In the rapidly evolving landscape of global technology, the European Union has taken a monumental step by establishing the world’s first comprehensive legal framework to regulate AI. This landmark regulation, widely known as the EU AI Act (or simply the AI Act), represents a paradigm shift in how artificial intelligence is governed. As of 1 August 2024, the Act entered into force, signaling a new era for artificial intelligence in the EU. This article provides an in-depth analysis of the European AI landscape, the level of risk associated with different AI applications, and how providers and deployers of AI must adapt to these sweeping changes between 2024, 2025, and beyond.
Artificial Intelligence in the EU: Understanding the EU Artificial Intelligence Act Scope
The EU Artificial Intelligence Act is not just a set of guidelines; it is a robust AI law designed to ensure that AI systems used within the European Union are safe, transparent, and ethically sound. The AI act aims to ensure that any AI system or general-purpose AI model placed on the EU market respects fundamental rights and safety standards. By creating a unified regulation on artificial intelligence, the EU seeks to foster investment and innovation in AI while mitigating the potential risk they pose to society.
How the EU AI Act Regulates AI and AI Systems Used Within the EU
Unlike previous attempts at tech governance, the EU AI Act regulates AI based on the potential harm it can cause. The AI act distinguishes between various categories of technology, ensuring that the use of AI is proportionate to the risk. This means that certain AI systems with minimal risk face few obligations, while high-risk AI systems are subject to strict oversight. The implementation of the AI act is a phased process, with significant milestones scheduled for August 2025 and the years following. The rules for AI are designed to be future-proof, allowing for the development of AI that remains competitive while keeping the EU market safe.
Level of Risk Hierarchy: Prohibited AI Practices and High-Risk AI Systems
At the core of the Artificial Intelligence Act is the classification of technologies by their level of risk. This structure is essential for the effective application of the AI rules across all member states and helps providers and deployers of AI understand their specific duties.
Prohibited AI Practices and Prohibited AI Technologies Under AI Law
The EU AI Act is very clear about what constitutes prohibited AI. These are technologies deemed to have an unacceptable level of risk to human rights. Under the regulation, prohibited AI practices include:
- Cognitive behavioral manipulation of specific vulnerable groups.
- Untargeted scraping of facial images from the internet or CCTV.
- Social scoring systems by governments.
- Biometric identification systems in the public interest in the AI regulatory context, unless strictly limited by law.
The ban on these prohibited AI tools will be one of the first parts of the implementation of the EU AI framework to become active, likely by early 2025. Any AI system is used in violation of these rules will face massive penalties.
Rules for High-Risk AI Systems and AI Systems in This Category
Most of the rules for AI in the document focus on high-risk AI systems. These are AI applications used in critical sectors like healthcare, law enforcement, education, and critical infrastructure. For these, AI systems must meet rigorous standards before they can be registered in an EU database and deployed.
Rules for high-risk AI systems involve:
- Risk management systems: Continuous assessment of the risk they pose throughout their lifecycle.
- Data governance: Ensuring high-quality data for developing certain AI to avoid bias.
- Technical documentation: Keeping detailed records for enforcing the EU AI act.
- Human oversight: Ensuring that a human is always „in the loop” for all ai systems based on high-risk parameters.
General-Purpose AI Model Requirements and AI Models with Systemic Risk
A major addition during the legislative process was the inclusion of rules for general-purpose AI models, including generative AI like Large Language Models (LLMs). The AI Act recognizes that a general-purpose AI model can be used for thousands of different tasks, some of which could lead to systemic risk.
Obligations for Providers of General-Purpose AI Models in the EU Market
Providers of general-purpose AI models have specific obligations under the EU AI framework. They must provide technical documentation, comply with EU copyright law, and publish a summary of the content used for training. This is part of the broader ai value chain accountability. If a model is classified as having systemic risk—meaning it has high cumulative computing power—the requirements become even stricter to ensure trustworthy AI.
Managing Systemic Risk and General-Purpose AI Code of Practice
For AI models with systemic risk, the AI office and national authorities will require more than just transparency. They will demand:
- Model evaluations and adversarial testing.
- Assessment and mitigation of systemic risk at the EU level.
- Reporting of serious incidents to the European AI Office.
These providers and deployers of AI must also adhere to a code of practice or a general-purpose AI code of practice to demonstrate that they comply with the AI act’s safety benchmarks. The ai code of practice is expected to be finalized by August 2025.
European AI Office and AI Office and National Authorities Cooperation
To ensure the application of the AI act is consistent across all 27 member states, the European Union established the European AI Office (also known as the EU AI Office). This body, housed within the Commission, is the center of AI governance in Europe.
Effective Application of the AI Act through AI Office and National Coordination
The AI office and national bodies such as the Council of the EU work together to oversee the enforcement of the AI act. The EU AI office and national authorities are responsible for monitoring providers of general-purpose AI models and facilitating the development of AI through regulatory sandboxes. Enforcing the EU AI act will be a collaborative effort between these bodies such as the AI Office and the market surveillance authorities in each country to ensure that all ai systems in the EU follow the rules on AI.
AI Value Chain Compliance: Providers and Deployers of AI Responsibilities
The AI act also applies to everyone along the AI value chain. This includes importers, distributors, and most importantly, the deployers of AI systems. Whether an AI system is used by a small business or a large corporation, the rules on AI apply if the output is used in the EU. This holistic approach ensures that no entity can bypass the ai regulation by outsourcing parts of the ai system or general-purpose ai development.
Deployers of AI Systems and Interacting with an AI System
Deployers of AI systems (the entities using the AI tool) must ensure they follow the instructions of the provider. They must also ensure that the use of AI is transparent. For example, when interacting with an AI system, users must be informed that they are dealing with a machine. Furthermore, AI systems in the public sector may have additional requirements regarding impact assessments to protect the public interest in the AI landscape.
Ensuring Trustworthy AI and Sure that AI Systems Used are Safe
To keep the EU market safe, the AI Act requires that certain AI systems (like deepfakes or chatbots) carry clear labels. This ensures that the European AI ecosystem remains trustworthy AI. Ensuring that users are sure that AI systems used are identifiable is a key pillar of the artificial intelligence act. This transparency allows for the effective application of the AI rules and empowers citizens to understand how generative ai is influencing their environment.
Implementation of the AI Act and AI Act Entered Into Force Timeline
Understanding the calendar is vital for businesses to comply with the AI act’s requirements.
- 1 August 2024: The act entered into force, starting the transition period.
- February 2025: Prohibitions on prohibited AI practices begin to apply.
- August 2025: Most rules for general-purpose AI models become applicable, and the code of conduct should be in place.
- 2026/2027: Full enforcement of rules for high-risk AI systems and the requirement for them to be registered in an EU database.
Investment and Innovation in AI via Act Also AI Regulatory Sandboxes
Critics often worry that the AI law will stifle growth. However, the Act also AI regulatory sandboxes specifically designed to foster investment and innovation in AI. These sandboxes allow for the development of AI in a controlled environment, where companies can test general purpose AI without the immediate fear of heavy fines. This is essential for maintaining the interest in the AI regulatory environment as a hub for european ai excellence.
The EU AI act regulates AI while also providing a „safe space” for startups and SMEs. This balance is intended to make artificial intelligence in the EU a global gold standard, much like GDPR did for data privacy, ensuring that eu are safe while remaining technologically advanced.
Enforcement of the AI Act and Enforcing the EU AI Act Penalties
The enforcement of the AI act is designed to be rigorous. Failure to comply with the AI act’s mandates can lead to substantial financial penalties. Enforcing the EU AI act involves fines that can reach up to 35 million euros or 7% of a company’s total worldwide annual turnover, whichever is higher, specifically for violations regarding prohibited ai practices.
Interest in the AI Regulatory Landscape and Public Interest in the AI
The public interest in the AI regulatory space has never been higher. As ai office and national authorities begin enforcing the EU AI act, the focus remains on protecting citizens. The interest in the AI regulatory framework ensures that ai systems in the public sector are audited and that ai applications do not infringe on civil liberties. Bodies such as the AI Office will have the power to request documentation and inspect ai systems used to ensure they meet the rules for general purpose ai.
Final Rules for AI and the Future of European AI
The EU AI Act is a complex but necessary regulation that will shape the future of technology for decades. By focusing on a level of risk approach, the European Union ensures that AI systems in the EU are developed and used responsibly. Whether you are among the providers of general-purpose AI models or one of the many deployers of AI systems, understanding your obligations under the EU AI framework is critical for long-term survival in the eu market.
As we move through 2024 and into 2025, the implementation of the AI act will require significant effort from all players along the AI value chain. However, the goal is clear: to ensure that EU are safe and that the use of AI serves the public interest in the AI landscape. By adhering to the code of practice, following the rules for AI, and working with the EU AI office, businesses can thrive in this new regulated environment while contributing to the creation of truly trustworthy AI.