The European Artificial Intelligence Act[1] (“AI Act”) was first proposed by the EU Council in April 2021 and since that time it has been through several rounds of negotiation between the European Parliament, the Council of the European Union and other stakeholders. On the 21st May 2024, the Council approved the law which is the first of its kind in the world and could set the global standard for AI regulation.
The new law intends to encourage both public and private actors to develop and adopt safe and reliable AI systems within the EU single market. At the same time, it seeks to promote investment and innovation in artificial intelligence in Europe while guaranteeing the protection of EU citizens’ basic rights. Only areas covered by EU law are covered by the AI Act, and there are exceptions for systems used solely for research, military and defence objectives. The Act has started to gradually come into force as of 1st August 2024 and prohibitions on certain AI systems will start to apply from February 2025.
As AI systems become more embedded in everyday life, their potential to impact societal structures and individual rights has grown. While AI promises to revolutionise sectors such as healthcare, transportation, and education, it also raises concerns about privacy, discrimination, and accountability. Since AI systems can automate decisions that impact millions of people, it is crucial to ensure this powerful tool is not misused. The AI Act ensures that the use of artificial intelligence improves social and economic well-being while maintaining safety, equity, and protection of fundamental human rights including due process, non-discrimination, and data privacy.
AI Risk Categorisation
The AI Act takes a risk-based approach when regulating artificial intelligence by categorising systems into four distinct risk levels:
- Unacceptable Risk: Under the AI Act, systems that seriously jeopardise people’s rights, livelihoods, or safety are forbidden. These include software that takes advantage of weaknesses, manipulates human behaviour, or applies a process known as social scoring – a system whereby individuals are ranked according to their actions or other traits, similar to the one employed in China.
- High Risk: Strict regulations apply to AI systems that present serious threats to public safety or basic rights but may also find use in vital industries. AI applications in the fields of healthcare, law enforcement, education, and employment are considered high-risk. European standards compliance requires these systems go through stringent testing, auditing, and transparency requirements before they are applied.
- Limited Risk: While less likely to produce negative effects, AI systems in this category are nevertheless subject to some disclosure requirements. Systems in this category ensure that individuals are duly notified and informed whether they are dealing with AI Systems rather than human interactions. A common example is AI Chatbots; such systems must notify users that they are dealing with an AI system.
- Minimal or No Harm: Under the AI Act, these systems—which comprise the majority of AI applications like spam filters and AI-powered video games—are mainly unregulated because they are thought to pose very little harm to public safety or fundamental rights.
For AI systems that fall within the high-risk category, there are several key requirements to ensure safety and compliance with EU law, these requirements cover things such as data governance and quality, transparency and traceability, human oversight, and robustness and accuracy.
AI Act Enforcement
National supervisory authorities within EU member states will be responsible for overseeing the act and there will be significant penalties for companies that fail to comply with the requirements of the AI Act, especially in the high-risk sectors. Fines can be up to 35 million euros or 7% of worldwide annual turnover, whichever is higher may be imposed in the event of non-conformity. These enforcement actions demonstrate the EU’s dedication to maintaining the highest standards in AI development.
Conclusion
Notwithstanding the seemingly positive introduction of the act, the European Artificial Intelligence Act has thus far proven to be divisive, with supporters arguing that the act will foster greater trust in AI technologies which is essential for widespread adoption. On the other hand, critics worry that the strict regulatory requirements for high-risk AI systems could stifle innovation; a fundamental pillar of artificial intelligence development. There is little doubt however, that the AI Act is the first of its kind and aims to foster responsible development of this groundbreaking technology which will position the European Union at the forefront in AI regulation and governance.
Vassallo Associates’ business advisory can advise on the governance of AI systems. Do not hesitate to contact us to discuss your requirements.
[1] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)