Europe spent two years debating the AI Act, but the harder work is just beginning. The focus has shifted from creating the framework to actually putting it into practice across the European Union. This transition from policy on paper to governance in action is raising new questions about how countries will coordinate, how companies will comply, and whether innovation can thrive under strict rules .

What Does It Mean to Move From Framework to Implementation?

The EU AI Act (European Union Artificial Intelligence Act) represents the world's first comprehensive AI regulation. For two years, policymakers debated what the rules should be. Now, the conversation has shifted to the practical side: how do you actually enforce these rules across 27 member states? How do you ensure companies comply? And how do you do all this without stifling the innovation Europe needs to compete globally .

A major discussion on this transition took place in Brussels on March 19th, bringing together European institutions, national authorities, and industry representatives. The event, organized by Greece's Special Secretariat for AI and Data Governance, explored what implementation looks like in practice. Key topics included coordination between national authorities and EU-level actors, the practical challenges of operationalizing the AI Act, balancing innovation with effective safeguards, and emerging issues such as deepfakes and trust in the information space .

"Strengthening the adoption of AI by SMEs, industry, and the public sector is a key national priority within our national AI strategy. To that end, Greece is actively participating in European initiatives such as the European Digital Innovation Hubs (EDIH), as well as AI Factories, including the Greek AI Factory 'Pharos'. Today's discussion is therefore particularly significant, as the challenge is no longer only to develop AI, but to develop trustworthy AI," stated Vangelis Karkaletsis, Director and Chairman of the Board of NCSR Demokritos.

Vangelis Karkaletsis, Director and Chairman of the Board of NCSR Demokritos

Why Is Trustworthy AI More Than Just Compliance?

One of the central themes emerging from the Brussels discussion is that trustworthy AI should not be viewed merely as a checkbox for regulatory compliance. Instead, experts are framing it as a system of quality governance with values engineered at its core. This approach enables innovation to scale while maintaining accountability and alignment with societal values .

This distinction matters because it changes how companies approach AI development. Rather than building systems first and then adding safeguards to meet regulations, the new model suggests building trust and accountability into the design process from the beginning. This can actually make systems more robust and more likely to gain public acceptance.

Steps to Implement Trustworthy AI in Your Organization

• Align governance with innovation goals: Rather than treating AI regulation as a constraint, integrate governance principles into your innovation strategy from the start, ensuring that compliance and development move forward together.
• Strengthen institutional capacity: Build internal teams and expertise to understand and implement the AI Act's requirements, including risk assessment, documentation, and monitoring processes.
• Coordinate across jurisdictions: If your organization operates across multiple EU member states, establish clear communication channels with national authorities to ensure consistent implementation of the AI Act.
• Engineer values into systems: Design AI systems with transparency, accountability, and fairness built into the core architecture, rather than treating these as add-ons after development.
• Participate in innovation hubs: Engage with initiatives like European Digital Innovation Hubs (EDIH) and AI Factories to access resources, guidance, and peer learning on implementing trustworthy AI practices.

What Challenges Are Regulators and Companies Facing?

The shift from framework to implementation reveals several practical challenges. One major issue is coordination between national authorities and EU-level actors. The AI Act creates rules at the EU level, but enforcement and interpretation will happen at the national level. This means different countries may interpret requirements differently, creating confusion for companies operating across borders .

Another challenge is balancing innovation with safeguards. The EU wants to remain competitive in AI development, but it also wants to ensure that AI systems are safe, fair, and trustworthy. This tension is particularly acute for small and medium-sized enterprises (SMEs), which may lack the resources to navigate complex compliance requirements while still innovating .

Emerging issues also complicate implementation. Deepfakes and misinformation represent new risks that the AI Act must address, but these technologies are evolving faster than regulations can keep up. This means regulators and companies must remain flexible and adaptive as new challenges emerge .

The Brussels discussion brought together participants from Cyprus, Ireland, Italy, Lithuania, and Austria, as well as the EU AI Office, indicating that this is a coordinated, multi-country effort. The diversity of perspectives suggests that implementation will require ongoing dialogue and collaboration across the EU .

How Does This Affect SMEs and Industry?

For smaller companies and startups, the shift to implementation is particularly significant. SMEs often lack the dedicated compliance teams that large tech companies have. The focus on trustworthy AI and institutional capacity building suggests that support mechanisms, like AI Factories and Digital Innovation Hubs, will be critical for helping smaller organizations navigate the new regulatory landscape .

The Greek AI Factory "Pharos" is one example of how countries are preparing for implementation. These facilities are designed to help companies, researchers, and public sector organizations understand and adopt AI in ways that align with the AI Act's requirements. By providing resources, training, and peer networks, these hubs aim to democratize access to knowledge about trustworthy AI development .

The broader implication is that AI governance is not a policy exercise in isolation. It has direct implications for how research is conducted, how systems are developed, and how trust is built across the entire AI ecosystem. Companies that begin aligning their practices with trustworthy AI principles now will likely find the transition to full compliance smoother and less disruptive than those that wait until enforcement becomes strict .