Saihub.info
EU AI Act
Updated December 3, 2024
The proposed European Union Artificial Intelligence Act is the world's most prominent AI legislation.
The AI Act was published in the Official Journal of the EU on July 12, 2024 (see 'Legislative Process' below for details on how it was adopted) and entered into force on August 1, 2024. The AI Act will fully take effect two years after entry into force (i.e. in 2026), with some obligations applying earlier or later (see timelines from Future of Life Institute and International Association of Privacy Professionals).
Brief summaries of some key provisions of the AI Act are below. More detailed summaries are available from various sources including:
Regulatory Framework for AI Systems
The EU AI Act will regulate AI "systems" (i.e. software applications), using a definition of "artificial intelligence" that is based upon the one adopted by the OECD. AI systems are divided into the following categories (subject to some general exceptions, e.g. for military/defense systems):
Companies will be able to show compliance with AI Act requirements (under defined circumstances) by adhering to standards that are being adopted. The European Commission Joint Research Centre published a Science for Policy Brief Harmonised Standards for the European AI Act in October 2024, and this October 2024 article by law firm Skadden explains the standardization process.
Some have suggested that this regulatory approach may be too prescriptive and/or inflexible. One of the architects of the AI Act has suggested that it may disadvantage EU companies, and others have pointed out holes in coverage of the AI Act that may require further legislation to remedy (such as AI enabling bioweapons).
Regulation of "General Purpose AI Models"
The AI Act defines "general purpose AI [GPAI] model" to be one that "displays significant generality and is capable to competently perform a wide range of distinct tasks", with certain exceptions. GPAI models will be subject to obligations regarding (a) technical documentation and information, (b) copyright policies and (c) summaries of training data, except that obligations (b) and (c) do not apply to GPAI models that are made public (including model weights). (AI Act, Arts. 3(44b) & 52c)
GPAI models posing "systemic risk" subject to stricter obligations. Models posing "systemic risk" are those that (a) have "high impact" based upon technical evaluations, (b) are so designated by the European Commission or (c) are trained using computing power greater than 1025 floating point operations. (AI Act, Art. 52a) In addition to the general obligations for GPAI models, "systemic risk" models will be subject to obligations regarding (1) model evaluation and testing, (2) risk management, (3) incident reporting and (4) cybersecurity. (AI Act, Art. 52d)
Transparency requirements for GPAI models enter into force on August 1, 2025, while full risk assessment and mitigation obligations for GPAIs with system risk enter into force on August 1, 2027. The Stanford Center for Research on Foundation Models has published a detailed analysis Foundation Models Under the EU AI Act (August 2024).
Open Source AI Models
The AI Act applies reduced obligations to open source AI models (1) for which model weights and information on model architecture and training are made publicly available and (2) that are not monetized.
Regulatory / Responsible Bodies
The AI Act establishes new institutions:
Each EU member state must appoint one or more national authorities with responsibility for implementation of the AI Act and associated market surveillance.
Law firm Freshfields produced useful, concise summary of EU and national regulators responsible for enforcing the AI Act in July 2024.
Implementation
The European Commission has begun to take a variety of specific implementation actions for the AI Act, including:
General-Purpose AI
AI Act: Have Your Say on Trustworthy General-Purpose AI (AI Office consultation) (July 2024)
AI Act: Participate in the drawing-up of the first General-Purpose AI Code of Practice (AI Office call for expressions of interest) (July 2024)
first draft of the General-Purpose AI Code of Practice (November 2024) -- this draft, which is expected to evolve and expand significantly, provides substantial detail beyond that which is in the AI Act
General-Purpose AI Models in the AI Act – Questions & Answers
Consultation on AI Act prohibitions and AI system definition (November 2024, closes 11 December 2024)
The European Parliament Internal Market and Consumer Protection (IMCO) committee and the Civil Liberties, Justice and Home Affairs (LIBE) committee have established a joint working group on implementation of the AI Act.
A summary of 130 European Commission / EU AI Office implementation actions for the AI Act is in this July 2024 blog by European Parliament staffer Kai Zenner.
Legislative Process
Key steps in adoption of the EU AI Act were:
February 2024 -- The Committee of Permanent Representatives (acting for the EU Council) endorsed a proposed final draft of the AI Act. The European Parliament committees on Internal Market Consumer Protection (IMCO) and Civil Liberties, Justice and Home Affairs (LIBE) then endorsed the proposed text, and the European Parliament published an updated version of the AI Act.
March 2024 -- The European Parliament gave final approval to the AI Act on March 13, 2024.
April 2024 -- The European Parliament released a final, corrected version of the AI Act, addressing minor drafting errors.
May 2024 -- The AI Act received final approval from the Council of the EU on May 21, 2024.
July 2024 -- The AI Act was published in the Official Journal of the EU on July 12, 2024.