ARTICLE
18 December 2023

Inside The AI Act: What Companies Need To Know

LP
Logan & Partners

Contributor

Logan & Partners is a Swiss law firm focusing on Technology law and delivering legal services like your in-house counsel. We are experts in Commercial Contracts, Technology Transactions, Intellectual Property, Data Protection, Corporate Law and Legal Training. We are dedicated to understanding your industry and your business needs and to deliver clear and actionable legal services.
On December 8, 2023, the Council of the European Union and the European Parliament reached a provisional agreement on the Artificial Intelligence Act...
European Union Technology

On December 8, 2023, the Council of the European Union and the European Parliament reached a provisional agreement on the Artificial Intelligence Act, commonly referred to as the 'AI Act'. This proposal is poised to set a global standard for AI regulation, akin to the General Data Protection Regulation's (GDPR) influence on data privacy. In this article, we'll delve into the critical aspects of the proposed act and examine its implications for affected businesses.

Understanding the AI Act's Core Principles

The AI Act is the EU's proposed regulation impacting AI systems. Its objective is to ensure the safety of AI systems used in the EU and their adherence to fundamental rights and EU values. The core principle is to regulate AI based on its potential to cause harm to society, employing a 'risk-based' approach where higher risks warrant more stringent rules.

Key Features of the Provisional Agreement

  • Risk-Based Classification: AI systems are classified into high-risk and low-risk categories. High-risk systems, which could significantly impact safety or fundamental rights, face strict regulations. For these systems, specific obligations have been established, including a mandatory assessment of their impact on fundamental rights, obligations regarding potential bias (to ensure that systems are non-discriminatory and respect fundamental rights), the requirement for thorough documentation to demonstrate their compliance with the act, among others.
  • Scope and Definitions: the agreement aligns the definition of AI systems with the OECD's approach, ensuring clarity in distinguishing AI from simpler software systems. It also specifies that the regulation does not apply to military or defence purposes and exempts AI systems used solely for research, innovation, or non-professional reasons. The act also introduces provisions to make requirements for high-risk AI systems technically feasible, lightening the burden, especially for small and medium-sized enterprises (SMEs).
  • Prohibited AI Practices: certain AI applications considered excessively dangerous. Noteworthy bans include cognitive behavioural manipulation, untargeted scraping of facial images for facial recognition, emotion recognition in workplaces and educational institutions, social scoring based on social behaviour or personal characteristics, biometric categorisation systems using sensitive data (e.g. political, religious, philosophical beliefs, sexual orientation, race), systems used to exploit people's vulnerabilities (e.g., due to age, disability, social or economic situation), specific instances of predictive policing applications, and law enforcement use of real-time biometric identification in public (apart from limited, pre-defined and authorised situations).
  • General Purpose AI Systems: general purpose AIs (GPAIs) are AI systems that can be used for many purposes. To accommodate the wide range of tasks these systems can accomplish, it was agreed that GPAIs, along with their foundational models, must adhere to specific transparency requirements. These requirements include creating technical documentation, compliance with EU copyright law, and disseminating detailed summaries about the content used for training.

Penalties

Fines are delineated as a percentage of the global annual turnover or a fixed amount, with caps for SMEs and start-ups. Depending on the violation's nature, fines can extend up to €35 million or 7% of the global annual turnover. Within the act, any individual can make complaints about non-compliance.

Next Steps

While an agreement has been made, the final text has not yet been agreed upon, and technical work to finalise the details is expected over the coming weeks. The Presidency will then present the consensus text to the Member States' representatives for their endorsement, and upon approval, the agreed text will be formally adopted by the Parliament and the Council. The AI Act is expected to take effect two years after its enactment, with exceptions for specific provisions. Given recent developments, we anticipate it to be in force in the next few months, becoming applicable by the first half of 2026.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More