Artificial Intelligence Act

On 27 April 2023, the Parliament agreed on a draft. The key committees voted on the draft on 11 May 2023. The final vote in plenary took place in June 2023. A final version of the text was leaked in January 2024. In March 2024 a final numbered version was published. 

According to the AI Act, an AI system is defined as "a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments."

This definition corresponds to the definition of the Organization for Economic Cooperation and Development (OECD). This use of an internationally developed and recognized definition can promote its acceptance and harmonization.

The AI Act is a proposed regulation by the European Union that aims to establish a legal framework for the development, deployment, and use of AI systems in the EU. The proposed regulation seeks to ensure that AI systems used in the EU are transparent, reliable, and safe, and that they respect fundamental rights and values.

The AI Act covers a wide range of AI applications, including but not limited to:

• Biometric identification and categorization systems
• Critical infrastructure, such as transport and energy systems
• Educational and vocational training systems
• Employment, workers, and human resources management systems
• Law enforcement and judicial systems
• Marketing and advertising systems
• Recruitment and human resources systems
• Social scoring systems

The regulation governs a variety of aspects related to the development, deployment and use of AI systems, including:

• Classification of AI systems: The regulation distinguishes between different types of AI systems, depending on the level of risk they pose. High-risk AI systems, such as autonomous vehicles or credit scoring systems, are subject to stricter requirements and controls than lower-risk AI systems, such as chatbots.
• Requirements for AI systems: The regulation sets out minimum requirements that AI systems must meet in order to be safe, transparent, reliable and accountable. These include requirements for data quality, human supervision and control, transparency and traceability of decisions, and compliance with ethical principles.
• Conformity assessment and certification: The regulation provides that high-risk AI systems must be subject to conformity assessment and certification to ensure that they meet the requirements and standards of the regulation.
• Responsibility and sanctions: The regulation stipulates that the responsibility for the use of AI systems lies primarily with the providers and deployers of the systems and provides for possible sanctions for violations of the regulation.
• Monitoring and oversight: The regulation requires EU Member States to establish appropriate monitoring and oversight authorities to ensure compliance with the requirements and standards of the regulation.

The AI Act also establishes a European Artificial Intelligence Office, which, together with the Member State authorities, which will be responsible for overseeing the implementation and enforcement of the regulation across the EU.

The AI Act will affect a wide range of stakeholders involved in the development, deployment, and use of AI systems in the EU. In particular, the AI Act will be relevant for the following stakeholders:

• AI developers and providers: Companies and organizations that develop or provide AI systems in the EU will need to comply with the requirements and obligations set out in the regulation.
• Deployers and operators of AI systems: Companies and organizations that use or operate AI systems in the EU will need to ensure that they comply with the requirements and obligations set out in the regulation.
• Regulators and supervisory authorities: National authorities in the EU will be responsible for enforcing the regulation and ensuring that AI systems used in their respective countries comply with the requirements and obligations set out in the regulation. The European Artificial Intelligence Office will provide guidance and support to national authorities in this regard.
• Consumers and citizens: The regulation aims to protect the rights and interests of consumers and citizens in the EU who interact with AI systems. This includes ensuring that AI systems are transparent and that users are informed about the use of AI in their interactions with companies and organizations.

The AI Act is primarily aimed at regulating the development, deployment, and use of AI systems in the EU. However, its impact is likely to be felt beyond the borders of the EU, given the global nature of the AI industry and the potential for AI systems to be used across multiple jurisdictions.

There are a few reasons why the AI Act may be relevant outside the EU:

• Compliance with the AI Act may be required for companies that operate in the EU or provide AI systems to customers in the EU. Companies based outside the EU that provide AI systems to EU customers will need to ensure that their systems comply with the requirements and obligations set out in the regulation.
• The AI Act may influence the development of AI regulations in other jurisdictions. Other countries and regions may look to the EU's regulatory approach as a model for their own AI regulations, or may seek to align their regulations with the EU's standards in order to facilitate cross-border trade and cooperation.
• The AI Act's focus on ethical and trustworthy AI may set a precedent for global AI governance. The regulation's emphasis on ensuring that AI systems respect fundamental rights and values, such as human dignity and privacy, reflects a growing global consensus on the need for ethical and responsible AI.

The European Commission proposed the AI Act in April 2021 and it had to be reviewed and approved by the European Parliament and the Council of the EU before it could become law.

On 6 December 2022, the Council of the EU published its general approach regarding the AI Act proposal. During the last votes in the Parliament, heated discussions about new, disruptive AI applications on the market – namely: ChatGPT – caused delays in the process. On 27 April 2023, the Parliament agreed on a draft of its position. The leading committees voted on the draft on 11 May 2023. The final vote in plenary took take place in June 2023. In the trilogue process, the parties involved unofficially agreed on a final draft in December 2023. The Member States and the parliamentary committees involved approved this draft in February 2024. The final vote in the European Parliament took place on 13 March 2024. The AI Act was published in the Official Journal of the EU on July 12, 2024 and entered into force on August 1. The standards will become fully applicable 24 months after entry into force, although a graduated procedure is provided for some AI systems, which makes some regulations applicable even earlier: 

• 6 months after entry into force (February 2, 2025): Shutdown of prohibited AI systems.
• 12 months after entry into force (August 2, 2025): Obligations for GPAI systems become applicable, with the exception of Art. 101 AI Regulation.
• 24 months after entry into force (August 2, 2026): All provisions of the AI Act become applicable, in particular those for high-risk AI systems under Annex III, with the exception of the obligations for high-risk AI systems under Annex II.
• 36 months after entry into force (August 2, 2027): Obligations for high-risk AI-systems according to Annex II become applicable.
• 72 months after entry into force (August 2, 2030): Applicable for high-risk AI systems intended to be used by public authorities.
• End of 2030 (December 31, 2030): Applicable to AI systems that are components of the large-scale IT systems established by legal acts listed in an Annex to this Act (e.g. Schengen Information System) and placed on the market or put into operation before August 2, 2027.