Quick overview of the EU AI Act: the first regulation on artificial intelligence
Prompt Team
March 19, 2024
In the past few months, the conversation about regulations in the field of AI has picked up around the world, reaching a new milestone last week when the European Parliament approved the Artificial Intelligence Act, the first legislative proposal of this kind. The AI Act aims to ensure safety and compliance with fundamental rights, while boosting innovation. The new regulation addresses risks, promotes ethical use, and establishes standards for high-risk applications. It was agreed in negotiations with member states in December 2023 and was endorsed by MEPs with 523 votes in favor, 46 against and 49 abstentions.
A Risk-based Regulation
The AI Act classifies AI systems into different risk categories, imposing stricter requirements on high-risk systems.
Unacceptable risk: Banned applications
Unacceptable risk AI systems are systems considered a threat to people and will be banned, including biometric identification and categorization of people, social scoring or real-time and remote biometric identification systems among others.
The regulation around these systems will enter into force within 6 months of the publication of the Act.
High-risk
This category of AI applications is where most of the text of the Act focuses on. It includes critical infrastructure, education and vocational training, employment, essential private and public services (e.g. healthcare, banking), certain systems in law enforcement, migration and border management, justice and democratic processes (e.g. influencing elections). Such systems must assess and reduce risks, maintain use logs, be transparent and accurate, and ensure human oversight.
Obligations around these systems will enter into force within thirty six months of the publication.
General purpose and Generative AI
Generative AI, like ChatGPT, while not considered high-risk, will have to comply with transparency requirements:
- Disclosing that the content was generated by AI
- Designing the model to prevent it from generating illegal content
- Publishing summaries of copyrighted data used for training
High-impact general-purpose AI models that might pose systemic risk, such as the more advanced AI model GPT-4, will have to undergo thorough evaluations and any serious incidents will have to be reported to the European Commission.
AI systems that generate or manipulate image, audio or video content, for example deepfakes, will need to be labeled as such so users will know they’re interacting with AI and make informed decisions.
General-purpose AI rules including governance will be applicable 12 months after entry into force.
What are some of the implications for businesses of the EU AI Act?
- The EU AI Act will apply to organizations both inside and outside the borders of the EU, similarly to the General Data Protection Regulation (GDPR). Both public and private organizations worldwide will have to comply if the AI system they are responsible for is placed on the European Union market or its use affects people located in the EU.
- Noncompliant organizations will have to pay sizable financial penalties, which will be either a specific amount or a significant percentage of global annual turnover.
Our take on the news
At Prompt Security we welcome this new regulatory framework. Being well aware of the unlimited potential and immense possibilities that AI brings with it, making a responsible use of it will be crucial to its safe, secure and widespread adoption. We have no doubt that other similar regulations will follow and look forward to continuing partnering with organizations to help them stay ahead of the upcoming AI regulatory frameworks and tackle existing ones like GDPR.
Ready to stay ahead of AI Regulations?
Sources:
https://www.gartner.com/document/5157732
