The European Union (EU) has launched the world’s first comprehensive legislative package to regulate AI. The Artificial Intelligence Act (AIA), which is currently progressing through the EU legislative process, will establish a risk-based framework for regulating use of AI anywhere within the EU, including by companies based outside the EU.
A limited number of unacceptable AI use cases, such as social profiling by governments, would be completely banned; high-risk use cases would be subjected to prior conformity assessment and wide-ranging new compliance obligations; medium risk functions are subject to enhanced transparency rules; and low risk use cases can largely be pursued without any new obligations under the AIA.
By legislating now, the EU hopes to establish a de facto global standard for AI. The EU is certainly well ahead of the US in this area, with debate in the US more focused on the extent to which the US may be falling behind China in military applications of AI, although some think tanks are looking at the ethics of AI and new state privacy laws have tasked regulators to develop standards for transparency and choice. The UK is hoping to build on a relatively strong AI base to be an attractive place to innovate, identifying many of the same risks as the EU, but proposing a less precautionary regulatory stance.
Will the EU succeed in establishing the global AI standard?
The GDPR experience demonstrates the advantages of moving early to drive global public policy considerations. But the two are not entirely analogous: privacy is largely a compliance burden for business, so adopting a harmonized approach makes sense; AI however is the basis for innovation and future profit, and companies may conclude that differentiated approaches (where possible) make sense.
The EU Commission is proposing a draconian penalty regime in case of non-compliance with the AI Act, with fines potentially reaching 6% (!) of global revenues for the most serious violations of the new AI regime. This eye-watering number should catch the attention of global boards and other business stakeholders in Europe and across the world.
As set forth in more detail in our recent Client Alert, we identify key policy considerations and proposed new restrictions, risk-classifications and related obligations for AI providers and users stemming from this landmark proposal.
As the legislative debate related to the proposed AIA is now in full swing, please do reach out to us if you want to discuss how the proposed AIA act could affect you, if you want to know more about the status quo of the policy discussions, or if you wish to engage in them.