The European Union's AI Act is a landmark legislation that marks the first major attempt to regulate Artificial Intelligence (AI) on a global scale. With its far-reaching implications, it's criticality for businesses, developers, and stakeholders, in this article, we focus on key things that you need to know as someone who is interested in understanding the EU AI Act.
EU AI Act: Five Things You Need To Know
1. Risk-Based Approach
The EU AI Act is a risk-based regulatory framework. Artificial Intelligence (AI) systems are classified into four risk categories:
This classification dictates the level of regulatory scrutiny and compliance requirements that an AI system will be subjected to. Of course, the high-risk applications face the most stringent controls. This approach allows for flexibility and innovation (especially in lower-risk AI applications) while ensuring that those posing significant risks to safety and fundamental rights are adequately regulated.
Make no mistake, that the development and deployment of AI systems that can pose unacceptable risk shall be prohibited as per this law. These include AI systems that deploy subliminal techniques to manipulate persons to their detriment, exploit vulnerabilities of specific groups, conduct social scoring, or use real-time biometric identification in public spaces for law enforcement, with certain exceptions.
Tip: Evaluate the risk posed by your AI systems to ensure that your products comply with the EU's standards.
- unacceptable risk,
- high risk,
- limited risk, and
- minimal risk.
This classification dictates the level of regulatory scrutiny and compliance requirements that an AI system will be subjected to. Of course, the high-risk applications face the most stringent controls. This approach allows for flexibility and innovation (especially in lower-risk AI applications) while ensuring that those posing significant risks to safety and fundamental rights are adequately regulated.
Make no mistake, that the development and deployment of AI systems that can pose unacceptable risk shall be prohibited as per this law. These include AI systems that deploy subliminal techniques to manipulate persons to their detriment, exploit vulnerabilities of specific groups, conduct social scoring, or use real-time biometric identification in public spaces for law enforcement, with certain exceptions.
Tip: Evaluate the risk posed by your AI systems to ensure that your products comply with the EU's standards.
2. Obligations for High Risk Systems
While systems that have the potential to violate rights or pose significant risks to individuals' safety are considered to pose unacceptable risk and will be prohibited, the systems that will create high risk will be subject to all requirements from this regulation. These requirements include data governance, transparency, and explain ability i.e., provision of clear information to users; robustness and accuracy; human oversight; and specific documentation requirements such as logging, adopting extensive testing methodologies and record-keeping to enable traceability.
Tip: Businesses operating or aiming to launch AI solutions that may pose high risk must prepare to meet all these obligations.
Tip: Businesses operating or aiming to launch AI solutions that may pose high risk must prepare to meet all these obligations.
3. Transparency Requirements
For AI applications that may not be classified as high-risk, particularly those interacting directly with consumers (like chatbots), must adhere to transparency requirements. This includes providing users with information that an AI system is being used, ensuring that users are aware of their interaction with an AI and not a human. This transparency is vital for maintaining trust and integrity in AI systems across all sectors.
Tip: Businesses are recommended to implement transparency requirements into all AI systems irrespective of the risk.
Tip: Businesses are recommended to implement transparency requirements into all AI systems irrespective of the risk.
4. No Requirements for low risk applications
While many will talk about the doom and gloom that this regulation will bring, it is essential to share that AI systems that are deemed to pose a low or limited risk shall have no requirements being imposed by this legislation..
Tip: We recommend to formally evidence whether your AI system poses a minimal or no risk and not assume this.
Tip: We recommend to formally evidence whether your AI system poses a minimal or no risk and not assume this.
5. Enforcement and Penalties
Like the EU GDPR, the EU AI Act will also be enforced rigorously. There are significant penalties for non-compliance. Depending on the violation, fines can go up to €30 million or 6% of the total worldwide annual turnover of the preceding financial year, whichever is higher. This strict enforcement underlines the EU's commitment to ethical AI development and usage. It also signals the importance of compliance for all AI stakeholders.
Tip: We recommend you as a company to start now. And, we can help you.
Tip: We recommend you as a company to start now. And, we can help you.
Conclusion
In my opinion, the EU AI Act is a landmark regulation that will shape the future of AI development and usage not only within the European Union but also globally, as businesses and organizations worldwide will need to comply with these regulations to operate in the EU market. I believe many countries will now go for similar regulations. So, as business you need to start strengthening your risk management, data governance, transparency, testing and logging capabilities to name a few.
While it creates work for companies, I am convinced that this will contribute to a safer, more ethical AI landscape that is good for us humans.
While it creates work for companies, I am convinced that this will contribute to a safer, more ethical AI landscape that is good for us humans.
About Punit Bhatia
Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy.
As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.
For more information, please click here.
Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.
As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.
For more information, please click here.
Listen to the top ranked AI & privacy podcast...
Stay connected with the views of leading
data privacy professionals and business leaders in today's world on a broad range of topics like setting global privacy
programs for private sector companies, role of Data Protection Officer (DPO), EU Representative role, Data
Protection Impact Assessments (DPIA), Records of Processing Activity (ROPA), security
of personal information, data security, personal security, privacy and security
overlaps, prevention of personal data breaches, reporting a data breach, securing data transfers, privacy shield
invalidation, new Standard Contractual Clauses (SCCs),
guidelines from European Commission and other bodies like European Data
Protection Board (EDPB), implementing regulations and laws (like EU General Data Protection Regulation or GDPR, California's Consumer Privacy Act or CCPA, Canada's Personal Information Protection and Electronic Documents Act or PIPEDA, China's Personal Information Protection Law or PIPL, India's Personal Data Protection Bill or PDPB), different types of
solutions, even new laws and legal framework(s) to comply with a privacy law and
much more.
EK Advisory BV
A Company Registered In Belgium
VAT BE0736566431
Proudly based in EU
VAT BE0736566431
Proudly based in EU
Contact
-
Dinant, Belgium
-
hello(at)fit4privacy.com
© 2019-24 FIT4Privacy. Presented by EK Advisory BV. An EU Company based in Belgium. All Rights Reserved.