NEW ARTIFICIAL INTELLIGENCE ACT AND INNOVATIONS IT BRINGS

Today, as a result of the increasing technological development, artificial intelligence applications have started to occupy a significant place in daily life. Until today, there has not been any legislation in place to address the problems occur from rapidly increasing artificial intelligence systems. In order to prevent the negative outputs of this situation and to bring it to a conclusion in a legal framework, the European Union (“the EU”) bodies have now come to the stage of punctuating the preparations. The draft of the regulation “Artificial Intelligence Act” proposed by the European Commission (“the EU Commission”) to the European Parliament (“the EU Parliament”) and the EU Parliament has been approved the draft text with the vote made on 14th of June, 2023. With this approval, the draft text has been opened for negotiation both between the EU Commission and the EU Parliament and between the Parliament and the EU member states.

SCOPE OF THE AI ACT

First of all, the act will be directly applied in the domestic laws of all EU Member States. On the other hand, although the relevant act is within the EU legislation, it will be applicable for AI system providers, distributors, importers, manufacturers whom put AI systems in the EU market, regardless of whether they are located in the EU borders or not. In short words, if an output produced by the relevant AI system is used within the EU, these actors will be within the scope of the AI Act even if the actor is not resident in the EU. For the explained reasons, it is estimated that the relevant act will find a wide range of application around the world.

CONTENT OF THE AI ACT: RISK-BASED APPROACH AND CODES OF CONDUCT

When the act is examined, it is seen that the EU Parliament approaches the issue in a way that puts the fundamental rights and freedoms of individuals in foreground. In this context, the EU Parliament approved the draft regulation that aims to ensure the artificial intelligence systems are safe, transparent and also brings out certain “Codes of Conduct” for companies and imposes heavy sanctions if these rules are not followed. The artificial intelligence systems are divided into various risk groups according to the data they process, the outputs they produce. In order to classify the risks, the regulation applies “risk-based approach” to the matter.

The relevant act has divided AI systems into four main risk groups within the scope of “risk-based approach”. These groups appear as “low-risk”, “limited-risk”, “high-risk” and “unacceptable-risk”. The AI Act has brought certain rules for all actors which involved in the AI life-cycle (development, use, import, distribution or production of AI systems) and stipulated their liabilities according to these risk groups.

In the relevant act, it is recommended to comply with the basic “Codes of Conduct” foreseen for all AI practitioners, regardless of which risk group the AI system is in. In addition, some extra rules have been envisaged especially in terms of high-risk and unacceptable risk groups.

It is seen that the systems that are likely to cause significant harm to the health, safety or fundamental rights and freedoms of individuals are in the “high-risk” group. It is stated that the AI systems which use robotic systems in surgery and AI systems for autonomous vehicles are included in this risk group. In the category of “unacceptable risk”, there are systems that use subliminal techniques or make biometric identification, social classification, predictive policing, databases that require face recognition connected to the Internet and systems that track the location of individuals. According to AI Act, it is prohibited to use such systems in the fields of police forces, workplaces and education areas. It is envisaged to ban the AI systems which stated in the unacceptable risk group but for the high-risk AI systems, main obligations have brought with the relevant law, which vary according to the type of institutions using the system. These main obligations are;

1.????? Establishment of a risk management system,

2.????? Development of data governance practices,

3.????? Preparation of necessary technical documents before the system is launched,?

4.????? Creation of an easy record-keeping system,

5.????? Improvement of the relevant system for users,

6.????? Designing the AI system to be amenable to human supervision,

7.????? Ensuring an appropriate level of cybersecurity throughout the lifecycle of the AI system.

In addition to all these obligations, systems that pose a high-risk must be subjected to a “Conformity Assessment” and this assessment must be completed before the relevant system is launched and recorded in the database to be created separately within the EU.

THE SANCTIONS

The sanctions that will be imposed in case of a violation can cause serious consequences for companies which develop and/or use AI systems on their operations. Companies can be face with fines that ranges from 10 million to 40 million Euros, or between 2% and 7% of annual global turnover, depending on the aspect of the violation. It has been clearly understood that the value given by the Parliament to the fundamental rights and freedoms of individuals.

CONCLUSION

The AI systems considered to be the most developing areas of ever-growing technology and these systems bring innovations almost in every area. Yet, the consequences of such systems are still in an unknown area. The need to regulate these learning-based systems and to link their outputs to certain legal outcomes arose with these developments. In this context, the EU bodies have taken action for the last few years and finally a legal draft framework has been done by the EU Commission. This draft has been approved by the EU Parliament on the vote made on 14th of June, 2023. With the relevant law, the Parliament aimed to protect the fundamental rights and freedoms of individuals with a risk-based approach by bringing a set of codes of conduct and obligations to the actors in the life cycle of AI systems. Although this very act has not entered into force yet, companies need to start preparations in order to comply the relevant act. With the approval of the EU Parliament made on 14th of June 2023, the draft text was opened to negotiations between the EU Commission and the EU Parliament and member states. These negotiations are expected to continue until 2024.