On August 1, 2024, the European Union's AI Act officially came into force, marking a significant step in regulating artificial intelligence (AI) systems. This landmark legislation ensures that AI technologies are developed and used in ways that are safe, transparent, and respectful of fundamental rights. Here's what you need to know about this groundbreaking regulation.

Objectives and Scope of the AI Act

The AI Act is designed to provide a comprehensive framework for the development, commercialization, and utilization of AI systems within the EU. It introduces a risk-based approach, classifying AI systems into four categories based on their potential impact on safety and fundamental rights:

1. Unacceptable Risk: Practices that pose a threat to safety, health, or fundamental rights are prohibited. This includes social scoring by governments, exploitation of vulnerabilities, and real-time biometric identification in public spaces for law enforcement purposes, except under strict conditions.

2. High Risk: AI systems that significantly impact individuals' safety or fundamental rights are subject to stringent requirements. These include biometric identification, critical infrastructure management, and systems used in education, employment or clinical trials. AI in clinical trials is considered high risk due to its direct impact on individuals' health and safety. Such systems must undergo rigorous conformity assessments and maintain detailed technical documentation.

3. AI Systems with Specific Transparency Requirements: AI systems that might manipulate users or generate content must meet specific transparency requirements, such as disclosing their automated nature to users.

4. Minimal Risk: Most AI systems fall into this category and are subject to minimal regulatory requirements.

General-Purpose AI Models

The AI Act also addresses general-purpose AI models, particularly those used in generative AI, like large language models (LLMs). These models, while not inherently high-risk, require tailored regulatory measures depending on their application. Providers of these models must implement transparency and documentation measures and conduct in-depth risk assessments to mitigate potential harms such as bias, discrimination, and misuse. A Code of Practice specific to these models is expected by April 2025.

Governance and Enforcement

The AI Act establishes a robust governance framework at both the European and national levels.

• European Level: The European AI Board will oversee the consistent application of the AI Act across member states, providing guidelines and facilitating cooperation. This board includes representatives from each member state and the European Data Protection Supervisor. Additionally, the AI Office, a new institution within the European Commission, will supervise general-purpose AI models and high-risk AI systems developed by the same provider.

• National Level: Each EU member state must designate one or more competent authorities to oversee AI systems. These authorities will be responsible for market surveillance and enforcing the AI Act within their jurisdictions.

Compliance and Penalties

Compliance with the AI Act involves several key steps:

• Conducting risk assessments.

• Maintaining technical documentation.

• Implementing risk management measures.

• Ensuring transparency with users and stakeholders.

Non-compliance can result in significant penalties, including fines up to €35 million or 7% of the global annual turnover for the most severe violations. These penalties are designed to be proportionate to the severity and impact of the violation.

Interaction with the GDPR

The AI Act complements, rather than replaces, the General Data Protection Regulation (GDPR). While the GDPR focuses on personal data protection, the AI Act addresses broader risks associated with AI systems. For example, high-risk AI systems that process personal data must comply with both sets of regulations. The AI Act provides specific requirements that can aid in achieving GDPR compliance, such as conducting data protection impact assessments. The AI Act and GDPR will need to work in harmony, especially for AI systems that process personal data.

Implementation Timeline

The expected timeline for implementation is as follows:

• February 2025: Prohibitions on AI systems presenting unacceptable risks come into effect.

• August 2025: Rules for general-purpose AI models and the designation of competent authorities begin.

• August 2026: Full application of rules for high-risk AI systems.

• August 2027: Final phase for high-risk AI systems listed in annex I.

Conclusion

The European AI Act represents a significant advancement in the regulation of artificial intelligence. By establishing clear guidelines and a robust governance framework, the EU aims to foster innovation while ensuring that AI systems are safe, transparent, and respectful of fundamental rights. As AI technology continues to evolve, the AI Act will likely set a precedent for global AI regulation, shaping a responsible and trustworthy AI landscape in Europe.

Warm Regards

Diana