EU AI Act deep dive #1
First article of the series on the EU AI Act
Hello everyone,
I am back for a series of 4 articles to deep dive on the AI Act — that was officially published on August 1!
The 1st one — this one — will be an introduction to the text and the prohibited practices, the 2nd one will focus on the High-Risk AI systems, the 3rd will cover all the others requirements and main information, and the last one will talk about the innovation, the Governance and penalities as well as the timeline of its entry into force (first elements in February 2025).
The legislation includes some abstract areas that still need clarification. These will be further defined through delegated acts, guidelines from EU institutions, and standards developed by European Standardization Organizations. Businesses can expect more detailed guidance soon.
Introduction to the AI Act
Definition of an AI system
The Commission worked on a clear definition of AI systems, trying to align with the work of international institutions.
I will directly quote from the text, an AI system is “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”.
Moreover, it is specified that AI systems are apart from traditional software, and it excludes systems that solely following human-defined rules for automated tasks.
To whom it applies?
This EU text applies to or as consequences for:
Providers placing on the market or putting into service AI systems or placing on the market general-purpose AI models in the Union, irrespective of whether those providers are established or located within the Union or in a third country;
Deployers of AI systems that have their place of establishment or are located within the Union;
Providers and deployers of AI systems that have their place of establishment or are located in a third country, where the output produced by the AI system is used in the Union;
Importers and distributors of AI systems;
Product manufacturers placing on the market or putting into service an AI system together with their product and under their own name or trademark;
Authorised representatives of providers, which are not established in the Union;
Affected persons that are located in the Union.
Exemptions
The obligations and rules do not apply in some cases or for some institutions:
Public sector bodies and international organizations outside the EU.
Research and development of AI systems prior to commercial release or operational deployment.
Free and open-source software is generally exempt from regulation, unless classified as a high-risk AI application or high-impact general-purpose AI model.
AI systems used for military or defence purposes.
AI systems exclusively designed for scientific research and discovery.
AI systems released before the AI Act's applicability, unless they undergo significant modifications.
AI systems used solely for personal, non-professional activities.
A general obligation: AI literacy
Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used.
How is the regulation applied to AI?
The AI act define some forbidden AI practices and then classify AI systems according to their risks and related obligation:
Unacceptable risk AI systems (listed after) ⇒ prohibited.
High-risk AI systems ⇒ strong regulation.
Limited risk AI systems ⇒ lighter regulation.
Minimal risk systems ⇒ no regulation.
Then, a full chapter addresses specific regulation for general-purposed AI systems and models (like generative AI models).
Prohibited AI practices
Let’s start this deep dive with forbidden AI systems! It concerns AI systems that:
Use subliminal, manipulative, or deceptive techniques to distort behaviour and impair decision-making, leading to harmful choices that people wouldn't otherwise make.
Exploit the vulnerabilities of individuals or groups based on age, disability, or social/economic status to distort behaviour and cause significant harm.
Evaluate or classify individuals based on their behaviour or characteristics (social scoring), leading to unfair or harmful treatment either in unrelated contexts or in a way that is unjustified or disproportionate.
Predict a person's likelihood of committing a crime based solely on profiling or personality traits, except when they assist human assessments already based on objective, verifiable evidence of criminal activity.
Build or expand facial recognition databases by indiscriminately scraping facial images from the internet or CCTV footage should be prohibited.
Infer emotions in workplaces or educational institutions, except when used for medical or safety purposes.
Categorize individuals based on biometric data to infer sensitive traits like race, political opinions, or sexual orientation, except for lawful use in labelling or filtering biometric data in law enforcement.
Use real-time biometric identification in public spaces for law enforcement, except when necessary to search for victims of abduction or trafficking, prevent imminent threats to life or terrorist attacks, or locate suspects of serious crimes punishable by at least four years in prison.
Cases of remote biometric identification are, moreover, subject to other restrictions, legal processes and controls, that I won’t detail in this newsletter, but you can find in text here (Chapter II > Article 5 > Paragraphs 2, 3, 4, 5, 6 and 7).
Those prohibited practices will come into force on 2 February 2025.
Conclusion
That is it for the first part of our deep dive into the AI Act! We have covered the basics of AI system definitions, the scope of the regulation, and prohibited practices. In the next article, we will explore the High-Risk AI systems and what the regulations mean for them. Stay tuned for more insights on how the AI Act will shape the future of AI development and deployment in the EU!