Welcome to this blog post where Olivier Proust, a Partner in Fieldfisher's Technology and Data team will delve into the latest developments surrounding the EU AI Act. In this post, we will provide you with a comprehensive overview of the key provisions and implications of this ground breaking legislation that aims to regulate artificial intelligence (AI) systems and their applications. Join us as we explore the classification of AI systems, the territorial scope of the AI Act, its enforcement mechanisms, and the timeline for its implementation.
The EU AI Act: An Overview:
The EU AI Act, which has been in the works since April 2021, saw significant progress on December 8th, 2023, when a political agreement was reached between the two co-legislative bodies, i.e. the European Parliament and the Council of the European Union. This agreement marked a major milestone in the EU's ambition to become the first region in the world to adopt comprehensive legislation on AI.
Classification of AI Systems:
The AI Act follows a risk-based approach and classifies AI systems into four categories: prohibited AI, high-risk AI systems, general-purpose AI (GPAI) and foundation models, and low-risk AI systems. Prohibited AI encompasses practices such as social scoring and manipulative AI, which the legislation seeks to ban. High-risk AI systems are further classified based on their impact on individuals' rights and safety, while general-purpose AI and foundation models face specific transparency requirements. Low-risk AI systems, including generative AI, are subject to transparency requirements, ensuring that viewers are aware of the AI-generated content they are consuming.
Scope of the AI Act:
One notable feature of the AI Act is its extraterritorial effect, applying not only to entities within the EU but also to developers, deployers, importers, and distributors of AI systems outside the EU if their system's output occurs within the EU. This broad scope aims to ensure comprehensive regulation of AI systems and their uses.
Enforcement and Sanctions:
To enforce compliance with the AI Act, several regulatory bodies will be established, including an AI Office within the European Commission and an AI Board serving as an advisory body. National public authorities will be responsible for enforcement, akin to the role of data protection authorities under the GDPR. Fines for violations vary depending on the seriousness of the offense, with the highest fines reaching up to 7 percent of global turnover or 35 million euros.
Timeline and Next Steps:
While a political agreement has been reached, the final text of the AI Act is yet to be published. Technical trilogue meetings are scheduled to ensure a consolidated version of the text is achieved by early January. Following formal adoption by the European Parliament and the Council, the AI Act will be published in the Official Journal of the EU. However, there will be a two-year grace period before the AI Act comes into full application, giving organizations time to ensure compliance. Some provisions, such as those pertaining to prohibited AI, may come into effect sooner.
Embrace Compliance Sooner:
Companies are strongly advised not to wait for the full application of the AI Act but to proactively start preparing for compliance. Drawing from the experience with the GDPR, early adoption of a compliance framework can put organizations in a better position when the AI Act takes full effect. This may include conducting AI gap analyses, assessing the risks associated with AI systems within their operations, developing internal guidelines and best practices, and providing training to employees.
The AI Pact:
In addition to the AI Act, the European Commission has initiated an AI Pact, encouraging companies to pledge voluntary compliance ahead of the legislation's full application. Already, approximately a hundred companies have shown their commitment to the AI Pact, reflecting the industry's growing awareness of the importance of responsible AI practices.
Conclusion:
The EU AI Act represents a significant step toward regulating AI systems and their applications. This comprehensive legislation aims to balance innovation with the protection of individuals' rights, safety, and privacy. By categorizing AI systems based on risk and introducing transparency requirements, the EU is positioning itself as a global leader in AI regulation. Organizations should start taking steps to ensure compliance with the AI Act sooner rather than later. Fieldfisher's Technology and Data team will continue to monitor these legal developments closely and provide further insights through their webinar series on AI and the interplay with the GDPR. Stay tuned for more updates on this transformative legislation and its impact on the AI landscape.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
