The EU Artificial Intelligence Act is setting the global standard for AI as GDPR did for data privacy. We give you a brief overview about the Act and how you can get ready.
The EU AI Act introduces a risk-based classification scheme for AI applications. The main criterion is the level of risk posed by the AI application to individuals or society as a whole. The classification ranges from minimal risk to applications which are banned entirely.
How is AI defined?
The EU wants their definition of “artificial intelligence” to be future- proof, which means it has to cover an incredibly wide range of data analysis techniques. That means the EU will consider not just deep learning and complex applications such as self-driving cars as AI. The proposed definition is so broad that many of the technologies used by your business today will fall under it and be regulated:
‘Artificial Intelligence system’ (AI system) means a machine-based system that is designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments.*
*OECD definition of AI
The Act lays out a range of requirements for high risk AI systems from the design, implementation and post-market entry phases. These include:
- Risk Management System (Article 9)
- Data and Data Governance (Article 10)
- Technical Documentation (Article 11 and Annex IV)
- Record Keeping (Article 12)
- Transparency and provision of information to user (Article 13)
- Human Oversight (Article 14)
- Accuracy, Robustness and Cybersecurity (Article 15)
- Quality Management System (Article 17)
- Fundamental Rights Impact Assessment
While limited risk systems will not face the same compliance scrutiny including conformity assessments and product safety reviews, they will also be evaluated under these categories.
Conformity Assessments in the EU AI Act
High Risk AI Systems will have to undergo a Conformity Assessment (Article 19) to demonstrate adherence to the AI Act before being placed on the market in the EU. You are required to generate and collect the documentation and evidence for such an Assessment.
The AI Act has been passed by the EU Parliament and has reached a political agreement during the Trilogue phase between Parliament, Commission and Council. After a second vote in the Parliament and Council, the Act will go into effect.
Penalties of the EU AI Act
The fines for violations of the AI act were set as a percentage of the offending company’s global annual turnover in the previous financial year or a predetermined amount, whichever is higher. This would be €35 million or 7% for violations of the banned AI applications, €15 million or 3% for violations of the AI act’s obligations and €7,5 million or 1,5% for the supply of incorrect information. However, the provisional agreement provides for more proportionate caps on administrative fines for SMEs and start-ups in case of infringements of the provisions of the AI act.
FAQ about EU AI Act
What is the EU AI Act ?
Who will be affected by the EU AI Act?
How are companies based in Switzerland impacted by the EU AI Act?
What is the timeline for the EU AI Act?
How can companies be ready for the EU AI Act?
Global AI Regulation
Global AI Regulation
The EU AI Act aims to set global AI regulations much like GDPR did. With extraterritorial reach and a risk-based approach, it targets protecting citizen and consumer rights. Penalties could reach 7% of global turnover.
On December 8, 2023, the European Parliament and the Council of the European Union reached a political agreement on the EU AI Act.
- You can read more about the European Parliament’s position on the AI Act by visiting this official document.
Whether you are already using or considering AI in your business, keeping these upcoming regulatory requirements in mind is going to be vital to avoid delays and penalties. Use Modulos to ensure that AI models are trained transparently on high-quality data the Act requires.