8 min read

Writen by Marin Milenkoski

Posted on: March 14, 2024

The EU’s Artificial Intelligence Act and Its Implications for Business

The European Parliament has approved the EU’s Artificial Intelligence Act, marking the beginning of a new phase filled with both opportunities and challenges. This signals a fresh era of innovation comparable to the Industrial Revolution, accompanied by a set of new obligations and responsibilities.

The EU has reached a political agreement on the Artificial Intelligence Act, marking the world’s first regulation of AI. This historic deal, aims to balance innovation with the protection of fundamental rights. The AI Act introduces regulations for general purpose AI, including transparency requirements and additional obligations for models posing systemic risks. It establishes a governance framework at both national and EU levels, with prohibitions on systems that manipulate human behavior, social scoring, and certain predictive policing aspects. High-risk systems, such as those used in critical infrastructure and law enforcement, will face strict requirements, including risk mitigation and human oversight.

The Act also mandates transparency for AI systems like chatbots and requires human rights impact assessments for high-risk AI deployments. Violations of the Act could result in fines up to €15 million or 3% of annual global turnover, but can go as high as 7% of global annual turnover or €35 million.

Entry into ForceThe Act becomes effective 20 days after its publication in the official journal of the EU.
Entry into ApplicationThe main body of the Act applies 24 months after it comes into force, with some specific provisions having different timelines.
6 Months After Entry into ForceProhibitions on AI systems considered to pose unacceptable risks become enforceable.
12 Months After Entry into ForceObligations for providers of general-purpose AI models are activated. Member states are required to appoint competent authorities. The European Commission will annually review and possibly amend the list of prohibited AI systems.
18 Months After Entry into ForceThe European Commission will enact implementing acts on post-market monitoring of AI systems.

24 Months After Entry into Force
Obligations for high-risk AI systems listed in Annex III, covering areas such as biometrics, critical infrastructure, education, employment, law enforcement, and administration of justice, come into effect. Member states must have implemented penalty rules, including administrative fines, and established at least one operational AI regulatory sandbox. The Commission may review and amend the list of high-risk AI systems.
36 Months After Entry into ForceObligations for high-risk AI systems not listed in Annex III but used as safety components of products, or where the AI itself is a product subject to third-party conformity assessment under specific EU laws, become applicable.
By the End of 2030Obligations for certain AI systems that are components of large-scale IT systems established by EU law in areas of freedom, security, and justice, such as the Schengen Information System, will be enforced.

The AI Act introduces a framework to regulate AI systems based on their risk levels, from minimal to high. It outright bans certain AI applications that pose a significant threat to citizens’ rights and democracy, such as biometric categorization systems that process sensitive characteristics, untargeted scraping of facial images, emotion recognition in workplaces and educational institutions, social scoring, and AI systems that manipulate human behavior or exploit vulnerabilities.

Moreover, the Act provides a series of safeguards and narrow exceptions for law enforcement’s use of real-time and post-remote biometric identification systems, subject to stringent conditions, including prior judicial authorization and limitations on time and location.

For AI systems classified as high-risk, the Act mandates clear obligations, including a mandatory fundamental rights impact assessment. This ensures that AI systems, especially those influencing elections and voter behavior, are developed and used responsibly.

The regulation also addresses the challenges posed by general-purpose AI (GPAI) systems. It requires these systems and the models they are based on to adhere to transparency requirements, such as technical documentation, compliance with EU copyright law, and detailed summaries of the content used for training. High-impact GPAI models with systemic risk are subject to more stringent obligations to assess and mitigate risks, ensure cybersecurity, and report on energy efficiency.

Furthermore, according to Article 35 of the GDPR, data controllers are mandated to conduct data protection impact assessments (DPIAs) in cases where processing is expected to pose a significant risk to the rights and freedoms of individuals. The explanation clarifies that providers, as defined in the EU’s Artificial Intelligence Act, may not always be capable of foreseeing all potential uses of a system. Hence, a provider’s initial assessment to determine if a system is high-risk under the AI Act doesn’t preclude a subsequent DPIA by the user, even if the provider’s assessment concludes the system isn’t high risk. Consequently, the same system could potentially be subject to varying risk management requirements and classifications under each law.

Recognizing the importance of promotion innovation and protecting small and medium-sized enterprises (SMEs) from undue pressure by industry giants, the Act promotes regulatory sandboxes and real-world testing. This approach aims to encourage the development and training of innovative AI solutions in a controlled environment before market placement.

The details of EU’s Artificial Intelligence Act have sparked discussions on its impact on corporate communications and creativity. The Act represents an opportunity to redefine creativity, reminding us of the human element driving true creative endeavors.

It challenges businesses to reassess their relationship with AI, balancing the use of AI tools for productivity and creativity with the need for authentic human engagement and brand identity.

The Act’s emphasis on labeling synthetic content generated by AI highlights the importance of transparency and authenticity in corporate communications. This requirement, along with the broader regulatory framework, encourages companies to establish clear policies on AI use, ensuring that AI serves as an assistant to human creativity rather than a replacement.

The EU’s Artificial Intelligence Act represents a significant milestone in the journey towards a more ethical, sustainable, and human-centric AI future. It sets a global precedent for AI regulation, balancing the need for innovation with the imperative to protect fundamental rights and the environment. As the Act moves towards formal adoption, businesses and creatives alike must navigate this new landscape, leveraging AI’s potential while remaining mindful of its challenges and responsibilities.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

ISO 27001 Controls: A Comprehensive Step-by-Step Guide

Organisations in today's world filled with technology require a good information security setup and

Comparing Information Security Frameworks and Data Protection Frameworks

With cyber threats evolving at an unprecedented rate and regulations tightening globally, understan

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy