What is the EU AI Act
The European Union introduced the Artificial Intelligence Act (AI Act), a regulatory proposal concerning artificial intelligence within the EU. Presented by the European Commission on April 21, 2021, this legislation is the inaugural comprehensive AI law globally. The proposed EU Artificial Intelligence Act seeks to categorize and oversee artificial intelligence applications by evaluating their potential for causing harm. This categorization involves four risk levels (“unacceptable,” “high,” “limited,” and “minimal”), along with an extra category dedicated to general-purpose AI.
How “AI System” is defined in the EU AI Act
The EU AI Act derives the definition of an “AI System” from the recently updated definition used by the Organisation for Economic Co-operation and Development (OECD). The objective of using the OECD definition is to provide a basis for international alignment and continuity with other laws and codes. The OECD definition defines an AI system as follows:
“An AI system is a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment.”
Key Objectives of the EU AI Act
- To ensure that AI systems deployed on the EU market are safe and compliant with existing EU legislation.
- To establish legal certainty, which will encourage investment and innovation in AI.
- To improve governance and effectively implement EU law on AI systems’ fundamental rights and safety standards.
- To help create a single market for lawful, safe, and trustworthy AI applications while avoiding market fragmentation.
Who will the AI Act Affect
The AI Act explicitly defines various AI actors, such as providers, deployers, importers, distributors, and product producers. All parties involved in AI model development, usage, import, distribution, or production will be held accountable. Furthermore, the AI Act applies to providers and users of AI systems outside the EU, such as Switzerland, assuming the system’s outcomes are intended for use within the EU.
AI systems classification for Risk-based approach as per the act
Classification | Description | Compliance Level | Use case example |
Unacceptable Risk | Prohibited because their usage endangers people’s safety, security, and fundamental rights. | Prohibited | This includes employing AI tools for social grading, which may result in unfair treatment, emotional recognition systems in the workplace, biometric categorization to infer sensitive data, and predictive policing of persons, among other applications. Certain exemptions will apply. |
High Risk | Permitted, subject to compliance with AI Act regulations (including conformity evaluations before market release). | Conformity Assessment | This includes using AI in recruitment, biometric identification surveillance systems, safety components (e.g., medical devices, automobiles), access to essential private and public services (e.g., creditworthiness, benefits, health and life insurance), and critical infrastructure security. |
Limited Risk | Permitted, subject to strict transparency and disclosure requirements, provided the uses represent a low risk. | Transparency | Specific AI systems interact directly with people (e.g., chatbots) and visual or audio “deepfake” content manipulated by an AI system. |
Minimal Risk | Permitted, with no additional AI Act criteria, for uses that pose minimal risk. | Code of conducts | By default, all other AI systems that do not fit into the above categories (e.g., photo-editing software, product recommender systems, spam filtering software, scheduling software) |
Timeline of EU AI Act Implementation
Time Frame | Description |
February 2020 | European Commission publishes “White Paper on Artificial Intelligence” |
October 2020 | A debate between EU leaders takes place. |
21st April 2021 | The AI Act is officially proposed |
6 December 2022 | European Council adopts the general orientation |
9 December 2023 | The Council and Parliament agreed. |
Q2–Q3 2024 | Expected entry into force. |
Immediately after entry into force Q2-Q3 2024 | The European Commission will begin work to establish the AI Office (EU oversight body) while Member States make provisions to establish AI regulatory sandboxes. |
During the implementation period | The European Commission will launch the AI Pact, allowing firms to collaborate voluntarily with the Commission to achieve AI Act commitments ahead of legislative deadlines. (see the relevant section below regarding the AI Pact). |
Six months after entry into force Q4 2024–Q1 2025 | Prohibitions will come into effect. |
12 months after entry into force Q2–Q3 2025 (TBC) | Some requirements for GPAI models may come into effect (details of which remain to be officially confirmed). |
24 months after entry into force Q2–Q3 2026 | All other AI Act requirements will come into effect (e.g., those for high-risk AI systems). |
* The AI Act is likely to take effect in 2025. Its applicability will be progressive. AI applications that present “unacceptable” risks should be banned six months after entry into force. Provisions for general-purpose AI should become applicable 12 months after entry into force, and the AI Act should be fully functional 24 months after entry into force.
Penalties for Non-Compliance with the EU AI Act
Non-Compliance Case | Proposed Fine |
Breach of AI Act prohibitions. | Fines up to €35 million or 7% of total worldwide annual turnover (revenue), whichever is higher. |
Non-compliance with obligations for high-risk AI system suppliers, authorized representatives, importers, distributors, users, and notified entities. | Fines up to €15 million or 3% of total worldwide annual turnover (revenue), whichever is higher. |
Respond to a request from notified bodies or national competent authorities with erroneous or misleading information. | Fines up to €7.5 million or 1.5% of total worldwide annual turnover (revenue), whichever is higher. |
Conclusion
The EU AI Act is a comprehensive legislative framework designed to meticulously regulate the deployment and operation of AI technologies within the European Union. By categorizing AI applications into a risk-based hierarchy, it meticulously delineates regulatory requirements that range from stringent compliance for high-risk categories to minimal oversight for lower-risk applications. This Act not only extends its jurisdiction to EU-based entities but also encompasses non-EU stakeholders whose AI systems exert influence within the EU market. The Act’s nuanced approach, emphasizing a balance between fostering technological innovation and safeguarding public interests through fundamental rights and safety standards, sets a global precedent for AI governance. Its implementation strategy, marked by a phased timeline and rigorous enforcement mechanisms, underscores the EU’s commitment to establishing a unified digital market for ethically aligned and secure AI technologies.