities, it was agreed that GPAI systems, and the models they are based on, may have to adhere to transparency requirements. Additionally, high-impact GPAI models, which possess advanced complexity, capabilities, and performance, will face more stringent obligations. This approach will help mitigate systemic risks that may arise due to these models' widespread use.4




Existing Union laws, for example, on personal data, product safety, consumer protection, social policy, and national labor law and practice, continue to apply, as well as Union sectoral legislative acts relating to product safety. Compliance with the AI Act will not relieve organizations from their pre-existing legal obligations in these areas.




Organizations should take the time to create a map of the AI systems they develop and use and categorize their risk levels as defined in the AI Act. If any of their AI systems fall into the limited, high or unacceptable risk category, they will need to assess the AI Act’s impact on their organization. It is imperative to understand this impact — and how to respond — as soon as possible.


Connect with us: