The European Union has made significant progress in moving toward passage of the Artificial Intelligence Act (EU AI Act). The EU AI Act still needs to go through negotiations with EU institutions, including the council of the EU and the 27 member states.
The rapid growth of technology involving artificial intelligence has been accompanied by consistent discussion relating to regulatory activity governing use and development. The EU AI Act is considered the first extensive set of regulations to “ensure a high level of protection of health, safety, fundamental rights, democracy and rule of law and the environment from harmful effects of [AI].”
Brando Benifei, one of the members of the European Parliament, explained that “Europe has gone ahead and proposed a concrete response to the risks AI is starting to pose.” EU legislators seek to encourage the development of AI by small and mid-sized enterprises, and the EU AI Act would implement a uniform set of laws governing AI throughout the member states.
Who and what is covered?
The EU AI Act is set to cover developers, distributors, importers, manufacturers, as well as providers within the EU. The act would extend to providers and “deployers” of AI outside of the EU if the output produced is intended for use in the EU.
The EU AI Act provides detailed rules for AI systems depending on the level of risk. For example, including:
- The AI Act bans the use of “Unacceptable” AI. Examples of “Unacceptable” AI include the use of real-time facial recognition in public areas and social scoring systems.
- “High Risk” use is considered AI that could lead to safety impacts or negatively affect fundamental rights. While “High Risk” models are permitted, these systems will be required to pass assessment before being introduced to the public. Examples include AI dealing with the management and operation of “critical infrastructure,” AI systems used to “be used to influence the outcome of an election,” and AI used to evaluate the credit score of natural persons.
- For AI systems of limited or minimal risk, providers will need to comply with certain transparency requirements like disclosing that content was generated by AI and allowing users to an informed decisions when engaging with the AI. The AI Act would also require safeguards preventing AI systems from generating illegal content.
Companies involved in the development stage of AI would also have to publish detailed summaries in the models used to train their AI systems
Penalties and Fines
Depending on the severity of a violation, a fine under the EU AI Act could be up to €40 million ($43 million) or up to 7 percent of the violating company’s worldwide annual turnover, whichever amount is higher. For comparison, the General Data Protection Regulation (GDPR) only has fines as high as €10 million ($10.8 million), or up to 2 percent of a company’s global turnover.
The fines are proportionate to the size of the organization, and would account for startups as well as small and medium sized enterprises. In other words, Article 71 of the AI Act states that “[t]he penalties provided for shall be . . . proportionate, and . . . take into account the interests of SMEs and start-ups and their economic viability.”
The AI Act also allows for naturals persons to file a complaint with the relevant national supervisory authority for infringements by AI system related to them.
A spokesperson for a global technology company leading AI development around the world stated that they “believe that AI requires legislative guardrails, alignment efforts at an international level, and meaningful voluntary actions by companies that develop and deploy AI.”
Another company called for key improvements like a rebalance of responsibilities between developers and “deployers” as well as better definitions, so “that only truly high-risk use cases are captured” under the EU AI Act’s high-risk AI category.
The introduction of the AI Act introduces new challenges and regulations for AI developers, distributors, importers, manufacturers, and providers. With large fines involved, it is important for covered entities to carefully review the terms of the EU AI Act, its application on different sizes of organizations, and be prepared to adapt accordingly.