Artificial Intelligence Act

Last updated

Regulation 2024/1689
European Union regulation
Text with EEA relevance
Flag of Europe.svg
TitleArtificial Intelligence Act [1]
Made by European Parliament and Council
Journal reference OJ L, 2024/1689, 12.7.2024
History
European Parliament vote13 March 2024
Council Vote21 May 2024
Entry into force1 August 2024
Preparative texts
Commission proposal 2021/206
Other legislation
AmendsRegulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU
Current legislation

The Artificial Intelligence Act (AI Act) [1] is a European Union regulation concerning artificial intelligence (AI). It establishes a common regulatory and legal framework for AI within the European Union (EU). [2] It came into force on 1 August 2024, [3] with provisions that shall come into operation gradually over the following 6 to 36 months. [4]

Contents

It covers all types of AI across a broad range of sectors, with exceptions for AI systems used solely for military, national security, research and non-professional purposes. [5] As a piece of product regulation, it does not confer rights on individuals, but regulates the providers of AI systems and entities using AI in a professional context. [6]

The Act classifies non-exempt AI applications by their risk of causing harm. There are four levels – unacceptable, high, limited, minimal – plus an additional category for general-purpose AI. [7]

For general-purpose AI, transparency requirements are imposed, with reduced requirements for open source models, and additional evaluations for high-capability models. [8] [9]

The Act also creates a European Artificial Intelligence Board to promote national cooperation and ensure compliance with the regulation. [10] Like the EU's General Data Protection Regulation, the Act can apply extraterritorially to providers from outside the EU if they have users within the EU. [6]

Proposed by the European Commission on 21 April 2021, [11] it passed the European Parliament on 13 March 2024, [12] and was unanimously approved by the EU Council on 21 May 2024. [13] The draft Act was revised to address the rise in popularity of generative artificial intelligence systems, such as ChatGPT, whose general-purpose capabilities did not fit the main framework. [14]

Provisions

Risk categories

There are different risk categories depending on the type of application, with a specific category dedicated to general-purpose generative AI:

Exemptions

Articles 2.3 and 2.6 exempt AI systems used for military or national security purposes or pure scientific research and development from the AI Act. [15]

Article 5.2 bans algorithmic video surveillance only if it is conducted in real time. Exceptions allowing real-time algorithmic video surveillance include policing aims including "a real and present or real and foreseeable threat of terrorist attack". [15]

Recital 31 of the act states that it aims to prohibit "AI systems providing social scoring of natural persons by public or private actors", but allows for "lawful evaluation practices of natural persons that are carried out for a specific purpose in accordance with Union and national law." [20] La Quadrature du Net interprets this exemption as permitting sector-specific social scoring systems, [15] such as the suspicion score used by the French family payments agency Caisse d'allocations familiales. [21] [15]

Governance

The AI Act establishes various new bodies in Article 64 and the following articles. These bodies are tasked with implementing and enforcing the Act. The approach combines EU-level coordination with national implementation, involving both public authorities and private sector participation.

The following new bodies will be established: [22] [23]

  1. AI Office: attached to the European Commission, this authority will coordinate the implementation of the AI Act in all Member States and oversee the compliance of general-purpose AI providers.
  2. European Artificial Intelligence Board: composed of one representative from each Member State, the Board will advise and assist the Commission and Member States to facilitate the consistent and effective application of the AI Act. Its tasks include gathering and sharing technical and regulatory expertise, providing recommendations, written opinions, and other advice.
  3. Advisory Forum: established to advise and provide technical expertise to the Board and the Commission, this forum will represent a balanced selection of stakeholders, including industry, start-ups, small and medium-sized enterprises, civil society, and academia, ensuring that a broad spectrum of opinions is represented during the implementation and application process.
  4. Scientific Panel of Independent Experts: this panel will provide technical advice and input to the AI Office and national authorities, enforce rules for general-purpose AI models (notably by launching qualified alerts of possible risks to the AI Office), and ensure that the rules and implementations of the AI Act correspond to the latest scientific findings.

While the establishment of new bodies is planned at the EU level, Member States will have to designate "national competent authorities". [24] These authorities will be responsible for ensuring the application and implementation of the AI Act, and for conducting "market surveillance". [25] They will verify that AI systems comply with the regulations, notably by checking the proper performance of conformity assessments and by appointing third-parties to carry out external conformity assessments.

Enforcement

The Act regulates the entry to the EU internal market using the New Legislative Framework. It contains essential requirements that all AI systems must meet to access the EU market. These essential requirements are passed on to European Standardisation Organisations, which develop technical standards that further detail these requirements. [26] These standards are developed by CEN/CENELEC JTC 21. [27]

The Act mandates that member states establish their own notifying bodies. Conformity assessments are conducted to verify whether AI systems comply with the standards set out in the AI Act. [28] This assessment can be done in two ways: either through self-assessment, where the AI system provider checks conformity, or through third-party conformity assessment, where the notifying body conducts the assessment. [19] Notifying bodies also have the authority to carry out audits to ensure proper conformity assessments. [29]

Criticism has arisen regarding the fact that many high-risk AI systems do not require third-party conformity assessments. [30] [31] [32] Some commentators argue that independent third-party assessments are necessary for high-risk AI systems to ensure safety before deployment. Legal scholars have suggested that AI systems capable of generating deepfakes for political misinformation or creating non-consensual intimate imagery should be classified as high-risk and subjected to stricter regulation. [33]

Legislative procedure

In February 2020, the European Commission published "White Paper on Artificial Intelligence – A European approach to excellence and trust". [34] In October 2020, debates between EU leaders took place in the European Council. On 21 April 2021, the AI Act was officially proposed by the Commission. [11] On 6 December 2022, the European Council adopted the general orientation, allowing negotiations to begin with the European Parliament. On 9 December 2023, after three days of "marathon" talks, the EU Council and Parliament concluded an agreement. [35] [36]

The law was passed in the European Parliament on 13 March 2024, by a vote of 523 for, 46 against, and 49 abstaining. [37] It was approved by the EU Council on 21 May 2024. [13] It entered into force on 1 August 2024, [3] 20 days after being published in the Official Journal on 12 July 2024. [12] [38] After coming into force, there will be a delay before it becomes applicable, which depends on the type of application. This delay is 6 months for bans on "unacceptable risk" AI systems, 9 months for codes of practice, 12 months for general-purpose AI systems, 36 months for some obligations related to "high-risk" AI systems, and 24 months for everything else. [38] [37]

Reactions

Experts have argued that though the jurisdiction of the law is European, it could have far-ranging implications for international companies that plan to expand to Europe. [39] Anu Bradford at Columbia has argued that the law provides significant momentum to the world-wide movement to regulate AI technologies. [39]

Amnesty International criticized the AI Act for not completely banning real-time facial recognition, which they said could damage "human rights, civil space and rule of law" in the European Union. It also criticized the absence of ban on exporting AI technologies that can harm human rights. [39]

Some tech watchdogs have argued that there were major loopholes in the law that would allow large tech monopolies to entrench their advantage in AI, or to lobby to weaken rules. [40] [41] Some startups welcomed the clarification the act provides, while others argued the additional regulation would make European startups uncompetitive compared to American and Chinese startups. [41] La Quadrature du Net (LQDN) described the AI Act as "tailor-made for the tech industry, European police forces as well as other large bureaucracies eager to automate social control". LQDN described the role of self-regulation and exemptions in the act to render it "largely incapable of standing in the way of the social, political and environmental damage linked to the proliferation of AI". [15]

See also

Notes

    Related Research Articles

    <span class="mw-page-title-main">CE marking</span> European Declaration of conformity mark

    The presence of the logo on commercial products indicates that the manufacturer or importer affirms the goods' conformity with European health, safety, and environmental protection standards. It is not a quality indicator or a certification mark. The CE marking is required for goods sold in the European Economic Area (EEA); goods sold elsewhere may also carry the mark.

    <span class="mw-page-title-main">Medical device</span> Device to be used for medical purposes

    A medical device is any device intended to be used for medical purposes. Significant potential for hazards are inherent when using a device for medical purposes and thus medical devices must be proved safe and effective with reasonable assurance before regulating governments allow marketing of the device in their country. As a general rule, as the associated risk of the device increases the amount of testing required to establish safety and efficacy also increases. Further, as associated risk increases the potential benefit to the patient must also increase.

    <span class="mw-page-title-main">Know your customer</span> Financial institution and company term

    Know your customer (KYC) guidelines and regulations in financial services require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. The procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.

    Type approval or certificate of conformity is granted to a product that meets a minimum set of regulatory, technical and safety requirements. Generally, type approval is required before a product is allowed to be sold in a particular country, so the requirements for a given product will vary around the world. Processes and certifications known as type approval in English are often called homologation, or some cognate expression, in other European languages.

    Export control is legislation that regulates the export of goods, software and technology. Some items could potentially be useful for purposes that are contrary to the interest of the exporting country. These items are considered to be controlled. The export of controlled item is regulated to restrict the harmful use of those items. Many governments implement export controls. Typically, legislation lists and classifies the controlled items, classifies the destinations, and requires exporters to apply for a licence to a local government department.

    The ethics of artificial intelligence covers a broad range of topics within the field that are considered to have particular ethical stakes. This includes algorithmic biases, fairness, automated decision-making, accountability, privacy, and regulation. It also covers various emerging or potential future challenges such as machine ethics, lethal autonomous weapon systems, arms race dynamics, AI safety and alignment, technological unemployment, AI-enabled misinformation, how to treat certain AI systems if they have a moral status, artificial superintelligence and existential risks.

    <span class="mw-page-title-main">CLP Regulation</span> 2008 European Union regulation about chemicals

    The CLP Regulation is a European Union regulation from 2008, which aligns the European Union system of classification, labelling and packaging of chemical substances and mixtures to the Globally Harmonised System (GHS). It is expected to facilitate global trade and the harmonised communication of hazard information of chemicals and to promote regulatory efficiency. It complements the 2006 Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) Regulation and replaces an older system contained in the Dangerous Substances Directive (67/548/EEC) and the Dangerous Preparations Directive (1999/45/EC).

    The regulation of chemicals is the legislative intent of a variety of national laws or international initiatives such as agreements, strategies or conventions. These international initiatives define the policy of further regulations to be implemented locally as well as exposure or emission limits. Often, regulatory agencies oversee the enforcement of these laws.

    <span class="mw-page-title-main">European Banking Authority</span> Agency of the European Union

    The European Banking Authority (EBA) is a regulatory agency of the European Union headquartered in La Défense, Île-de-France. Its activities include conducting stress tests on European banks to increase transparency in the European financial system and identifying weaknesses in banks' capital structures.

    <span class="mw-page-title-main">Regulation (EU) No. 305/2011</span>

    Regulation No. 305/2011 of the European Parliament and of the Council of the European Union is a regulation of 9 March 2011 which lays down harmonised conditions for the marketing of construction products and replaces Construction Products Directive (89/106/EEC). This EU regulation is designed to simplify and clarify the existing framework for the placing on the market of construction products. It replaced the earlier (1989) Construction Products Directive (89/106/EEC).

    <span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

    The General Data Protection Regulation, abbreviated GDPR, or French RGPD is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

    The migration and asylum policy of the European Union is within the area of freedom, security and justice, established to develop and harmonise principles and measures used by member countries of the European Union to regulate migration processes and to manage issues concerning asylum and refugee status in the European Union.

    Regulation of algorithms, or algorithmic regulation, is the creation of laws, rules and public sector policies for promotion and regulation of algorithms, particularly in artificial intelligence and machine learning. For the subset of AI algorithms, the term regulation of artificial intelligence is used. The regulatory and policy landscape for artificial intelligence (AI) is an emerging issue in jurisdictions globally, including in the European Union. Regulation of AI is considered necessary to both encourage AI and manage associated risks, but challenging. Another emerging topic is the regulation of blockchain algorithms and is mentioned along with regulation of AI algorithms. Many countries have enacted regulations of high frequency trades, which is shifting due to technological progress into the realm of AI algorithms.

    Regulation of artificial intelligence is the development of public sector policies and laws for promoting and regulating artificial intelligence (AI). It is part of the broader regulation of algorithms. The regulatory and policy landscape for AI is an emerging issue in jurisdictions worldwide, including for international organizations without direct enforcement power like the IEEE or the OECD.

    <span class="mw-page-title-main">Digital Services Act</span> European Union regulation on digital services content

    The Digital Services Act (DSA) is an EU regulation adopted in 2022 that addresses illegal content, transparent advertising and disinformation. It updates the Electronic Commerce Directive 2000 in EU law, and was proposed alongside the Digital Markets Act (DMA).

    <span class="mw-page-title-main">Digital Markets Act</span> European Union regulation on digital platforms

    The Digital Markets Act (DMA) is an EU regulation that aims to make the digital economy fairer and more contestable. The regulation entered into force on 1 November 2022 and became applicable, for the most part, on 2 May 2023.

    <span class="mw-page-title-main">Data Act (European Union)</span> EU regulation on promoting the exchange and use of data

    The Data Act is a European Union regulation which aims to facilitate and promote the exchange and use of data within the European Economic Area.

    <span class="mw-page-title-main">Cyber Resilience Act</span> Proposed cybersecurity regulation in the EU

    The Cyber Resilience Act (CRA) is an EU regulation proposed on 15 September 2022 by the European Commission for improving cybersecurity and cyber resilience in the EU through common cybersecurity standards for products with digital elements in the EU, such as required incident reports and automatic security updates. Products with digital elements mainly are hardware and software whose "intended and foreseeable use includes direct or indirect data connection to a device or network".

    Discussions on regulation of artificial intelligence in the United States have included topics such as the timeliness of regulating AI, the nature of the federal regulatory framework to govern and promote AI, including what agency should lead, the regulatory and governing powers of that agency, and how to update regulations in the face of rapidly changing technology, as well as the roles of state governments and courts.

    References

    1. 1 2 3 Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)
    2. "Proposal for a Regulation laying down harmonised rules on artificial intelligence: Shaping Europe's digital future". digital-strategy.ec.europa.eu. 21 April 2021. Archived from the original on 4 January 2023. Retrieved 6 October 2024.
    3. 1 2 "AI Act enters into force" (Press release). Brussels: European Commission. 1 August 2024. Retrieved 5 August 2024.
    4. "Timeline of Developments". artificialintelligenceact.eu. Future of Life Institute. Retrieved 13 July 2024.
    5. "Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world". Council of the EU. 9 December 2023. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
    6. 1 2 3 Mueller, Benjamin (4 May 2021). "The Artificial Intelligence Act: A Quick Explainer". Center for Data Innovation. Archived from the original on 14 October 2022. Retrieved 6 January 2024.
    7. Lilkov, Dimitar (2021). "Regulating artificial intelligence in the EU: A risky game". European View. 20 (2): 166–174. doi: 10.1177/17816858211059248 .
    8. Espinoza, Javier (9 December 2023). "EU agrees landmark rules on artificial intelligence". Financial Times. Archived from the original on 29 December 2023. Retrieved 6 January 2024.
    9. 1 2 3 4 "EU AI Act: first regulation on artificial intelligence". European Parliament News. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
    10. MacCarthy, Mark; Propp, Kenneth (4 May 2021). "Machines learn that Brussels writes the rules: The EU's new AI regulation". Brookings. Archived from the original on 27 October 2022. Retrieved 7 September 2021.
    11. 1 2 3 Proposal for a Regulation laying down harmonised rules on artificial intelligence
    12. 1 2 "World's first major act to regulate AI passed by European lawmakers". CNBC. 14 March 2024. Archived from the original on 13 March 2024. Retrieved 13 March 2024.
    13. 1 2 Browne, Ryan (21 May 2024). "World's first major law for artificial intelligence gets final EU green light". CNBC. Archived from the original on 21 May 2024. Retrieved 22 May 2024.
    14. Coulter, Martin (7 December 2023). "What is the EU AI Act and when will regulation come into effect?". Reuters. Archived from the original on 10 December 2023. Retrieved 11 January 2024.
    15. 1 2 3 4 5 6 With the AI Act adopted, the techno-solutionist gold-rush can continue, La Quadrature du Net, 22 May 2024, Wikidata   Q126064181, archived from the original on 23 May 2024
    16. Mantelero, Alessandro (2022), Beyond Data. Human Rights, Ethical and Social Impact Assessment in AI, Information Technology and Law Series, vol. 36, The Hague: Springer-T.M.C. Asser Press, doi: 10.1007/978-94-6265-531-7 , ISBN   978-94-6265-533-1
    17. Bertuzzi, Luca (7 December 2023). "AI Act: EU policymakers nail down rules on AI models, butt heads on law enforcement". Euractiv. Archived from the original on 8 January 2024. Retrieved 6 January 2024.
    18. Liboreiro, Jorge (21 April 2021). "'Higher risk, stricter rules': EU's new artificial intelligence rules". Euronews. Archived from the original on 6 January 2024. Retrieved 6 January 2024.
    19. 1 2 Veale, Michael; Borgesius, Frederik Zuiderveen (1 August 2021). "Demystifying the Draft EU Artificial Intelligence Act — Analysing the good, the bad, and the unclear elements of the proposed approach". Computer Law Review International. 22 (4): 97–112. arXiv: 2107.03721 . doi:10.9785/cri-2021-220402. ISSN   2194-4164. S2CID   235765823.
    20. Artificial Intelligence Act: [1] Recital 31
    21. Notation des allocataires : la CAF étend sa surveillance à l'analyse des revenus en temps réel (in French), La Quadrature du Net, 13 March 2024, Wikidata   Q126066451, archived from the original on 1 April 2024
    22. Bertuzzi, Luca (21 November 2023). "EU lawmakers to discuss AI rulebook's revised governance structure". Euractiv. Archived from the original on 22 May 2024. Retrieved 18 April 2024.
    23. Friedl, Paul; Gasiola, Gustavo Gil (7 February 2024). "Examining the EU's Artificial Intelligence Act". Verfassungsblog. doi:10.59704/789d6ad759d0a40b. Archived from the original on 22 May 2024. Retrieved 16 April 2024.
    24. Proposal: [11] Article 3 – definitions. Excerpt: "'national competent authority' means the national supervisory authority, the notifying authority and the market surveillance authority."
    25. "Artificial Intelligence – Questions and Answers". European Commission. 12 December 2023. Archived from the original on 6 April 2024. Retrieved 17 April 2024.
    26. Tartaro, Alessio (2023). "Regulating by standards: current progress and main challenges in the standardisation of Artificial Intelligence in support of the AI Act". European Journal of Privacy Law and Technologies. 1 (1). Archived from the original on 3 December 2023. Retrieved 10 December 2023.
    27. "With the AI Act, we need to mind the standards gap". CEPS. 25 April 2023. Retrieved 15 September 2024.
    28. COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the Proposal for a Regulation of the European Parliament and of the Council LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT) AND AMENDING CERTAIN UNION LEGISLATIVE ACTS
    29. Casarosa, Federica (1 June 2022). "Cybersecurity certification of Artificial Intelligence: a missed opportunity to coordinate between the Artificial Intelligence Act and the Cybersecurity Act". International Cybersecurity Law Review. 3 (1): 115–130. doi:10.1365/s43439-021-00043-6. ISSN   2662-9739. S2CID   258697805.
    30. Smuha, Nathalie A.; Ahmed-Rengers, Emma; Harkens, Adam; Li, Wenlong; MacLaren, James; Piselli, Riccardo; Yeung, Karen (5 August 2021). "How the EU Can Achieve Legally Trustworthy AI: A Response to the European Commission's Proposal for an Artificial Intelligence Act". SSRN   3899991.
    31. Ebers, Martin; Hoch, Veronica R. S.; Rosenkranz, Frank; Ruschemeier, Hannah; Steinrötter, Björn (December 2021). "The European Commission's Proposal for an Artificial Intelligence Act—A Critical Assessment by Members of the Robotics and AI Law Society (RAILS)". J: Multidisciplinary Scientific Journal. 4 (4): 589–603. doi: 10.3390/j4040043 . ISSN   2571-8800.
    32. Almada, Marco; Petit, Nicolas (27 October 2023). "The EU AI Act: Between Product Safety and Fundamental Rights". SSRN   4308072.
    33. Romero-Moreno, Felipe (29 March 2024). "Generative AI and deepfakes: a human rights approach to tackling harmful content". International Review of Law, Computers & Technology. 39 (2): 1–30. doi: 10.1080/13600869.2024.2324540 . hdl: 2299/20431 . ISSN   1360-0869.
    34. "White Paper on Artificial Intelligence – a European approach to excellence and trust". European Commission. 19 February 2020. Archived from the original on 5 January 2024. Retrieved 6 January 2024.
    35. Procedure 2021/0106/COD
    36. "Timeline – Artificial intelligence". European Council. 9 December 2023. Archived from the original on 6 January 2024. Retrieved 6 January 2024.
    37. 1 2 "Artificial Intelligence Act: MEPs adopt landmark law". European Parliament. 13 March 2024. Archived from the original on 15 March 2024. Retrieved 14 March 2024.
    38. 1 2 David, Emilia (14 December 2023). "The EU AI Act passed — now comes the waiting". The Verge. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
    39. 1 2 3 "Europe agreed on world-leading AI rules. How do they work and will they affect people everywhere?". AP News. 11 December 2023. Retrieved 31 May 2024.
    40. "EU parliament greenlights landmark artificial intelligence regulations". Al Jazeera. Retrieved 31 May 2024.
    41. 1 2 "The EU passed the first AI law. Tech experts say it's 'bittersweet'". euronews. 16 March 2024. Retrieved 31 May 2024.
    This page is based on this Wikipedia article
    Text is available under the CC BY-SA 4.0 license; additional terms may apply.
    Images, videos and audio are available under their respective licenses.