The EU's AI Act: A New Era of AI Regulation is live from today

The European Union's landmark artificial intelligence law, the AI Act, officially enters into force today, ushering in a new era of AI regulation that will have significant implications for any company developing, deploying, or applying AI.?

This groundbreaking legislation, approved by the EU in May, aims to address the potential negative impacts of AI by establishing a comprehensive and harmonized regulatory framework across the EU, using a risk-based approach to regulation.

Businesses, particularly those heavily reliant on AI, need to carefully assess the implications of the AI Act. Key steps include:

• Understanding the AI Act: Gain a comprehensive understanding of the Act's requirements and how they apply to your organization.
• Risk assessment: Evaluate your AI systems to determine their risk level and the corresponding obligations.
• Compliance planning: Develop strategies to meet the Act's requirements, including data governance, transparency, and human oversight.
• Staying informed: Keep abreast of evolving regulations and industry best practices.

Understanding the AI Act

The AI Act is designed to regulate AI applications differently based on the level of risk they pose to society.?

For high-risk applications, which include, among others autonomous vehicles, medical devices, loan decisioning systems, educational scoring, and remote biometric identification systems, the Act introduces strict obligations. These obligations include:

• Risk Assessment and Mitigation: Companies must implement adequate risk assessment and mitigation systems.
• High-Quality Training Data: Ensuring the use of high-quality training datasets to minimize bias.
• Activity Logging: Routine logging of AI system activity.
• Documentation Sharing: Mandatory sharing of detailed model documentation with authorities to assess compliance.
• Assigning AI Authorised representatives: for businesses outside EU.

The Act also imposes a blanket ban on AI applications deemed to have an unacceptable risk level, such as social scoring systems, predictive policing, and the use of emotional recognition technology in workplaces or schools.

While the focus is often on high-risk systems, understanding the implications for low and limited risk AI is equally important.?

Low-Risk AI Systems

• Minimal Obligations: Companies using low-risk AI systems generally face minimal regulatory burdens.
• Transparency Requirements: However, there might be some transparency obligations, such as providing information about the AI system's use.
• Potential for Reclassification: As AI technology evolves, low-risk systems could potentially be reclassified as higher-risk, necessitating additional compliance measures.

Limited-Risk AI Systems

• Increased Obligations: Limited-risk AI systems are subject to more stringent requirements than low-risk systems but less stringent than high-risk systems.
• Risk Assessment: Companies using limited-risk AI may need to conduct basic risk assessments to identify potential harms.
• Data Governance: Data protection and quality standards might be more stringent for limited-risk AI systems.
• Transparency: Providing clear information about the AI system to users is likely to be required.

Key Implications of the AI Act

• Risk-based approach: The Act adopts a flexible framework, tailoring regulations to the specific risks posed by different AI applications.
• Stricter rules for high-risk AI: Areas like autonomous vehicles, medical devices, and critical infrastructure will face stringent requirements, including risk assessments, data governance, and human oversight.
• Ban on certain AI practices: Some AI applications deemed to pose unacceptable risks, such as social scoring, will be outright prohibited.
• Impact on businesses: Companies operating within the EU, or handling data of EU residents, must comply with the Act's provisions. This includes not only tech giants but also businesses across various sectors that utilize AI.

Challenges Companies Face in Complying with the EU AI Act

The EU AI Act presents significant challenges for companies, particularly those heavily involved in AI development and deployment. Here are some key obstacles:

Interpretation and Implementation

• Defining high-risk AI: Determining which AI systems fall under the "high-risk" category can be complex and subjective.
• Translating legal requirements into technical actions: Converting abstract legal obligations into specific technical implementations is a demanding task.
• Adapting existing systems: Aligning existing AI systems with the AI Act's requirements can be time-consuming and resource-intensive.

Operational and Financial Burden

• Increased costs: Compliance with the AI Act will likely lead to higher operational costs due to required assessments, documentation, and potential system modifications.
• Resource allocation: Organizations may need to dedicate significant resources to understand, implement, and maintain compliance.
• Potential competitive disadvantage: Companies might face challenges in competing with those in regions with less stringent AI regulations.

Technological Challenges

• Data quality and availability: Ensuring high-quality data for AI training and evaluation can be difficult and expensive.
• Explainability: Developing AI models that can provide clear and understandable explanations of their decision-making processes is complex.
• Continuous monitoring and evaluation: Establishing robust systems for ongoing monitoring and evaluation of AI systems requires significant technical expertise.

Balancing Innovation and Regulation

• Stifling innovation: Overly stringent regulations could hinder AI research and development, potentially slowing down technological progress.
• Finding the right balance: Striking a balance between protecting citizens and fostering innovation is a delicate task.

Generative AI, labeled as general-purpose AI in the Act, faces specific requirements, including respecting EU copyright laws, transparency disclosures on model training, and routine testing with cybersecurity protections. Open-source models must make their parameters publicly available and enable access, usage, modification, and distribution of the model, unless they pose systemic risks.

Addressing these challenges will require a combination of technical expertise, legal knowledge, and strategic planning.?

Companies should proactively assess their AI systems, develop comprehensive compliance strategies, and stay updated on regulatory developments.

Compliance and Enforcement

Companies breaching the AI Act could face fines of up to 35 million euros or 7% of their global annual revenues, whichever is higher. The European AI Office will oversee compliance, supported by an AI Board with delegates from all 27 EU member states.

While most provisions of the AI Act will come into effect in 2026, general-purpose AI systems have a transition period of 36 months to achieve compliance.?

Companies must start preparing now to meet the upcoming regulations.

Preparing for the Future

As AI technology continues to evolve, the AI Act represents a significant step in regulating its development and application. Companies developing, using, or considering the use of AI should seek expert guidance to navigate these new regulations.

The team at GDPRLocal can assist with risk assessments, AI governance, and compliance strategies to ensure your business meets its obligations under the AI Act.

Contact Us

If you're developing, deploying, or applying AI in your company, now is the time to act.?

Contact our Customer Success Representative to schedule a consultation with our AI experts and start preparing for the future of AI regulation.

Start now to ensure you meet your obligations and continue to innovate.?