Coreper Endorses EU AI Act

Executive Summary

The Committee of Permanent Representatives (Coreper) of the European Union formally approved the “Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence” (EU AI Act) on February 2, 2024.

The purpose of the AI Act is to ensure a high level of protection for health, safety, and fundamental rights. This encompasses democracy, the rule of law, and environmental protection. However, national security is not included within the scope of the AI Act.

The EU AI Act is a comprehensive law regulating the use of artificial intelligence (AI) in the European Union. The Act classifies AI systems based on the risk they pose and establishes corresponding obligations for providers and users.

The final text of the AI Act is expected to be formally adopted in the summer of 2024.

The Act imposes significant fines for non-compliance. The amount of the fines varies depending on the violation and the size of the company. Accordingly, it can range from 35 million euros or 7% of global turnover to 7.5 million euros or 1.5% of turnover.

Risk-Based Approach

The EU AI Act employs a risk-based classification system, categorising AI applications into four levels: unacceptable, high, limited, and minimal risk.

This approach tailors regulations to the potential harm of each AI category, ensuring a balance between innovation and safeguarding fundamental rights.

Unacceptable risk AI systems, considered a threat to people, will be banned. This includes systems for cognitive behavioural manipulation, social scoring, and certain uses of biometric identification.

High-risk systems that affect safety or fundamental rights will face stringent requirements, such as mandatory impact assessments and registration in an EU database.

Limited-risk AI systems, like chatbots and deepfakes, require transparency about their use and data handling.

On the other hand, minimal-risk AI tools are encouraged to follow ethical guidelines.

Special Focus on General-Purpose AI (GPAI)

The Act pays special attention to GPAI models, which are capable of performing a wide range of tasks. Providers of GPAI models have specific obligations, such as providing detailed summaries of training data and ensuring compliance with copyright law. AI Office will provide a template for that purpose.

For GPAI models with systemic risks, additional stringent obligations include conducting model evaluations, assessing and mitigating systemic risks, and ensuring cybersecurity.

Promoting Innovation and Supporting SMEs

The EU AI Act champions innovation by promoting regulatory sandboxes and real-world testing. These initiatives ease the development of AI solutions, especially for small and medium-sized enterprises (SMEs), fostering industry growth and competitiveness.

Penalties for Non-Compliance

Non-compliance with the EU AI Act can result in substantial fines. The fine amount varies based on the severity of the violation and the company size. It ranges from €35 million or 7% of global turnover to €7.5 million or 1.5% of turnover.

Adoption Timeline

The EU AI Act’s journey began with its proposal in April 2021. Then, the Council of the EU adopted its common position on the act in December 2022.

It underwent legislative deliberations in June 2023 and reached a provisional agreement in December 2023.

The Council formally approved the Act on February 2, 2024, with the European Parliament’s expected approval in the coming month.

The final text of the AI Act is expected to be formally adopted in the summer of 2024.

Implementation Timeline

The Act’s enforcement proceeds in stages:

  • Prohibitions on Unacceptable-Risk AI Systems: These will apply 6 months after the Act’s entry into force, which is expected to be late 2024.
  • Regulation of High-Risk Systems and GPAI: These requirements will be applicable after 12 months for new systems and 24 months for those already on the market.
  • Full Application of the Act: The Act is expected to be fully applicable 24 months after its entry into force, which would be around mid-2026.

Also, a voluntary compliance phase in 2024 encourages companies to adapt to the regulations voluntarily.

Closing Comments

The widespread use of AI underscores the urgency of having robust regulations in place. Hence, the approval of the EU AI Act by the Council of the European Union is a significant milestone for Europe.

With the enforcement stages and adoption timeline of the Act underway, we are excited about its official adoption by summer 2024, as planned. This regulatory framework not only safeguards fundamental rights but also ensures responsible AI innovation within the European Union.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.