World’s First Major AI Law 'EU AI Act' Enters into Force — Here’s What It Means for Tech Giants and Other Stakeholders

The European Union (EU) has taken a major step towards regulating artificial intelligence (AI) by introducing the EU AI Act. This groundbreaking legislation aims to establish the EU as a leader in trustworthy, human-centric AI. Below is a comprehensive overview of the EU AI Act and its implications.

AI Regulations

The EU AI Act serves as the primary legislative framework for regulating AI within the EU. In addition, the AI Liability Directive has been proposed to ensure that liability rules are appropriately applied to AI-related claims.

Status of the AI Regulations

Published in the EU Official Journal on July 12, 2024, the EU AI Act is the first comprehensive horizontal legal framework for AI regulation across the EU. It will come into force on August 1, 2024, and become effective on August 2, 2026, with specific provisions listed in Article 113.

The AI Liability Directive, still in draft form, awaits consideration by the European Parliament and the Council of the EU, with no fixed timeline for its finalization.

Related Laws Affecting AI

Several existing EU laws may impact AI development and use, including:

• The EU General Data Protection Regulation (GDPR) (EU) 2016/679
• The Product Liability Directive, which may replace Directive 85/374/EEC to allow compensation for harm caused by software, including AI
• The General Product Safety Regulation 2023/988/EU, replacing Directive 2001/95/EC
• Various intellectual property laws under the national laws of EU Member States

Definition of AI

The EU AI Act defines AI with precise terms:

• AI system: A machine-based system designed to operate autonomously, capable of adaptiveness after deployment, and generating outputs like predictions, content, recommendations, or decisions influencing environments.
• General-purpose AI model: An AI model trained with extensive data, capable of performing a wide range of tasks and integrated into various applications.
• General-purpose AI system: An AI system based on a general-purpose AI model, serving multiple purposes for direct use or integration in other AI systems.

The AI Liability Directive is expected to adopt the same definitions as the EU AI Act.

Territorial Scope

The EU AI Act applies extraterritorially to:

• Providers placing AI systems or models on the EU market, regardless of their location
• Deployers of AI systems located in the EU
• Providers or deployers outside the EU if the AI system's output is intended for use within the EU

The AI Liability Directive applies to non-contractual fault-based civil law claims within the EU.

Sectoral Scope

The EU AI Act is non-sector-specific, applying across all sectors. Similarly, the AI Liability Directive pertains to non-contractual fault-based civil law claims in national courts.

Compliance Roles

The EU AI Act defines specific roles and their compliance obligations:

• Providers: Developers or those placing AI systems/models on the EU market
• Distributors: Entities making AI systems available in the supply chain
• Importers: Entities in the EU placing AI systems bearing a non-EU entity’s name or trademark on the market
• Deployers: Entities using AI systems under their authority, except for personal, non-professional use
• Operators: This encompasses providers, product manufacturers, deployers, importers, distributors, or authorized representatives

The AI Liability Directive increases the likelihood of successful claims against AI system developers or users relying on AI outputs.

Core Issues Addressed by the AI Regulations

The EU AI Act aims to promote human-centric, trustworthy AI while ensuring high levels of protection for health, safety, fundamental rights, democracy, and the rule of law. It also supports innovation and the internal market's functioning.

The AI Liability Directive ensures that individuals harmed by AI systems receive the same protection as those harmed by other technologies, addressing the complexities of fault-based liability for AI-enabled products and services.

Risk Categorization

The EU AI Act classifies AI systems by risk levels:

• Unacceptable Risk: Prohibited AI systems, including those used for social scoring and deceptive techniques
• High Risk: AI systems subject to detailed compliance obligations in areas like education, employment, law enforcement, and more
• Limited Risk: AI systems requiring transparency obligations, including chatbots and deep fakes
• Low or Minimal Risk: AI systems not covered by the above categories

General-purpose AI models are further classified by their systemic risk potential.

Key Compliance Requirements

Compliance obligations are determined by the AI system's risk level:

• Unacceptable Risk: Prohibited outright
• High Risk: Registration in an EU database and compliance with extensive requirements on data governance, technical documentation, transparency, human oversight, and cybersecurity
• Limited Risk: Subject to transparency obligations
• Low or Minimal Risk: No specific obligations under the EU AI Act

General-purpose AI models must meet technical documentation and transparency obligations and cooperate with the Commission and national authorities.

Regulators and Enforcement

Enforcement involves a combination of national and EU authorities. EU Member States will designate national competent authorities, including notifying and market surveillance authorities. An AI Office within the Commission and an AI Board with Member States' representatives will support enforcement and ensure consistent application.

Penalties for non-compliance include significant fines and restrictions on market access. The AI Liability Directive introduces a rebuttable presumption of causality and empowers national courts to order disclosure of evidence related to high-risk AI systems.

Conclusion

The EU AI Act represents a landmark effort in AI regulation, aiming to position the EU as a leader in human-centric, trustworthy AI. By setting comprehensive compliance requirements, risk categorization, and robust enforcement mechanisms, the Act provides a blueprint for global AI governance. As the regulatory landscape evolves, the EU AI Act will serve as a critical reference point for jurisdictions worldwide in crafting their AI regulations.