EU Approves Groundbreaking AI Act: A New Era for AI Regulation

22. Mai 2024 Alexander Tribess

On 21 May, the Council of the European Union approved the pioneering AI Act, setting a global standard for AI regulation. This landmark legislation, which follows a risk-based approach, will fully apply in all member states by 2027, but the stringent provisions on prohibited use cases in Article 5 will enter into force within just six months—a notably rapid implementation.

The AI Act introduces mandatory requirements and strict rules for high-risk AI applications, and it aims at fostering safe and trustworthy AI systems. It categorizes AI systems according to risk levels and prohibits several high-risk practices to protect society, namely:

1. 𝐌𝐚𝐧𝐢𝐩𝐮𝐥𝐚𝐭𝐢𝐯𝐞 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬: Bans on AI systems using subliminal or deceptive methods to manipulate behavior and impair informed decision-making, causing significant harm.
2. 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬: Prohibits AI systems that exploit vulnerabilities due to age, disability, or socio-economic status to distort behavior and cause harm.
3. 𝐒𝐨𝐜𝐢𝐚𝐥 𝐒𝐜𝐨𝐫𝐢𝐧𝐠: Outlaws AI systems that evaluate or classify individuals based on social behavior or personal characteristics, leading to unjustified or disproportionate treatment.
4. 𝐏𝐫𝐞𝐝𝐢𝐜𝐭𝐢𝐯𝐞 𝐏𝐨𝐥𝐢𝐜𝐢𝐧𝐠: Forbids AI systems solely predicting criminal behavior based on profiling or personality traits, except for supporting human assessments based on verifiable facts.

5. 𝐅𝐚𝐜𝐢𝐚𝐥 𝐑𝐞𝐜𝐨𝐠𝐧𝐢𝐭𝐢𝐨𝐧 𝐃𝐚𝐭𝐚𝐛𝐚𝐬𝐞𝐬: Bans creating or expanding facial recognition databases through untargeted image scraping from the internet or CCTV footage.
6. 𝐄𝐦𝐨𝐭𝐢𝐨𝐧 𝐑𝐞𝐜𝐨𝐠𝐧𝐢𝐭𝐢𝐨𝐧: Prohibits AI systems inferring emotions in workplaces or educational institutions unless for medical or safety purposes.
7. 𝐁𝐢𝐨𝐦𝐞𝐭𝐫𝐢𝐜 𝐂𝐚𝐭𝐞𝐠𝐨𝐫𝐢𝐳𝐚𝐭𝐢𝐨𝐧: Outlaws AI systems categorizing individuals based on biometric data to infer sensitive attributes like race or political opinions, except for lawful data filtering or law enforcement.
8. 𝐑𝐞𝐚𝐥-𝐓𝐢𝐦𝐞 𝐁𝐢𝐨𝐦𝐞𝐭𝐫𝐢𝐜 𝐈𝐝𝐞𝐧𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧: Prohibits real-time biometric identification in public spaces for law enforcement, with exceptions for urgent cases like searching for victims or preventing terrorist attacks.

While these measures aim to enhance trust and safety in AI systems, the provisions on prohibited AI use cases are fairly vague and opaque. This vagueness comes with challenges in compliance and interpretation.

The AI Act will soon be published in the EU’s Official Journal and enter into force twenty days later. The new regulation will apply fully two years after its entry into force, with some provisions taking effect sooner.

My team at GreenGate Partners and I will prepare a series of blogposts outlining the details of the new regulation and its impact on businesses.