The European Union (EU) has enacted the AI Act, a comprehensive regulation governing artificial intelligence (AI) systems. The Council of the EU approved the AI Act on May 21, 2024, and will affect businesses within the EU and those outside the EU with customers in the EU.
Scope of Application The AI Act applies to:
Businesses in the 27 EU Member States.
Businesses in Norway, Iceland, and Liechtenstein under the European Economic Area (EEA) arrangements.
Non-EU businesses, including those in the UK and USA, with customers in the EU.
Any business where the outputs of the AI system are used within the EEA.
Definition of AI System According to Article 3 of the AI Act, an "AI system" is defined as a machine-based system operating with varying levels of autonomy, potentially exhibiting adaptiveness after deployment. These systems generate outputs such as predictions, content, recommendations, or decisions influencing physical or virtual environments.
Implementation Timeline
Late June/Early July 2024: AI Act Becomes Law The AI Act will be published in the Official Journal and become a binding law 20 days after publication. Businesses must begin compliance preparations immediately upon publication.
Late 2024: Prohibitions Effective six months post-enactment, prohibitions will cover AI applications posing unacceptable risks to health, safety, or fundamental rights, as outlined in Article 5. Prohibited uses include:
AI systems employing subliminal or manipulative techniques causing significant harm.
AI exploiting vulnerabilities such as age or disability, leading to significant harm.
Social scoring based on personal characteristics, resulting in unjustified detrimental treatment.
Unconsented expansion of facial-recognition databases.
Emotion-inference systems in workplaces or educational settings (exceptions apply).
Biometric categorization inferring sensitive characteristics (exceptions for law enforcement).
Predictive policing based solely on profiling.
Real-time remote facial recognition in public spaces (exceptions apply).
Non-compliance penalties include fines of up to €35 million or 7% of worldwide turnover (Article 99(3)).
Summer 2025: General-Purpose AI Regime Providers of general-purpose AI models must meet transparency obligations regarding training data and copyright. Additional obligations apply to AI models with "systemic risk," designated by the European Commission, including model evaluation, risk mitigation, incident reporting, cybersecurity, and energy consumption monitoring. Non-compliance penalties are up to €15 million or 3% of worldwide turnover (Article 101).
Summer 2026: High-Risk AI Regime High-risk AI includes systems subject to EU product safety regulations (Annex I) and specifically classified high-risk AI (Annex III). Obligations include continuous risk management, technical documentation, transparency, human oversight, accuracy, robustness, and cybersecurity. Data governance for training, validation, and testing must ensure relevance, representativeness, and minimal errors. Penalties for non-compliance are up to €15 million or 3% of worldwide turnover (Article 99(4)).
Summer 2026: Low-Risk Transparency Obligations Certain AI systems not classified as high-risk must ensure transparency, informing users when interacting with AI systems or outputs. This applies to chatbots, emotion recognition, biometric categorization, and AI-generated content. Penalties for non-compliance are up to €15 million or 3% of worldwide turnover (Article 99(4)).
Summer 2027: High-Risk Systems under Product Safety Regulation For AI integrated into products subject to Annex I regulations, the high-risk regime will apply, with compliance requirements and penalties mirroring those for Annex III systems.
For further information on ensuring compliance with the AI Act and other emerging regulations, contact Prokopiev Law Group. With our broad global network of partners, we guarantee comprehensive compliance solutions worldwide. Our expertise extends to current widespread Web3 legal concerns, including decentralized finance (DeFi) regulations, smart contract enforceability, and data privacy in blockchain applications. Please write to us to navigate these legal complexities effectively. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.
Comments