Compromise Brings EU Artificial Intelligence Act One Step Closer to Final

Introduction

On February 13, 2024, EU member states voted unanimously in favor of the proposed EU Artificial Intelligence Act (AI Act). This comprehensive legislation has been described as an AI-specific version of the EU’s General Data Protection Regulation (GDPR). February’s vote of approval was the result of extensive negotiations and compromises between member states, and the Act is now expected to be formally adopted in March or April of this year.

What is It?

The AI Act is expected to regulate general purpose AI (GPAI) models. Providers of GPAI models must maintain detailed documentation of their systems and ensure that they meet various requirements concerning notice to consumers and adherence to copyright policies.

The AI Act aims to protect fundamental rights, democracy, the rule of law, and environmental sustainability from “high-risk AI.” The Act imposes heightened obligations on providers of “high-risk” GPAI models operating in industries with certain systemic risks. The industries with more risk include education, employment, essential services (i.e., healthcare, banking), law enforcement, migration and border management, and democratic processes (i.e., elections).

Like the GDPR, the AI Act will impose requirements on companies that create and/or use AI systems and operate in the European Union. Since violations of the Act will result in harsh penalties, compliance is vital for those companies to which the Act applies.

How Will It Affect American Companies?

Though the AI Act is expected to enter into force this month or the next, it will not be fully applicable for more than two years from now. The Act’s bans on prohibited practices will apply six months after its formal adoption, its general-purpose AI governance rules will apply one year after adoption, and obligations for high-risk AI systems will apply thirty-six months after adoption.

To encourage compliance with the Act sooner, the European Commission plans to launch an AI Pact, which will call on developers from across the globe to demonstrate their commitment to safe AI by voluntarily implementing key obligations of the AI Act prior to the actual deadlines.

Who Will Enforce It?

The European Commission has established a new “AI Office,” charged with enforcing the AI Act and supporting innovation in AI systems. The AI Office illustrates the Commission’s overarching goal of having EU-level governance of the Act, as opposed to leaving enforcement up to each individual member state. The Commission has emphasized the importance of the AI Office’s role in supporting member states as they adjust to the Act’s new guidelines, and in the text of the Act, the Office’s powers are described as “including the ability to conduct evaluations of general-purpose AI models, request information and measures from model providers, and apply sanctions.”

The Office is also tasked with setting up advisory boards to ensure consistent application of the Act amongst member states and will be responsible for investigating potential violations. Reflecting the EU’s commitment to not only regulate AI systems to ensure safety, but also promote innovation and growth in the field, the Office is further entrusted with setting up “AI Factories,” which will provide access to EU supercomputers for startups and large companies alike.

Conclusion

The AI Act has been described as a “regulation with teeth.” To read more about what compliance might look like for you, read this article from the Harvard Business Review.

Disclaimer

This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Hall Booth Smith, P.C. and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.