The European Union’s AI Act, effective from 1 August 2024 across all 27 member states, establishes a comprehensive regulatory framework for artificial intelligence applications within the EU. The Act categorizes AI systems according to their potential to cause harm: systems deemed to create unacceptable risk are prohibited, while high-risk applications are subject to rigorous rules designed to secure transparency, safety, and accountability.
We recently interviewed Gavin Stewart, Vice President for Sales at telecoms software company Oculeus, to discuss how the AI Act affects communications service providers in the EU and how it shapes strategies to prevent telecoms fraud.
What service providers and network operators need to know
Stewart explains that the AI Act impacts every telecoms service provider operating in the region. Although the legislation allows a 24-month compliance period for many measures, several obligations come into force as early as February 2025, leaving operators with limited time to implement necessary changes. “Operators have only a few months to interpret the regulation, convert it into practical tasks and implement the changes required to be compliant,” he notes.
At its core, the AI Act expands consumer rights and directly governs what organisations can and cannot do with AI, and how they must do it. Complying with the Act is expected to require substantial adjustments to organisational processes and technology stacks, Stewart adds.
He also believes the AI Act will likely follow the precedent set by the GDPR and become a model for AI regulation internationally, prompting telecom operators beyond the EU to adopt comparable frameworks.
Given these developments, establishing robust governance and compliance practices is a priority for telecoms organisations. The Act required member states to identify national authorities responsible for rights protection by November 2024, which highlights the speed of implementation. Within many telecom companies, AI governance functions are still taking shape and often lack a single, clearly defined owner. Stewart expects governance to evolve into a collaborative function spanning IT, technology teams, policy management and Corporate Social Responsibility (CSR), because AI governance is broader than legal compliance and includes emerging best practices around ethics and risk management. “Governance itself is evolving as rapid AI advancements present new challenges that IT governance professionals must recognise and address,” he said.
Implications for preventing telecoms fraud
AI is a double-edged sword for the telecoms industry: fraudsters increasingly leverage AI to conduct sophisticated attacks, just as operators use AI to detect and prevent fraud. Advanced AI tools have made it easier for criminals to evade traditional pattern-based detection systems, which are struggling to keep pace. When operators fail to identify or block fraudulent activity, they can face significant financial penalties and legal consequences.
A notable example involved a deepfake robocall in the United States that mimicked President Joe Biden; the telecom provider that unknowingly transmitted those calls was fined $1 million. Incidents like this underline the need for state-of-the-art strategies to detect and block AI-driven scams on carrier networks.
The EU AI Act strengthens consumer protections by giving citizens the right to file complaints about AI systems and to request explanations for AI-driven decisions. In both situations, organisations must maintain clear, auditable trails that demonstrate compliance; invoking “AI made me do it” is not an acceptable defence. Practically, this affects software and systems that use AI or other automated decision-making tools. Since automated decision processes are already regulated under GDPR, telecom operators face substantial compliance complexity ahead.
Oculeus’ AI-powered telecom fraud protection strategy
Stewart highlights that anti-fraud providers like Oculeus rely on AI to detect subtle patterns across massive data sets—patterns that humans would miss or that would require excessive time to uncover. “AI excels at recognising very subtle patterns in very large data sets,” he said. Given how quickly telecom fraud evolves, AI is essential to “see the unseen.”
Oculeus applies AI to call metadata to reveal emerging fraudulent behaviors, which can involve different parties such as subscribers, B2B customers, business partners, and a network of interconnect and wholesale providers that route call traffic across multiple networks.
Their approach evaluates traffic on three levels: monitoring overall traffic behavior to identify unusual shifts, assessing individual calls for fraud risk based on established patterns, and flagging incidents that haven’t crossed a fraud threshold but show suspicious attributes for further investigation. According to Stewart, this multi-layered method enables Oculeus customers to detect and block more fraud more quickly.
Oculeus has integrated AI into its anti-fraud products to support risk evaluation and case validation in alignment with the EU AI Act. The company’s technologies embed AI governance principles—generating transparent audit trails, documenting decisions and maintaining essential human oversight. “This way, we already provide customers with tools that help meet the compliance requirements introduced by the AI Act,” Stewart said.