The EU is now equipped with a brand-new regulation for the use of AI.

Here are the top 3 insights:

• The EU has adopted a new regulation for the use of AI, intended to protect the fundamental rights of human beings and promote innovation in artificial intelligence.
• The AI regulation is based on a risk-based approach, taking into account the application and impact of AI on society.
• The AI regulation prohibits certain applications of AI, but also promotes innovation by establishing sandbox environments at the national level for startups and SMEs in this field.

Contradictory to its common naming which indicates a more US based thinking as an “Act,” it is in line with predecessors like the GDPR and follows the EU considerations to ensure the fundamental rights of human beings. Further, the AI Act shall support innovation in artificial intelligence. It is likely that this fact has been introduced due to the negative feedback to other regulations of the EU especially in the medical device environment which has been told to be innovation blockers.

Also, the EU established a risk-based approach for the use of AI in the Act. This is achieved by not regulating AI by itself but focusing on the use of and the impact of society.  As a result, you will find banned applications like any use which may be a threat to the fundamental rights of human beings. As always, such banning comes with exemptions for defined situations where banned AI can be deployed by authorized entities and if strict safeguards are met.

The next lower category which is not banned per-se is AI used in circumstances which bear a significant risk to health, safety, fundamental rights, environment, democracy, and the rule of law. The use of such systems comes with obligations like the mitigation of the risks, data accuracy and transparency to EU citizens. Those have the right based on this regulation to submit complaints about AI systems which is a similar rule as we have already seen in the GDPR. Also, the transparency requirement which is part of this regulation and applied to all AI categories and their models, is known from the GDPR. The need for this requirement rises with the risk of the AI system in use and may include model evaluations, incident reporting and mitigating risks as we have already seen for the high-risk category in specific.

The innovation boost is a more difficult topic but at core it aims to establish sandbox environments at national level which gives startups and SMEs in this field the ability to develop and train their AI before it is introduced to the market it is intended to.

Since the EU AI Act still needs to be endorsed by the Council in a formal manner, we can expect different timelines for the respective risk categories. That means after publication in the Official Journal there will be an adoption period of 2 years before it becomes fully into force. This does only apply to the entire regulation. Banned use of AI will be already prohibited 6 months, codes of practice 9 months, general purpose AI rules 12 months and obligations for high-risk AI 3 years after publication.

___________________________________________________________________________________

Reference links:

AI Act (Proposal): EUR-Lex – 52021PC0206 – EN – EUR-Lex (europa.eu)

Press release:Artificial Intelligence Act: MEPs adopt landmark law | News | European Parliament (europa.eu)

Other sources

AI Act | Shaping Europe’s digital future (europa.eu)

AI Pact | Shaping Europe’s digital future (europa.eu)

AI Act | Shaping Europe’s digital future (europa.eu)