The European Commission announced a deal has been reached between the European Parliament and the Council on the Artificial Intelligence Act (AI Act). While not yet finalized, this Act promises to be one of the first legal frameworks for Artificial Intelligence globally, aiming to align AI development with risk-based regulation.
Key Elements of the AI Act
The AI Act introduces a risk-based categorization for AI systems:
- Minimal Risk: AI systems like recommender systems or spam filters will have minimal regulatory obligations.
- High-Risk: AI systems in critical infrastructure, medical devices, recruitment, law enforcement, and certain biometric applications must adhere to stringent requirements, including risk mitigation, data quality, activity logging, documentation, user information, human oversight, accuracy, and cybersecurity.
- Unacceptable Risk: Certain AI applications that threaten fundamental rights, like social scoring systems, will be banned.
- Specific Transparency Risk: AI systems like chatbots, deep fakes, and biometric recognition must be transparently labeled.
Fines: Non-compliance with the AI Act can result in substantial fines, varying based on the severity of the infringement. Fines range from €35 million or 7% of global annual turnover (whichever is higher) for violations of banned AI applications, €15 million or 3% for violations of other obligations, and €7.5 million or 1.5% for supplying incorrect information.
General Purpose AI: Specific rules for general-purpose AI models will require transparency, risk management, incident monitoring, and model evaluation. These will have special treatment in the regulation.
Governance: National competent market surveillance authorities will supervise the implementation of these rules at the national level, while the new European AI Office within the European Commission will coordinate at the European level.
Approval and Enforcement Timeline:
- Formal Approval: The political agreement on the AI Act requires formal approval by the European Parliament and the Council.
- Entry into Force: The Act will enter into force 20 days following its publication in the Official Journal.
- Implementation Period: Tech companies are granted a two-year period from the Act's entry into force to implement the new rules.
- Specific Provisions' Timelines:
- Prohibitions on AI Uses: These will become enforceable 6 months after the Act enters into force.
- General Purpose AI Regulations: Rules specific to general purpose AI models will apply 12 months following the Act's entry into force.
AI Pact Launch: During the transitional period before the regulation becomes fully applicable, the Commission plans to launch an AI Pact. This initiative will assemble AI developers who will voluntarily commit to implementing key obligations of the AI Act ahead of the legal deadlines.