Iubenda logo
Start generating

Documentation

Table of Contents

A Detailed Look at the EU AI Act

The EU AI Act has been agreed upon by the European Parliament and the European Council, marking a pivotal moment in the governance of Artificial Intelligence (AI) within Europe. 

The EU AI Act serves as a cornerstone in shaping the future of AI, ensuring that its development and deployment align with the core values of safety, ethics, and transparency across the European Union. Learn more about it below 👇

🚨 Update: Publication in the Official Journal

On July 12, 2024, the European AI Act was published in the Official Journal of the European Union. The Act will gradually come into force starting from August 1, 2024, and will be fully applicable on August 2, 2026. Key dates to note include:

February 2, 2025: Ban on AI systems deemed to pose an unacceptable risk (e.g., social scoring systems, biometric categorization, facial recognition databases, emotion recognition systems).

August 2, 2025: Provisions regulating general-purpose AI systems.

August 2, 2026: Full applicability to high-risk AI systems designated in Annex III, such as those used in recruiting, managing staff, biometrics, and access to services.

August 2, 2027: Applicability to high-risk systems categorized under Annex I, including medical devices, machinery, radio equipment, toys, and motor and agricultural vehicles.

Additionally, the European Commission has established the European AI Office to be the center of AI expertise across the EU. It will play a key role in implementing the AI Act, fostering the development and use of trustworthy AI, and promoting international cooperation.

Historical Context of the AI Act

The road to the EU AI Act has been a journey marked by significant milestones in the world of AI. This journey began as AI technologies started permeating every aspect of our lives, from healthcare to transportation. The EU’s response to these advancements was initially in the form of guidelines and recommendations, but the growing influence of AI called for more robust governance. 

The AI Act is a response to this need, emerging from a background of thoughtful deliberation and previous directives that sought to balance innovation with ethical considerations.

What is the new AI regulation in the EU?

The new artificial intelligence (AI) regulation in the EU, known as the AI Act, is a groundbreaking law that sets rules for the use and development of AI across Europe. Its main goal is to ensure AI systems are safe and respect fundamental rights like privacy and non-discrimination. This law is significant because it’s one of the first comprehensive attempts to regulate AI at such a large scale.

Update

The European Commission has unveiled the AI Office, established within the Commission. The AI Office aims to enable the future development, deployment, and use of AI in a way that fosters societal and economic benefits and innovation while mitigating risks. The Office will play a key role in the implementation of the AI Act, especially in relation to general-purpose AI models. It will also work to foster research and innovation in trustworthy AI and position the EU as a leader in international discussions.

What does the EU AI Act apply to?

The AI Act applies mainly to “high-risk” AI systems. These are AI applications used in critical areas like: healthcare; education; law enforcement; and other public services.

The Act sets strict rules for these systems, like needing risk-mitigation measures and human oversight. However, it gives a pass to AI uses considered low risk, such as spam filters or AI used in non-critical domains.

What are the guidelines for artificial intelligence in the EU?

The guidelines under the EU AI Act focus on transparency, ethical use, and fundamental rights. 

AI systems must: be transparent, meaning companies must inform people when they’re interacting with AI (like chatbots); label AI-generated content, like deepfakes; and assess how their AI affects people’s rights, especially in essential services like banking and insurance.

While there is a cohesive effort at the EU level to regulate AI, individual member states have also been formulating their own strategies, reflecting their unique priorities and contexts.

See how different EU countries have been handling artificial intelligence in the EU here →

EU AI Act Summary

The EU AI Act represents a major legislative move, establishing comprehensive guidelines for AI usage across member states. Its primary goal is to secure AI systems, safeguarding fundamental rights and promoting trustworthy AI development.

🔎 Key Features of the AI Act:

  • Risk-Based Approach: The new categorization of AI systems will be based on their potential societal risk. Under this approach, AI applications in sensitive areas like healthcare and law enforcement will undergo rigorous assessment to ensure they meet high safety and ethical standards.
  • Transparency Requirements: The Act mandates that individuals be informed when they are interacting with AI, particularly in critical sectors such as employment, law enforcement, and finance. This requirement aims to foster an environment of trust and accountability in AI deployment.
  • Bans on Certain AI Practices: Perhaps one of the most striking aspects of the AI Act is its prohibition of certain high-risk AI applications. This includes real-time biometric identification systems in public spaces, reflecting a commitment to protecting individual rights and freedoms.

Businesses operating in the EU must adhere to these regulationsinvolving rigorous assessment procedures for high-risk AI systems. This includes ensuring data quality, transparency, and oversight mechanisms. See here for more on the European AI strategy

EU AI Act Unacceptable Risk

AI systems that are categorized as posing an unacceptable risk will be prohibited under the EU AI Act. These systems are deemed hazardous to individuals and include:

  1. AI mechanisms that manipulate behavior, especially targeting specific groups or vulnerable populations. An example of this would be voice-activated toys designed to encourage unsafe behaviors in children.
  2. Systems that implement social scoring, which involves evaluating individuals based on their behavior, socio-economic background, or personal traits.
  3. Technologies that involve biometric identification and classification, including those that can recognize and categorize people based on their biometric data.
  4. Systems capable of biometric identification in real-time or remotely, like facial recognition technologies, fall under this category as well.

However, the Act does make provisions for certain exceptions, primarily for law enforcement purposes. Real-time remote biometric identification can be used in a limited scope, specifically for grave cases. Additionally, post-event remote biometric identification, which is used after a delay, is permitted for investigating serious criminal offenses, but only with prior judicial authorization.

These regulations are part of the EU’s effort to balance the advancement of AI technology with the protection of individual rights and safety. 

EU AI Act High Risk

AI systems that are determined to have a potentially negative impact on safety or fundamental human rights are categorized as high risk under the EU AI Act. These high-risk AI systems are subdivided into two distinct groups:

  1. AI systems integrated into products that are subject to the EU’s product safety laws. This category encompasses a broad range of products, including but not limited to toys, aviation-related items, automobiles, medical equipment, and elevators.
  2. AI systems that operate in specific sectors and must be registered in a dedicated EU database. These sectors cover a wide array of critical and sensitive areas, including:
  • The management and functioning of essential infrastructure.
  • The educational sector, encompassing both general education and vocational training.
  • Employment-related areas, including worker management and self-employment opportunities.
  • Access to important private and public services, as well as public benefits.
  • The realm of law enforcement.
  • Systems involved in the management of migration, asylum, and border control.
  • Support in the interpretation and application of legal matters.

Every AI system classified as high risk will undergo a thorough evaluation process before being allowed on the market. Furthermore, their performance and compliance with regulations will be continually monitored throughout their operational life.

This structured approach towards high-risk AI systems is part of the EU’s broader strategy to ensure that AI development and deployment are conducted in a manner that is safe and respects the rights and freedoms of individuals. For a more comprehensive understanding of these classifications and regulations, it’s advisable to refer to official EU documentation or legal analyses on the subject.

👀 See How to Comply for high risk AI Systems under the EU AI Act →

EU AI Act Limited Risk

AI systems classified as having limited risk are required to adhere to basic transparency measures. These measures are designed to ensure users can recognize when they are interacting with AI and make informed choices about their continued use of these applications. 

Particularly, this includes AI-generated or manipulated content like images, audio, or video, such as those created by deepfake technology. The goal is to foster an environment where users are aware of AI involvement, allowing them to make more conscious decisions regarding their engagement with these technologies.

EU AI Act Minimal Risk

Applications like spam filters and video games are considered to have minimal risk. Therefore, they are not subjected to additional regulatory oversight.

Compliance and Transparency Requirements for General Purpose and Generative AI

In the context of the EU AI Act, both general-purpose and generative AI systems, including platforms like ChatGPT, are subject to specific transparency obligations. These requirements include:

  1. An explicit declaration to users indicating that the content they are interacting with has been generated by an AI system.
  2. The design of these AI models must incorporate measures to prevent the creation of illegal content.
  3. There is a need to provide summaries of copyrighted data that have been utilized in the training of these AI models.

Moreover, AI models that are more advanced and have a significant impact, such as GPT-4, are required to undergo extensive evaluations. In the case of any serious incidents arising from these systems, it is mandatory to report these incidents to the European Commission. This is part of the broader effort to monitor and regulate AI systems that could potentially pose systemic risks.

These measures are in place to ensure transparency and accountability in the use of AI, particularly in instances where these technologies have a wide-reaching impact or pose potential risks. For further details on these regulations and their implications, it’s recommended to review the official documentation or authoritative sources on the EU AI Act.

How to Comply for high risk AI Systems

The EU AI Act establishes a comprehensive set of compliance measures for AI systems deemed high-risk, covering various stages from design and implementation to post-market introduction. These regulations encompass:

  1. Implementation of a Risk Management System
  2. Requirements for Data Handling and Governance
  3. Preparation and maintenance of Detailed Technical Documentation
  4. Obligations for Record-Keeping
  5. Ensuring Transparency and clear Information Dissemination to users
  6. Guaranteeing Human Oversight
  7. Upholding Standards for Accuracy, Robustness, and Cybersecurity
  8. Establishment of a Quality Management System
  9. Conducting a Fundamental Rights Impact Assessment

While AI systems identified as having limited risk are not subjected to the same stringent compliance checks, such as conformity assessments or product safety reviews, they are still evaluated based on similar criteria to ensure they meet the necessary transparency and safety standards.

These regulatory requirements are integral to ensuring that high-risk AI systems operate safely, ethically, and transparently, aligning with the broader objectives of the EU AI Act to safeguard user rights and public safety. For a deeper understanding of these compliance requirements, it’s advisable to consult the official text of the EU AI Act or related legal resources.

Frequently Asked Questions

The implementation timeline of the EU AI Act, while not set to a specific date, is expected to be fully operational by 2026. This timeline reflects the need for a gradual but comprehensive adoption process, giving businesses and organizations sufficient time to understand and adapt to the new regulations. 

It’s important to note that the period leading up to 2026 will likely see a phased implementation, with certain aspects of the Act coming into force at different stages. Businesses, especially those in high-risk sectors, should start assessing their AI systems and processes now to ensure a smooth transition to compliance. Ongoing updates and guidance from EU regulatory bodies are expected to assist in this preparatory phase.

The EU AI Act’s regulations cast a wide net, encompassing all entities involved in providing AI services within the EU market. This includes not only AI developers and providers based within the EU, but also those situated outside the EU, provided their AI systems are used in the EU market.

This global reach is significant as it implies that any business, regardless of its location, must comply with the Act if its AI services impact EU citizens or operations in EU countries. For multinational corporations, this means adherence to the Act’s standards even if their headquarters are outside the EU. Startups and smaller companies, particularly those aiming to enter the EU market, must also be mindful of these regulations and integrate compliance into their development and deployment strategies.

Entities found non-compliant with the EU AI Act regulations will face substantial financial penalties, reflecting the seriousness with which the EU regards AI governance. 

These fines are structured to be proportionate to the size and turnover of the entity, ensuring that penalties are significant but fair. For minor infringements, fines can be as low as €7.5 million or 1.5% of the annual turnover, which can still represent a significant financial burden for many companies.

In cases of more serious breaches, the fines can escalate to €35 million or up to 7% of the global annual turnover, underscoring the potential financial risks of non-compliance. Beyond financial penalties, non-compliance could also lead to reputational damage, loss of consumer trust, and potential legal challenges. It’s crucial for entities to understand the full scope of these consequences and establish robust compliance mechanisms.

For a more detailed understanding of the AI Act and its implications, refer to the EU Commission’s comprehensive Q&A: EU Commission Q&A.

The EU AI Act is a significant step towards regulating AI in a manner that balances innovation with ethical considerations. Its impact extends beyond Europe, setting a global precedent for how AI can be governed responsibly. As this field continues to evolve, it is crucial to keep the dialogue open and engage various stakeholders in shaping the future of AI governance.