Get in touch

    EU AI Act – What You Have to Be Aware Of

    The European Union’s Artificial Intelligence Act (EU AI Act) is a landmark regulation that aims to govern the use of artificial intelligence (AI) within the EU. As the first comprehensive attempt to regulate AI globally, the Act is set to have far-reaching implications for businesses, developers, and users of AI systems. This report provides an in-depth analysis of the EU AI Act, its scope, key provisions, compliance requirements, and potential impacts on various stakeholders.

    Introduction

    The EU AI Act was published in the Official Journal of the European Union on July 12, 2024, and came into force on August 1, 2024. The Act adopts a risk-based approach to AI regulation, aiming to balance innovation with the protection of fundamental rights. Compliance with the Act will be phased in over a three-year period, with different deadlines for various types of AI systems (Taylor Wessing).

    Scope and Coverage

    The EU AI Act applies to a wide range of AI systems, categorizing them based on their risk levels. The Act defines AI broadly, encompassing various technologies and systems, including machine learning, expert systems, and statistical approaches (KPMG). The regulation affects entities both within and outside the EU, provided their AI systems impact EU residents or are used within the EU (KPMG).

    Risk Classifications

    The AI Act classifies AI systems into four risk categories:

    1. Unacceptable Risk: AI systems that pose a significant threat to fundamental rights and safety are prohibited. Examples include AI for social scoring by governments and real-time biometric identification in public spaces for law enforcement (TechCrunch).
    2. High Risk: These systems require stringent compliance measures, including risk management, data governance, and human oversight. High-risk AI systems include those used in critical infrastructure, education, employment, and law enforcement (Artificial Intelligence Act).
    3. Limited Risk: AI systems in this category must adhere to specific transparency obligations, such as informing users when they are interacting with an AI system (MIT Technology Review).
    4. Minimal or No Risk: Most AI systems fall into this category and are not subject to specific regulatory requirements (TechCrunch).

    Key Provisions

    Compliance Requirements

    The AI Act imposes various obligations on providers, deployers, importers, and distributors of AI systems. The majority of these obligations fall on providers of high-risk AI systems. Key compliance requirements include:

    • Risk Management: Providers must implement a risk management system to identify, assess, and mitigate risks associated with their AI systems (Artificial Intelligence Act).
    • Data Governance: Ensuring the quality and integrity of data used by AI systems is crucial. Providers must establish data governance frameworks to manage data collection, processing, and storage (KPMG).
    • Human Oversight: High-risk AI systems must be designed to allow human oversight, ensuring that humans can intervene and override AI decisions when necessary (MIT Technology Review).
    • Transparency: Providers must inform users when they are interacting with an AI system and disclose the system’s capabilities and limitations (Artificial Intelligence Act).

    Penalties for Non-Compliance

    The AI Act imposes significant penalties for non-compliance, similar to the General Data Protection Regulation (GDPR). Fines are based on the severity of the violation and the entity’s annual global turnover:

    • Up to €35 million or 7% of annual global turnover for prohibited AI practices.
    • Up to €20 million or 4% for high-risk system violations.
    • Up to €7.5 million or 1.5% for providing incorrect or misleading information (Taylor Wessing).

    Implementation Timeline

    The AI Act’s compliance deadlines are staggered, allowing entities time to adapt to the new regulations. Key milestones include:

    • February 2, 2025: Enforcement of bans on prohibited AI systems and AI literacy requirements.
    • August 1, 2025: Compliance requirements for General Purpose AI (GPAI) models.
    • August 1, 2026: Full compliance for high-risk AI systems under Annex III.
    • August 1, 2027: Compliance for high-risk AI systems that are products or safety components of products covered by legislation set out in Annex I (PwC).

    Impact on Businesses

    Global Reach

    The EU AI Act has an extraterritorial effect, meaning it applies to entities outside the EU if their AI systems impact EU residents or are used within the EU. This broad scope ensures that the regulation has a global impact, influencing AI practices worldwide (KPMG).

    Compliance Challenges

    Businesses must undertake significant efforts to comply with the AI Act. Key steps include:

    • Scope Analysis: Mapping AI systems and assessing their risk levels to determine applicable regulatory requirements (Ashurst).
    • Gap Analysis: Identifying areas of non-compliance and developing action plans to address these gaps (KPMG).
    • Organizational Transformation: Establishing multidisciplinary task forces to manage compliance efforts, including legal, privacy, data science, risk management, and procurement professionals (KPMG).

    Opportunities for Innovation

    While the AI Act imposes stringent regulations, it also provides opportunities for innovation. By ensuring that AI systems are safe, transparent, and trustworthy, the Act aims to foster AI investment and create a harmonized single EU market for AI (KPMG).

    Conclusion

    The EU AI Act represents a significant step towards regulating AI in a manner that balances innovation with the protection of fundamental rights. Businesses, developers, and users of AI systems must be aware of the Act’s requirements and take proactive steps to ensure compliance. By doing so, they can not only avoid substantial penalties but also contribute to the development of safe, transparent, and trustworthy AI systems.

    References

    Share your love

    You may also like

    EN
    DE EN