New EU Artificial Intelligence Regulation: What companies need to know

News

On June 13, 2024 the European Parliament and the European Council adopted Regulation (EU) 2024/1689 laying down harmonized rules on artificial intelligence (AI) in the European Union, also referred to as the EU AI Regulation or Artificial Intelligence Act.

In a world where Artificial Intelligence is gaining momentum and becoming an integral part of everyday technologies, the need for a legislative framework at the EU level has become acute.

Therefore, a Union legal framework establishing harmonized rules on AI was necessary to encourage the development, use, and adoption of AI in the internal market, while ensuring a high level of protection of public interests, such as health and safety, and the protection of fundamental rights, including democracy, the rule of law and the environment, as recognized and protected by Union law.

Adopted on June 13, 2024, having the date of effect on August 1st, 2024.

It shall apply from August 2nd, 2026, exept for of a few chapters which will apply from 2025.

The following categories apply to the:

  • Providers placing AI systems on the market or putting them into operation, whether established in the Union or a third country.
  • Implementers of AI systems established or present in the Union.
  • Suppliers and implementers from third countries, if the AI results are used in the Union.
  • Importers and distributors of AI systems.
  • Manufacturers of products incorporate an AI system into their brand.
  • Authorized representatives of non-European suppliers.
  • Affected persons in the Union.

Classification of AI systems

The Act covers four categories of AI systems, according to the risk they pose:

  • Prohibited AI systems: Systems that recognize people and create social scores, infer emotions in the workplace or in educational institutions, and other systems that affect the fundamental rights of EU citizens.
  • High-risk AI systems: Systems used in critical infrastructure, employment and public service delivery.
  • Limited-risk AI systems: Chatbots and systems generating text, audio-video content.
  • Minimal or no-risk AI systems.

Obligations for high-risk AI systems

These are subject to the most stringent requirements:

  • Technical documentation.
  • Automatic event logging and record keeping.
  • Provision of clear instructions for use.
  • Human oversight to ensure good functioning.
  • Implementation of a quality management system.
  • Drawing up an EU Declaration of Conformity.
  • Registration in the EU Database for high-risk AI systems.

Sectors affected

The main sectors the legislation will affect:

  • Financial services (including banks).
  • Technology
  • Pharmaceuticals and healthcare.
  • Utilities

Penalties for non-compliance

Non-compliance can lead to severe penalties:

  • Up to 7% of global turnover for prohibited AI practices.
  • Up to 3% for other violations.

Steps to ensure compliance

Hategan Attorneys recommends companies take the following steps to ensure compliance:

  • Reviewing AI systems to verify that they comply with regulations.
  • Map products and roles within the company.
  • Risk and impact assessment to determine applicable requirements.

AI Regulation and GDPR

In terms of the protection of personal data, the AI Regulation complements the GDPR Regulation and does not derogate from or replace the obligations to protect personal data, on the contrary, new AI systems will need to ensure this protection.

Conclusion

The EU AI Directive, part of the Union's digital package, aims to support innovation while protecting health, safety, fundamental rights, democracy, the rule of law, and the environment, will apply to all EU citizens, including those who are not already covered by the EU's digital agenda.