EU AI Act agreed, allegedly the first regulation on artificial intelligence in the world

By Santamarina Steta

Executive Summary

On December 9th, 2023, the European Parliament and the Council presidency agreed on the final version of the Regulation on Artificial Intelligence, the so-called “EU AI Act”.
This regulation sets harmonized rules for placing on the market, putting into service, and using Artificial Intelligence, this Act is aimed to be a prototype regulation on AI that will influence other jurisdictions’ law-making.
Some legislative steps are still pending for the EU AI Act’s entry into force, which should apply two years after that, potentially in 2026.

On December 9th, 2023, the European Parliament and the Council presidency agreed on the final version of the Regulation on Artificial Intelligence, the so-called “EU AI Act”..

This regulation sets harmonized rules for placing on the market, putting into service, and using Artificial Intelligence (“AI”), by establishing a risk-based approach where: the higher the risk for rights violations, the tighter the restrictions.

The EU AI Act aims to be a prototype regulation on AI that will influence other jurisdictions’ law-making, called “The Brussels Effect”. Nonetheless, some legislative steps are still pending for the EU AI Act’s entry into force, which should apply two years after that, potentially in 2026.

The EU AI Act shall apply to AI systems used, placed on the market, and/or put into service, except when the purpose is for scientific research and development. The EU AI Act divides AI systems into four risk-based categories derived from their intended use and purpose, which are the following:

Unacceptable risk:
- Dark pattern
- Manipulation
- Social scoring
- Biometric identification for law enforcement purposes (with some exceptions)

High risk:
- Biometrics
- Critical digital infrastructure, road traffic, and the supply of water, gas, heating and electricity
- Education
- Employment
- Essential private and public services
- Law enforcement
- Migration, asylum, and border control management
- Administration of justice and democratic processes

Limited risk:
- Chatbots
- Biometric categorization systems and emotion recognition systems
- Deep fakes

Minimal risk:
- Other AI systems

AI systems shall comply with the requirements and obligations applicable to their risk category. In a descendant analysis, Unacceptable risk technologies are prohibited, except for the biometric identification systems, which would have to meet certain conditions for their use. Regarding High risk tools, they will have to obtain a conformity assessment from a third party; this means that the latter will verify whether the requirements set out for high-risk AI systems have been fulfilled. Limited risk systems will have to enable users to understand and use the system properly; this is the transparency rule. Concerning Minimal risk technologies, they are encouraged to voluntarily comply with some requirements set out in the Codes of Conduct that will be drafted and published by the European Commission.

To whom will the EU AI Act apply?

The EU AI Act will apply, regardless of their physical location or place of establishment, to users, importers, distributors, product manufacturers, and providers placing on the market or putting into service AI systems, only if this AI system is used or produces its effects in the European Union.

Penalties

Infringement to the provisions contained in the EU AI Act can be punished with administrative fines of up to 35 million euros or 7% of worldwide annual turnover.

Important Considerations

The EU AI Act is a milestone in the race to protect people’s rights from this new technology that, often, most do not understand. Differentiating between types of AI and their respective risks is an accurate approach, due to the variety of slopes that AI systems can have, so their legal treatment and corresponding requirements should not be the same.

Nevertheless, this industry itself is highly complex to understand and evolves day to day, which might entail potential difficulties at the moment of enforcing this piece of legislation due to some errors from origin derived from the lack of specialization of lawmakers and adjudicators (judges), what was a challenge for the former to understand the object to be regulated through this law, will be a challenge for the adjudicators to rule case by case. Even with the assistance of people specialized in the matter, it will be challenging to overcome these circumstances. Sometimes developers don't even understand how their own AI systems work, what is often called a "black box."

On the other hand, although the EU AI Act is intended to influence and export its provisions to foreign legislations, it’s true that it doesn’t have to be the case, at least not in its entirety. The latter is because each jurisdiction or region has different situations and necessities; maybe even their innovative goals as a country are not aligned with some of the content in the studied act.

In our opinion, establishing a set of requirements and obligations to tech developers can disincentivize them from creating and launching new programs, which could be a hit to their innovative capacity, taking into consideration that many of them do not have sufficient resources to comply with such a complex legal framework or to pay for legal services on the matter.

With that said, it could be wise to keep an eye on the technology industry status in Europe after the EU AI act enters into force and starts its applicability. The effects of this regulation will tell us the benefits and disadvantages that it entails in the practical world.

Publication link:
https://ec.europa.eu/commission/presscorner/detail/es/ip_23_6473.

Authors