Cloud Hosting

22 January 2024

Fieldfisher

To print this article, all you need is to be registered or login on Mondaq.com.

Welcome to this blog post where Olivier Proust, a Partner in Fieldfisher'sTechnology and Data team will delve into the latest developmentssurrounding the EU AI Act. In this post, we will provide you with acomprehensive overview of the key provisions and implications ofthis ground breaking legislation that aims to regulate artificialintelligence (AI) systems and their applications. Join us as weexplore the classification of AI systems, the territorial scope ofthe AI Act, its enforcement mechanisms, and the timeline for itsimplementation.

The EU AI Act, which has been in the works since April 2021, sawsignificant progress on December 8th, 2023, when a politicalagreement was reached between the two co-legislative bodies, i.e.the European Parliament and the Council of the European Union. Thisagreement marked a major milestone in the EU's ambition tobecome the first region in the world to adopt comprehensivelegislation on AI.

The AI Act follows a risk-based approach and classifies AIsystems into four categories: prohibited AI, high-risk AI systems,general-purpose AI (GPAI) and foundation models, and low-risk AIsystems. Prohibited AI encompasses practices such as social scoringand manipulative AI, which the legislation seeks to ban. High-riskAI systems are further classified based on their impact onindividuals' rights and safety, while general-purpose AI andfoundation models face specific transparency requirements. Low-riskAI systems, including generative AI, are subject to transparencyrequirements, ensuring that viewers are aware of the AI-generatedcontent they are consuming.

One notable feature of the AI Act is its extraterritorialeffect, applying not only to entities within the EU but also todevelopers, deployers, importers, and distributors of AI systemsoutside the EU if their system's output occurs within the EU.This broad scope aims to ensure comprehensive regulation of AIsystems and their uses.

To enforce compliance with the AI Act, several regulatory bodieswill be established, including an AI Office within the EuropeanCommission and an AI Board serving as an advisory body. Nationalpublic authorities will be responsible for enforcement, akin to therole of data protection authorities under the GDPR. Fines forviolations vary depending on the seriousness of the offense, withthe highest fines reaching up to 7 percent of global turnover or 35million euros.

While a political agreement has been reached, the final text ofthe AI Act is yet to be published. Technical trilogue meetings arescheduled to ensure a consolidated version of the text is achievedby early January. Following formal adoption by the EuropeanParliament and the Council, the AI Act will be published in theOfficial Journal of the EU. However, there will be a two-year graceperiod before the AI Act comes into full application, givingorganizations time to ensure compliance. Some provisions, such asthose pertaining to prohibited AI, may come into effect sooner.

Companies are strongly advised not to wait for the fullapplication of the AI Act but to proactively start preparing forcompliance. Drawing from the experience with the GDPR, earlyadoption of a compliance framework can put organizations in abetter position when the AI Act takes full effect. This may includeconducting AI gap analyses, assessing the risks associated with AIsystems within their operations, developing internal guidelines andbest practices, and providing training to employees.

In addition to the AI Act, the European Commission has initiatedan AI Pact, encouraging companies to pledge voluntary complianceahead of the legislation's full application. Already,approximately a hundred companies have shown their commitment tothe AI Pact, reflecting the industry's growing awareness of theimportance of responsible AI practices.

The EU AI Act represents a significant step toward regulating AIsystems and their applications. This comprehensive legislation aimsto balance innovation with the protection of individuals'rights, safety, and privacy. By categorizing AI systems based onrisk and introducing transparency requirements, the EU ispositioning itself as a global leader in AI regulation.Organizations should start taking steps to ensure compliance withthe AI Act sooner rather than later. Fieldfisher's Technologyand Data team will continue to monitor these legal developmentsclosely and provide further insights through their webinar series on AI and the interplay withthe GDPR. Stay tuned for more updates on this transformativelegislation and its impact on the AI landscape.

The content of this article is intended to provide a generalguide to the subject matter. Specialist advice should be soughtabout your specific circumstances.

POPULAR ARTICLES ON: Technology from European Union

Original post:
The EU AI Act: A Comprehensive Regulation Of Artificial Intelligence - New Technology - European Union - Mondaq News Alerts