The AI Act has been adopted! A new chapter in the regulation of artificial intelligence.

A new chapter in the regulation of artificial intelligence. 10 April 2024 In recent years, awareness of the growing impact of artificial intelligence (AI) on society and the economy has become increasingly widespread.

In response to the emerging challenges associated with the use of AI, the European Union has for years been working to establish a comprehensive legal framework for the use of artificial intelligence.

This process culminated in the adoption of the Artificial Intelligence Act (AI Act) by the European Parliament in March 2024.

What did the road to enacting the AI Act look like?

Efforts to legally regulate artificial intelligence in the EU have been underway since 2018, when the European Strategy for AI was adopted.

The documents that formed the basis of the principles adopted in the Regulation on

AI also included the Ethics Guidelines for Trustworthy Artificial Intelligence (2019) and the White Paper on Artificial Intelligence (2020). Work on the AI Act draft began in 2021 and proved extremely complex due to the need to account for a wide range of perspectives.

During the work, so-called trilogues were conducted, that is, three-way negotiations involving the European Parliament, the European Commission, and representatives of the EU Member States that make up the Council of the European Union.

The trilogues were intended to take into account the interests represented by each party, but at the same time they contributed to a significant lengthening of the legislative process.

Ultimately, on 13 March 2024 the AI Act was adopted by the European Parliament, and its final version is available here.

Why is the AI Act a key element of digital transformation?

The AI Act is the first regulation of artificial intelligence this comprehensive anywhere in the world.

Its main objective is to create a legal framework governing the development, use, and oversight of artificial intelligence in the EU.

As we mentioned, among other places, in this article, the document is intended to strike a balance between fostering innovation and protecting human rights and public safety.

The AI Act seeks to ensure transparency, accountability, and safety in the use of artificial intelligence in order to build public trust in these technologies.

Who does the AI Act apply to?

The AI Act applies primarily to providers of artificial intelligence who place AI systems on the market or put them into service in the Union.

In addition, the AI Act will also cover entities deploying AI systems if they are established or located in the Union (and also where the provider or deployer of the AI system is located in a third country, but the output of the AI system is used in the Union).

The definition of an artificial intelligence system under the AI Act The definition of an artificial intelligence system underwent numerous changes over the course of work on the AI Act.

Ultimately, an artificial intelligence system was defined as: "a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments." It is worth noting that some of the terms used in the final version of the definition are not precise enough to determine with full certainty in every case whether a given system meets the criteria of the definition of artificial intelligence.

Nevertheless, the AI Act was designed with the future in mind, which suggests that its regulatory framework should remain appropriate even in the face of dynamic changes in the technological environment, and this may justify such a broad definition.

The classification of artificial intelligence systems under the AI Act and the obligations of providers The AI Act regulates the deployment and use of artificial intelligence systems, among which high-risk artificial intelligence systems are singled out in particular.

Examples of such systems include artificial intelligence systems intended for use in recruitment and artificial intelligence systems intended for use in assessing the creditworthiness of natural persons.

The set of obligations provided for providers or distributors of AI systems depends on which category the system they supply is classified into.

Among the obligations associated with AI systems that do not meet the criteria for being classified as high-risk systems are, among others: complying with the list of prohibited practices, registering the provider and the system in the EU database, and designing AI systems in such a way that users are informed, clearly and explicitly and no later than at the moment of their first interaction with the system, that they are interacting with an AI system.

The set of obligations associated with high-risk systems includes, among others: the requirement to implement a risk management system, the use of audit and oversight mechanisms, special requirements regarding the documentation of events, transparency in the functioning of high-risk AI systems and human monitoring of their operation, as well as the need to carry out an assessment of the impact of the AI system being put into use on fundamental human rights, through a so-called

FRIA (fundamental rights impact assessment).

Prohibited practices Most importantly, the AI Act provides for a number of prohibited practices, the use of which may result in a severe financial penalty.

These include, among others: the use of manipulative or deceptive techniques whose objective or effect is to distort a person's behavior by impairing their ability to make an informed decision; placing on the market or using an AI system that exploits any vulnerability of a person on the grounds of their age, disability, or social or economic situation; placing on the market or using artificial intelligence systems to infer a person's emotions in the workplace and in educational institutions (an exception in this regard being the use of such a system for medical or safety reasons); and the use of "real-time" remote biometric identification systems in publicly accessible spaces for law enforcement purposes, unless such use is strictly necessary, for example because of a direct threat to health or life or a terrorist attack.

Penalties provided for in the AI Act The AI Act provides for very high penalties in the event of a breach of its provisions, which is intended to serve as an effective means of preventing abuse and protecting the public interest.

The use of prohibited practices may result in a penalty of up to EUR 35 million or 7% of the company's total worldwide annual turnover (whichever amount is higher).

Failure to fulfill obligations such as having a risk management system or maintaining documentation in the case of a high-risk system, as well as, among other things, failing to inform users that they are interacting with an AI system, may result in a financial penalty of up to EUR 15 million or 3% of the company's total worldwide annual turnover (whichever amount is higher).

In addition, a penalty of EUR 7.5 million or 1% of total worldwide annual turnover is also provided for supplying incorrect or incomplete information to the competent authorities.

Summary Although most of the provisions of the AI Act will only begin to apply 24 months after it enters into force, the AI Act (with certain exceptions, for example regarding the provisions on prohibited practices, which will take effect just 6 months after that point), it is undoubtedly worth taking steps today to bring your business activities into line with the assumptions of this act.

If you have questions about the impact of the AI Act on your business, contact us, we will be happy to answer your questions!

Authors: Olga Dąbrowska and Aleksandra Woźniak Have a question?

Let's talk. A 20-minute conversation.

No briefs, no forms.

We'll answer directly.

Book a call → See more articles