Political agreement on the AI Act
Written By
After a three-day negotiation marathon, induced by incredible political pressure to introduce the world’s first horizontal AI regulation before the European elections next June, the EU institutions reached a high-level political agreement on the AI Act over the weekend.
The Agreement includes obligations for general-purpose AI-systems (GPAI), such as providing technical documentation, complying with copyright law and providing summaries of the training datasets. Providers of GPAI-systems with ‘systemic’ risks, meaning the largest/most powerful (foundation) models, will have to comply with more extensive obligations, such as conducting assessments and evaluations of the risks presented by them and mitigating those risks, reporting serious incidents to the European Commission and conducting adversarial testing/red teaming. Providers of systems deemed high-risk (which could be built on top of/using GPAI-systems or developed separately) will have to comply with an extensive list of product safety obligations, which relate to, for example, risk management, data quality and security.
The list of high-risk systems includes those used for purposes which can have significant implications for fundamental rights, health, safety democracy/rule of law and the environment, such as law enforcement, human resources, education, insurance and banking and influencing voter behaviour. Users/deployers of these systems will also have to comply with obligations, such as conducting fundamental rights impact assessments and implementing human oversight.
Although the AI Act is separate from the European Union’s efforts to create a harmonised regime for AI-related liability, the political agreement includes a possibility for individuals to lodge complaints and a right to receive explanations about decisions based on high-risk AI-systems. Finally, some systems will be banned, including biometric categorisation systems using sensitive characteristics, untargeted scraping of facial images and manipulating human behaviour or exploiting vulnerabilities.
Although a political agreement has been reached, technical meetings are likely to continue into January to hash out the details, after which the final text will need to be formally adopted by the European Parliament and the Council. Subsequently, the text will be published in the Official Journal of the European Union, after which it will enter into force. This will likely be in the second quarter of 2024.
With an effort intensive road to compliance ahead, companies should be checking now whether the AI-systems they develop, manufacture, distribute or use/deploy will be regulated as prohibited, high-risk or general-purpose AI-systems. They should also be looking at the regulatory implications will be managed in their upstream and downstream value chain and contracts. It has been agreed that non-compliance can result in fines of up to 7% of the worldwide annual turnover of the preceding year and that non-complying systems will (after a grace period) be barred from the EU market.
We are already helping many of our clients prepare themselves for the AI Act. Please get in touch if you would like to discuss how the AI Act will impact your business and how you can prepare.
We will continue to keep a close eye on the developments in the coming months. For further updates and resources please visit our Generative AI webpage.
