An Overview of the EU AI Act: What You Need to Know
CITI Program
CITI Program provides online content in research, ethics, and compliance for organizations and individual learners.
Overview
Regulatory agencies and governments have been moving to institute policies and regulations that encourage artificial intelligence (AI) innovation and protect humans from potential pitfalls. Leading the way, the European Union (EU) recently passed the EU AI Act, which provides an extensive framework for evaluating and regulating the development and usage of AI in the EU [1]. Given the central role of the EU in the global economy and the commonplace usage of the internet to transcend national borders, many companies will need to comply with this act [2].
Introduction to the EU AI Act
Having taken effect on August 1, 2024, the EU AI Act represents the European Commission’s work to establish a framework for determining whether a particular implementation of AI is “trustworthy,” with trustworthiness considered in terms of whether a given risk of AI is acceptable [3].
An artificial intelligence system (“AI system”) is defined broadly in the act as “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.” [1]
Additionally, the act differentiates between AI systems, as defined above, and “General Purpose AI Models” (GPAI) upon which AI systems are built. GPAI are defined as models that are “trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market, and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market.” [1]
Scope of the EU AI Act
The EU AI Act regulates AI systems and GPAI independently of one another. It outlines an oversight mechanism for AI systems that relies on assessing potential risks that AI could cause. The four tiers are minimal, limited, high, and unacceptable. Those systems with the most risk, a level deemed “unacceptable,” are banned from the EU. Examples of each risk tier are [4]:
Further, GPAI models are categorized as either posing a “normal” or “systemic” risk. GPAI models meet the criterion for having “systemic risk” if they have what are considered “high impact capabilities,” which are defined as computation used for training exceeding 1025 FLOPS, or if the European Commission deems it as having systemic risk (for example, after being notified by a panel of experts).
These designations and the requisite compliance with each tier fall upon any organization that develops, provides, or deploys AI, GPAI, or the output of either in or to the EU.
What the EU AI Act Means for Companies
Though approved in August 2024, the EU AI Act’s requirements will take effect gradually over the next few years [5]. The first set of requirements—including the ban on prohibited AI practices—will go into effect on February 2, 2025. Thus, depending on the specific nature of the AI used and the risk category, various steps must be taken by organizations to ensure compliance.
Non-compliance by companies may result in steep fines, with the European Commission indicating the following penalties [6]:
Best Practices for Navigating Compliance
The following steps are recommended as companies move towards complying with the EU AI Act [7]:
→Implementing a risk management process
→Ensuring that all technical, security, and other documentation is thorough, complete, and up-to-date
→Creating documentation and instructions for deployers and humans providing appropriate oversight
→Ensuring that cybersecurity systems are robust and meet requirements
→Ensuring the quality of input data and adhering to applicable national and EU copyright and privacy laws
EU AI Training
CITI Program’s EU AI Act course explores the transformative landscape of artificial intelligence regulation. This training thoroughly introduces the world’s first legally binding AI legislation, adopted by the European Union in 2024. Designed to address the rapid proliferation of AI technologies, the EU AI Act transitions AI policy from voluntary ethical standards to a robust legal framework based on risk assessment and compliance obligations.
In this course, learners review the EU AI Act’s scope and structure, its risk-based approach, and the role of conformity and fundamental rights impact assessments. They also gain insights into the EU AI Act’s enforcement mechanisms, its interplay with European data protection laws, and its position within the broader digital policy landscape. Licensed from the Future of Privacy Forum, this training equips professionals with the knowledge to navigate and comply with this groundbreaking legislation while understanding its global implications.
领英推荐
Summary
The European Union has produced a comprehensive regulatory framework to ensure the safe usage of AI in the EU. As the EU AI Act requirements will go into effect over time, there is still time to ensure compliance. The penalties for non-compliance are significant enough to warrant designating appropriate parties within one’s organization to be involved in the process. As with any endeavor of this complexity and importance, consultation with your organization’s legal counsel will be paramount and is strongly encouraged.
View the article on our blog for a complete list of references:
This course was authored by:
This webinar was presented by: