Artificial Intelligence Act

Last updated

Regulation
European Union regulation
Flag of Europe.svg
TitleRegulation ... laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)
Preparative texts
Commission proposal 2021/206

The Artificial Intelligence Act (AI Act) is a proposed European Union regulation on artificial intelligence (AI) in the European Union. It aims to establish a common regulatory and legal framework for AI. [1] Proposed by the European Commission on 21 April 2021 [2] and passed in the European Parliament on 13 March 2024, [3] it awaits reading in the EU Council. [4]

Contents

Its scope would encompass all types of AI in a broad range of sectors (exceptions include AI systems used solely for military, national security, research, and non-professional purpose [5] ). As a piece of product regulation, it would not confer rights on individuals, but would regulate the providers of AI systems, and entities using AI in a professional context. [6]

The AI Act was revised following the rise in popularity of generative AI systems such as ChatGPT, whose general-purpose capabilities present different stakes and did not fit the defined framework. [7] More restrictive regulations are planned for powerful generative AI systems with systemic impact. [8]

The proposed EU Artificial Intelligence Act aims to classify and regulate AI applications based on their risk to cause harm. This classification includes four categories of risk ("unacceptable", "high", "limited" and "minimal"), plus one additional category for general-purpose AI. Applications deemed to represent unacceptable risks are banned. High-risk ones must comply to security, transparency and quality obligations and undergo conformity assessments. Limited-risk AI applications only have transparency obligations, and those representing minimal risks are not regulated. For general-purpose AI, transparency requirements are imposed, with additional and thorough evaluations when representing particularly high risks. [8] [9]

The Act further proposes the introduction of a European Artificial Intelligence Board to promote national cooperation and ensure compliance with the regulation. [10]

The AI Act is expected to have a large impact on the economy. Like the European Union's General Data Protection Regulation, it can apply extraterritorially to providers from outside the EU, if they have products within the EU. [6]

Provisions

Risk categories

There are different risk categories depending on the type of application, and one specifically dedicated to general-purpose generative AI :

Institutional governance

The draft AI Act, per the European Parliament Legislative Resolution of 13 March 2024, includes the establishment of various new institutions in Article 64 and the following articles. These institutions are tasked with implementing and enforcing the AI Act. The approach is characterized by a multidimensional combination of centralized and decentralized, as well as public and private enforcement aspects, due to the interaction of various institutions and actors at both EU and national levels.

The following new institutions will be established: [16] [17]

  1. AI Office: Attached to the European Commission, this authority will coordinate the implementation of the AI Act in all Member States and oversee the compliance of GPAI providers.
  2. European Artificial Intelligence Board: Composed of one representative from each Member State, the Board will advise and assist the Commission and Member States to facilitate the consistent and effective application of the AI Act. Its tasks include gathering and sharing technical and regulatory expertise, providing recommendations, written opinions, and other advice.
  3. Advisory Forum: Established to advise and provide technical expertise to the Board and the Commission, this forum will represent a balanced selection of stakeholders, including industry, start-ups, small and medium-sized enterprises, civil society, and academia, ensuring that a broad spectrum of opinions is represented during the implementation and application process.
  4. Scientific Panel of Independent Experts: This panel will provide technical advice and input to the AI Office and national authorities, enforce rules for GPAI models (notably by launching qualified alerts of possible risks to the AI Office), and ensure that the rules and implementations of the AI Act correspond to the latest scientific findings.

While the establishment of new institutions is planned at the EU level, Member States will have to designate "national competent authorities". [18] These authorities will be responsible for ensuring the application and implementation of the AI Act, and for conducting "market surveillance". [19] They will verify that AI systems comply with the regulations, notably by checking the proper performance of conformity assessments and by appointing third-parties to carry out external conformity assessments.

Enforcement

The Act regulates the entry to the EU internal market. To this extent it uses the New Legislative Framework,[ clarification needed ] which can be traced back to the New Approach[ clarification needed ] which dates back to 1985. How this works is as follows: The EU legislator enacts the AI Act, which contains the most important provisions that all AI systems that want access to the EU internal market will have to comply with. These requirements are called 'essential requirements'. Under the New Legislative Framework, these essential requirements are passed on to European Standardisation Organisations who draw up technical standards that further specify the essential requirements. [20]

As mentioned above, the Act requires that member states set up their own notifying bodies. Conformity assessments should take place in order to check whether AI-systems indeed conform to the standards as set out in the AI-Act. [21] This conformity assessment is either done by self-assessment, which means that the provider of the AI-system checks for conformity themselves, or this is done through third party conformity assessment which means that the notifying body will carry out the assessment. [22] Notifying bodies do retain the possibility to carry out audits to check whether conformity assessment is carried out properly. [23]

Under the current proposal it seems to be the case that many high-risk AI-systems do not require third party conformity assessment which is critiqued by some. [23] [24] [25] [26] These critiques are based on the fact that high-risk AI-systems should be assessed by an independent third party to fully secure its safety. Concerns have also been raised by legal scholars surrounding the issue of whether deepfakes used to spread political misinformation or create non-consensual intimate imagery should be considered high-risk AI systems, potentially leading to stricter regulation. [27]

Legislative procedure

In February 2020, the European Commission published "White Paper on Artificial Intelligence – A European approach to excellence and trust". [28] In October 2020, debates between EU leaders took place in the European Council. On 21 April 2021, the AI Act was officially proposed by the Commission. On 6 December 2022, the European Council adopted the general orientation, allowing negotiations to begin with the European Parliament. On 9 December 2023, after three days of "marathon" talks, the EU Council and Parliament concluded an agreement. [29]

The law was passed in the European Parliament with an overwhelming majority on 13 March 2024, and awaits reading in the EU Council. [4] Once enacted, it should come into force 20 days after being published in the Official Journal , [30] expectedly at the end of the legislative term in May. [3] After coming into force, there will be a delay before it becomes applicable, which depends on the type of application. This delay is 6 months for bans on "unacceptable risk" AI systems, 9 months for codes of practice, 12 months for general-purpose AI systems, 36 months for some obligations related to "high-risk" AI systems, and 24 months for everything else. [31] [30]

See also

Related Research Articles

<span class="mw-page-title-main">Comitology</span> Process by which European Union law is modified or adjusted

Comitology in the European Union refers to a process by which EU law is implemented or adjusted by the European Commission working in conjunction with committees of national representatives from the EU member states, colloquially called "comitology committees". These are chaired by the European Commission. The official term for the process is committee procedure. Comitology committees are part of the EU's broader system of committees that assist in the making, adoption, and implementation of EU laws.

<span class="mw-page-title-main">CE marking</span> European Declaration of conformity mark

The presence of the logo on commercial products indicates that the manufacturer or importer affirms the goods' conformity with European health, safety, and environmental protection standards. It is not a quality indicator or a certification mark. The CE marking is required for goods sold in the European Economic Area (EEA); goods sold elsewhere may also carry the mark.

<span class="mw-page-title-main">Medical device</span> Device to be used for medical purposes

A medical device is any device intended to be used for medical purposes. Significant potential for hazards are inherent when using a device for medical purposes and thus medical devices must be proved safe and effective with reasonable assurance before regulating governments allow marketing of the device in their country. As a general rule, as the associated risk of the device increases the amount of testing required to establish safety and efficacy also increases. Further, as associated risk increases the potential benefit to the patient must also increase.

Type approval or certificate of conformity is granted to a product that meets a minimum set of regulatory, technical and safety requirements. Generally, type approval is required before a product is allowed to be sold in a particular country, so the requirements for a given product will vary around the world. Processes and certifications known as type approval in English are often called homologation, or some cognate expression, in other European languages.

Government procurement or public procurement is undertaken by the public authorities of the European Union (EU) and its member states in order to award contracts for public works and for the purchase of goods and services in accordance with principles derived from the Treaties of the European Union. Such procurement represents 13.6% of EU GDP as of March 2023, and has been the subject of increasing European regulation since the 1970s because of its importance to the European single market.

ENTSO-E, the European Network of Transmission System Operators, represents 40 electricity transmission system operators (TSOs) from 36 countries across Europe, thus extending beyond EU borders. ENTSO-E was established and given legal mandates by the EU's Third Package for the Internal energy market in 2009, which aims at further liberalising the gas and electricity markets in the EU. Ukrainian Ukrenergo became the 40th member of the association on 1 January 2024.

<span class="mw-page-title-main">European Securities and Markets Authority</span> Financial regulatory agency of the European Union

The European Securities and Markets Authority (ESMA) is an agency of the European Union located in Paris.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

eIDAS EU electronic identification regulation

eIDAS is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

<span class="mw-page-title-main">2024 European Parliament election</span> Upcoming election for the 10th European Parliament

The 2024 European Parliament election is scheduled to be held on 6 to 9 June 2024. This will be the tenth parliamentary election since the first direct elections in 1979, and the first European Parliament election after Brexit. This election will also coincide with a number of other elections in the European Union.

Regulation of algorithms, or algorithmic regulation, is the creation of laws, rules and public sector policies for promotion and regulation of algorithms, particularly in artificial intelligence and machine learning. For the subset of AI algorithms, the term regulation of artificial intelligence is used. The regulatory and policy landscape for artificial intelligence (AI) is an emerging issue in jurisdictions globally, including in the European Union. Regulation of AI is considered necessary to both encourage AI and manage associated risks, but challenging. Another emerging topic is the regulation of blockchain algorithms and is mentioned along with regulation of AI algorithms. Many countries have enacted regulations of high frequency trades, which is shifting due to technological progress into the realm of AI algorithms.

The regulation of artificial intelligence is the development of public sector policies and laws for promoting and regulating artificial intelligence (AI); it is therefore related to the broader regulation of algorithms. The regulatory and policy landscape for AI is an emerging issue in jurisdictions globally, including in the European Union and in supra-national bodies like the IEEE, OECD and others. Since 2016, a wave of AI ethics guidelines have been published in order to maintain social control over the technology. Regulation is considered necessary to both encourage AI and manage associated risks. In addition to regulation, AI-deploying organizations need to play a central role in creating and deploying trustworthy AI in line with the principles of trustworthy AI, and take accountability to mitigate the risks. Regulation of AI through mechanisms such as review boards can also be seen as social means to approach the AI control problem.

<span class="mw-page-title-main">Digital Services Act</span> European Union regulation on digital services content

The Digital Services Act Regulation 2022 (EU) 2022/2065 ("DSA") is a regulation in EU law to update the Electronic Commerce Directive 2000 regarding illegal content, transparent advertising, and disinformation. It was submitted along with the Digital Markets Act (DMA) by the European Commission to the European Parliament and the Council on 15 December 2020. The DSA was prepared by the Executive Vice President of the European Commission for A Europe Fit for the Digital Age Margrethe Vestager and by the European Commissioner for Internal Market Thierry Breton, as members of the Von der Leyen Commission.

<span class="mw-page-title-main">Data Act (European Union)</span> EU regulation on promoting the exchange and use of data

The Data Act is a European Union regulation which aims to facilitate and promote the exchange and use of data within the European Economic Area.

Automated decision-making (ADM) involves the use of data, machines and algorithms to make decisions in a range of contexts, including public administration, business, health, education, law, employment, transport, media and entertainment, with varying degrees of human oversight or intervention. ADM involves large-scale data from a range of sources, such as databases, text, social media, sensors, images or speech, that is processed using various technologies including computer software, algorithms, machine learning, natural language processing, artificial intelligence, augmented intelligence and robotics. The increasing use of automated decision-making systems (ADMS) across a range of contexts presents many benefits and challenges to human society requiring consideration of the technical, legal, ethical, societal, educational, economic and health consequences.

<span class="mw-page-title-main">Rule of Law Conditionality Regulation</span> Regulation of the European Union and Euratom

The Rule of Law Conditionality Regulation is a regulation of the European Union and Euratom, which allows the European Commission to adopt measures, including the suspension of payment of funds from the EU budget, to member states which violate the principles of rule of law enshrined in article 2 of the Treaty on European Union.

<span class="mw-page-title-main">Cyber Resilience Act</span> Proposed cybersecurity regulation in the EU

The Cyber Resilience Act (CRA) is an EU regulation proposed on 15 September 2022 by the European Commission for improving cybersecurity and cyber resilience in the EU through common cybersecurity standards for products with digital elements in the EU, such as required incident reports and automatic security updates. Products with digital elements mainly are hardware and software whose "intended and foreseeable use includes direct or indirect data connection to a device or network".

Discussions on regulation of artificial intelligence in the United States have included topics such as the timeliness of regulating AI, the nature of the federal regulatory framework to govern and promote AI, including what agency should lead, the regulatory and governing powers of that agency, and how to update regulations in the face of rapidly changing technology, as well as the roles of state governments and courts.

References

  1. "Proposal for a Regulation laying down harmonised rules on artificial intelligence | Shaping Europe's digital future". digital-strategy.ec.europa.eu. 21 April 2021. Archived from the original on 4 January 2023. Retrieved 9 January 2023.
  2. "EUR-Lex - 52021PC0206 - EN - EUR-Lex". eur-lex.europa.eu. Archived from the original on 23 August 2021. Retrieved 7 September 2021.
  3. 1 2 "World's first major act to regulate AI passed by European lawmakers". CNBC. 14 March 2024. Retrieved 13 March 2024.
  4. 1 2 "Procedure File: 2021/0106(COD) | Legislative Observatory | European Parliament". oeil.secure.europarl.europa.eu.
  5. "Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world". Council of the EU. 9 December 2023. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
  6. 1 2 3 Mueller, Benjamin (4 May 2021). "The Artificial Intelligence Act: A Quick Explainer". Center for Data Innovation. Archived from the original on 14 October 2022. Retrieved 6 January 2024.
  7. Coulter, Martin (7 December 2023). "What is the EU AI Act and when will regulation come into effect?". Reuters. Archived from the original on 10 December 2023. Retrieved 11 January 2024.
  8. 1 2 Espinoza, Javier (9 December 2023). "EU agrees landmark rules on artificial intelligence". Financial Times. Archived from the original on 29 December 2023. Retrieved 6 January 2024.
  9. 1 2 3 4 "EU AI Act: first regulation on artificial intelligence". European Parliament News. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
  10. Propp, Mark MacCarthy and Kenneth (4 May 2021). "Machines learn that Brussels writes the rules: The EU's new AI regulation". Brookings. Archived from the original on 27 October 2022. Retrieved 7 September 2021.
  11. Mantelero, Alessandro (2022), Beyond Data. Human Rights, Ethical and Social Impact Assessment in AI, The Hague: Springer-T.M.C. Asser Press, doi: 10.1007/978-94-6265-531-7 , ISBN   978-94-6265-533-1
  12. 1 2 Bertuzzi, Luca (7 December 2023). "AI Act: EU policymakers nail down rules on AI models, butt heads on law enforcement". Euractiv. Archived from the original on 8 January 2024. Retrieved 6 January 2024.
  13. "Regulating Chatbots and Deepfakes". mhc.ie. Mason Hayes & Curran. Archived from the original on 9 January 2024. Retrieved 11 January 2024.
  14. Liboreiro, Jorge (21 April 2021). "'Higher risk, stricter rules': EU's new artificial intelligence rules". Euronews. Archived from the original on 6 January 2024. Retrieved 6 January 2024.
  15. Veale, Michael (2021). "Demystifying the Draft EU Artificial Intelligence Act". Computer Law Review International. 22 (4). arXiv: 2107.03721 . doi:10.31235/osf.io/38p5f. S2CID   241559535.
  16. Bertuzzi, Luca (21 November 2023). "EU lawmakers to discuss AI rulebook's revised governance structure". Euractiv.
  17. Friedl, Paul; Gasiola, Gustavo Gil (7 February 2024). "Examining the EU's Artificial Intelligence Act". Verfassungsblog.
  18. "Artificial Intelligence Act". European Parliament. 13 March 2024. Article 3 - definitions. Excerpt: "‘national competent authority’ means the national supervisory authority, the notifying authority and the market surveillance authority;"
  19. "Artificial Intelligence – Questions and Answers". European Commission. 12 December 2023. Retrieved 17 April 2024.
  20. Tartaro, Alessio (2023). "Regulating by standards: current progress and main challenges in the standardisation of Artificial Intelligence in support of the AI Act". European Journal of Privacy Law and Technologies. 1 (1). Archived from the original on 3 December 2023. Retrieved 10 December 2023.
  21. "EUR-Lex - 52021SC0084 - EN - EUR-Lex". eur-lex.europa.eu. Archived from the original on 17 April 2023. Retrieved 17 April 2023.
  22. Veale, Michael; Borgesius, Frederik Zuiderveen (1 August 2021). "Demystifying the Draft EU Artificial Intelligence Act — Analysing the good, the bad, and the unclear elements of the proposed approach". Computer Law Review International. 22 (4): 97–112. arXiv: 2107.03721 . doi:10.9785/cri-2021-220402. ISSN   2194-4164. S2CID   235765823.
  23. 1 2 Casarosa, Federica (1 June 2022). "Cybersecurity certification of Artificial Intelligence: a missed opportunity to coordinate between the Artificial Intelligence Act and the Cybersecurity Act". International Cybersecurity Law Review. 3 (1): 115–130. doi:10.1365/s43439-021-00043-6. ISSN   2662-9739. S2CID   258697805.
  24. Smuha, Nathalie A.; Ahmed-Rengers, Emma; Harkens, Adam; Li, Wenlong; MacLaren, James; Piselli, Riccardo; Yeung, Karen (5 August 2021). "How the EU Can Achieve Legally Trustworthy AI: A Response to the European Commission's Proposal for an Artificial Intelligence Act". doi:10.2139/ssrn.3899991. S2CID   239717302. SSRN   3899991.
  25. Almada, Marco; Petit, Nicolas (27 October 2023). "The EU AI Act: Between Product Safety and Fundamental Rights". Robert Schuman Centre for Advanced Studies Research Paper No. 2023/59. doi:10.2139/ssrn.4308072. S2CID   255388310. SSRN   4308072. Archived from the original on 17 April 2023. Retrieved 14 March 2024.
  26. Ebers, Martin; Hoch, Veronica R. S.; Rosenkranz, Frank; Ruschemeier, Hannah; Steinrötter, Björn (December 2021). "The European Commission's Proposal for an Artificial Intelligence Act—A Critical Assessment by Members of the Robotics and AI Law Society (RAILS)". J. 4 (4): 589–603. doi: 10.3390/j4040043 . ISSN   2571-8800.
  27. Romero-Moreno, Felipe (29 March 2024). "Generative AI and deepfakes: a human rights approach to tackling harmful content". International Review of Law, Computers & Technology. 39 (2): 1–30. doi: 10.1080/13600869.2024.2324540 . hdl: 2299/20431 . ISSN   1360-0869.
  28. "White Paper on Artificial Intelligence – a European approach to excellence and trust". European Commission. 19 February 2020. Archived from the original on 5 January 2024. Retrieved 6 January 2024.
  29. "Timeline - Artificial intelligence". European Council. Archived from the original on 6 January 2024. Retrieved 6 January 2024.
  30. 1 2 David, Emilia (14 December 2023). "The EU AI Act passed — now comes the waiting". The Verge. Archived from the original on 10 January 2024. Retrieved 6 January 2024.
  31. "Artificial Intelligence Act: MEPs adopt landmark law". European Parliament. 13 March 2024. Retrieved 14 March 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.