The European AI Act, adopted by the European Parliament on March 13, 2024, and published in the Official Journal of the EU on July 12, 2024, restructures product development cycles far beyond what most trend analyses describe. The prohibited practices (social scoring, real-time biometric identification in public spaces) apply six months after the regulation comes into force. Obligations related to high-risk systems take effect in 24 months.
We are already seeing adjustments among SaaS solution providers who anticipate the classification of their models.
You may also like : The latest high-tech trends not to miss for technology enthusiasts
AI Act: Concrete Obligations for General-Purpose Model Providers
The regulation distinguishes high-risk AI systems from general-purpose models (GPAI). For the latter, providers must document training datasets, publish a detailed summary of the content used, and comply with copyright directives. Models presenting systemic risk (based on training computational power criteria) are subject to enhanced obligations: adversarial testing, notification of serious incidents, cybersecurity assessment.
This framework imposes a change in posture for product teams. Compliance is no longer managed at the end of the pipeline but from the data collection phase. Legal departments, previously little involved in the ML cycle, become stakeholders in technical design.
You may also like : The Latest Trends in Industrial Maintenance Technology
We recommend following tech articles on Atypique Info to understand how these obligations translate into various sectors.
French National Strategy for Generative AI: Sobriety and Open Models
France published its national strategy for generative AI in March 2024, centered around three axes: model security, reduction of the environmental footprint of AI infrastructures, and development of large open Francophone models.
The sobriety aspect contrasts with the prevailing discourse on the race for power. Support for open source aims to reduce dependence on American foundation model providers. The project “Le Grand Défi: Trustworthy AI” funds research on lighter and more transparent architectures.
The requirement for supplier transparency, included in this strategy, anticipates the provisions of the AI Act regarding GPAI models. French companies developing or integrating generative AI face a dual framework: national (strategy) and European (regulation). Ignoring either exposes them to costly repositioning within 12-18 months.
Intellectual Property and Training Data
The issue of intellectual property of training data remains the main point of friction. The French strategy emphasizes respect for copyright, echoing the AI Act, which requires a summary of protected content used for training. Content publishers and rights holders now have a regulatory lever to contest unauthorized use of their productions.
For companies training models on proprietary corpuses, data traceability becomes a full-fledged technical constraint. Data pipelines must integrate provenance metadata, which alters the architecture of existing data lakes.
Post-Quantum Cybersecurity: Ongoing Cryptographic Migration
The quantum threat to current cryptographic systems has moved beyond theoretical realms. Security agencies recommend initiating the migration to quantum-resistant algorithms now. The concept of “harvest now, decrypt later” (collecting encrypted data today to decrypt when a quantum computer becomes available) makes this migration urgent for sectors handling long-lived data: health, defense, financial services.
- Comprehensive Cryptographic Inventory: map all algorithms used in production systems, including transitive dependencies in third-party libraries
- Prioritization by data sensitivity: flows containing personal or classified data migrate first, followed by internal systems of lesser criticality
- Interoperability Testing: new post-quantum algorithms generate larger keys and signatures, which may break network protocols calibrated for current sizes
- Hybrid Transition Plan: temporarily deploy dual encryption (classical + post-quantum) to ensure backward compatibility during migration
This transition is not just a library change. It affects TLS certificates, VPNs, electronic signatures, and public key infrastructures. Companies that delay this audit expose themselves to technical debt that is difficult to resolve under time constraints.
Industrial Cloud and Sectoral Platforms: Beyond Generic IaaS
Hyperscalers now offer sector-specific cloud platforms (health, manufacturing, finance). These offerings include pre-structured data models, native business connectors, and sector-specific regulatory certifications. The benefit for companies lies in reduced integration time and “by design” compliance.
We observe that this verticalization changes the power dynamics between IT departments and business units. Business units gain access to ready-to-use technological components, reducing dependence on internal infrastructure teams. The role of the IT department evolves towards governance, platform arbitration, and management of vendor lock-in risks.
Lock-in Risk and Multi-Cloud Strategy
Adopting a sector cloud means accepting a strong coupling with a proprietary ecosystem. Data and workflow portability remains limited between competing platforms. Organizations investing heavily in a vertical platform must negotiate upfront the reversibility clauses and document export formats.
Multi-cloud, often presented as the solution, generates its own costs: duplication of skills, network complexity, increased attack surfaces in cybersecurity. The choice between integrated sector cloud and multi-cloud architecture depends on the maturity level of each organization’s IT governance.
Technological trends in 2024 are not limited to the adoption of generative AI. The European regulatory framework, the French strategy on open models, post-quantum cryptographic migration, and cloud verticalization are reshaping the priorities of technical departments. Companies that treat these issues as imposed constraints, rather than as differentiation levers, accumulate structural delays that are difficult to catch up on.