Article 102 — Amendments to Regulation (EU) No 300/2008 (EU AI Act)

Article 102 of Regulation (EU) 2024/1689 — Amendments to Regulation (EU) No 300/2008. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 102 of Regulation (EU) 2024/1689 (the EU AI Act) falls under Title XIII — Final Provisions and addresses amendments to Regulation (EU) No 300/2008 of the European Parliament and of the Council, which establishes common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002.

The amendment introduces a cross-reference mechanism within Regulation (EU) No 300/2008 to acknowledge and accommodate the application of the EU AI Act to AI systems used in the civil aviation security domain. Specifically, Article 102 ensures that where AI systems are deployed as part of civil aviation security measures — including automated screening, threat detection, and identity verification technologies — these systems remain subject to the applicable provisions of Regulation (EU) 2024/1689 in addition to the existing civil aviation security framework.

The amendment is a legislative coordination measure. It does not repeal or substantively alter the core obligations under Regulation (EU) No 300/2008 but instead ensures regulatory coherence between the two instruments, preventing a gap or conflict in the applicable legal framework when AI-enabled technologies are introduced into civil aviation security operations. This reflects the EU legislator's broader approach across Title XIII of the AI Act, which systematically updates pre-existing sector-specific regulations to integrate the new horizontal AI governance layer introduced by Regulation (EU) 2024/1689.

What This Means in Practice

For organisations operating in the civil aviation security sector, Article 102 signals that AI systems deployed in security screening contexts cannot be governed solely by Regulation (EU) No 300/2008 and its implementing acts. They must simultaneously satisfy the requirements of the EU AI Act, particularly where those systems qualify as high-risk AI systems under Annex III of Regulation (EU) 2024/1689.

AI-enabled technologies commonly used in civil aviation security — such as automated explosive detection systems, biometric passenger verification tools, behavioural analysis software, or AI-driven threat assessment platforms at checkpoints — are likely to fall within the high-risk category given their safety-critical function and the potential impact on fundamental rights. Operators and manufacturers of such systems must therefore comply with the full high-risk AI system obligations under Title III of the EU AI Act, including conformity assessment procedures, registration in the EU database, technical documentation, human oversight mechanisms, and transparency obligations.

For competent authorities responsible for civil aviation security standards — typically national aviation authorities and bodies designated under Regulation (EU) No 300/2008 — Article 102 means that their oversight frameworks must now account for AI Act compliance as an additional layer of verification when certifying or approving security technologies. Procurement authorities and airport operators should update their vendor due diligence processes to require evidence of EU AI Act conformity alongside existing civil aviation security certifications.

Concretely, an airport operator deploying an AI-powered automated baggage screening system must ensure the supplier has conducted an appropriate conformity assessment, maintains a technical file, and has registered the system in the EU AI Act database — on top of any ECAC or national approval requirements.

Key Obligations

• Dual-framework compliance: AI systems used in civil aviation security must comply with both Regulation (EU) No 300/2008 and the applicable provisions of the EU AI Act simultaneously — neither instrument alone is sufficient.
• High-risk classification review: Organisations must assess whether their civil aviation security AI systems meet the high-risk criteria under Annex III of the EU AI Act, given the safety-critical and rights-impacting nature of aviation security operations.
• Conformity assessment: Manufacturers of AI systems within scope must complete the required conformity assessment procedures under Article 43 of the EU AI Act before placing systems on the market or putting them into service in civil aviation security contexts.
• Technical documentation and registration: Providers must maintain up-to-date technical documentation (Article 11) and register high-risk AI systems in the EU database established under Article 71 of the EU AI Act.
• Human oversight integration: Deployers must implement appropriate human oversight measures as required by Article 14 of the EU AI Act, integrated into civil aviation security operational procedures governed by Regulation (EU) No 300/2008.
• Competent authority coordination: National authorities responsible for civil aviation security should establish coordination mechanisms between AI Act market surveillance authorities and existing aviation security oversight bodies to ensure coherent enforcement.

Relationship to Other Articles

Article 102 is part of a cluster of final-provision amendment articles in Title XIII (Articles 97–109) that systematically update existing EU sector regulations to integrate the AI Act's horizontal framework. It should be read alongside Article 6 and Annex III (high-risk AI system classification), Article 43 (conformity assessment procedures), and Article 71 (EU database for high-risk AI systems), which define the substantive obligations triggered for systems falling within its scope.

Article 102 also connects to Article 26 (obligations of deployers of high-risk AI systems) and Article 14 (human oversight), which will govern the operational use of AI systems in aviation security screening environments. The recitals of Regulation (EU) 2024/1689 — particularly those addressing safety-critical sectors and fundamental rights safeguards — provide interpretive context for understanding why civil aviation security AI is treated with heightened regulatory attention. For cross-border aviation operations, Article 102 must be read in conjunction with the market surveillance and enforcement coordination provisions under Articles 74–77 of the EU AI Act.

Compliance Timeline

Article 102 entered into force on 1 August 2024, twenty days after the publication of Regulation (EU) 2024/1689 in the Official Journal of the European Union on 12 July 2024.

The phased application schedule of the EU AI Act determines when the substantive obligations triggered by Article 102 become enforceable in practice:

• 2 February 2025 — Prohibited AI practices (Article 5) became applicable. Civil aviation security systems must not employ AI approaches prohibited under this provision.
• 2 August 2025 — GPAI model obligations and governance provisions became applicable. General-purpose AI components integrated into civil aviation security systems fall under the GPAI framework from this date.
• 2 August 2026 — High-risk AI system obligations under Title III become fully applicable for most systems, including those used in civil aviation security screening. This is the primary compliance deadline for manufacturers and deployers of AI-enabled detection and screening technologies.
• 2 August 2027 — Extended deadline for high-risk AI systems that are components of large-scale EU IT systems listed in Annex X. Operators should verify whether any of their civil aviation security AI systems fall within this extended timeline.

Organisations should treat August 2026 as their primary target date for achieving full EU AI Act compliance for civil aviation security AI systems, and should begin conformity assessment processes and technical documentation preparation well in advance.