from the correspondent in Strasbourg – A Regulation “aimed at limiting risks and increasing opportunities, combating discrimination, bringing transparency and our democratic values of freedom and equality inside the development of artificial intelligence, while supporting innovation and competitiveness.” That’s how the rapporteur for the European Parliament on the EU AI Act, Brando Benifei (Pd), describes the world’s first legislation governing the use and development of AI, which today (March 13) cleared another hurdle on the road to entry into force and now awaits the final green light from the EU Council.
With 523 votes in favor, 46 against, and 49 abstentions, MEPs meeting in plenary session gave the green light to the new Regulation on Artificial Intelligence, confirming the vast majority already seen a month ago in the joint committees on the Internal Market and Consumer Protection (IMCO) and LIBE (on Civil Liberties, Justice and Home Affairs). “We have included in the final text the part on transparency and safety of the most powerful models and environmental goals. It very much reflects the priorities of the European Parliament,” the Democratic Party’s head delegation assured, relaunching the work for the next legislature: “We have already asked the Commission for a specific directive for artificial intelligence in the workplace.” A topic “partially covered” by the new Regulation, but that “requires further, more detailed work,” Benifei explained while speaking to the press. What is still missing for the publication in the EU Official Journal is the final approval by the EU Council, which should not be particularly problematic after overcoming the stalemate on February 2 among the ambassadors of the 27 Member States.
As soon as the final okay arrives from the 27 EU ministers, “we have to accompany companies and institutions because the Regulation will not be mandatory right away,” the co-rapporteur Benifei noted. The Regulation will be fully applicable 24 months after it enters into force, except for prohibitions on banned practices (after 6 months), codes of conduct (after 9 months), general AI rules, including governance (after 12 months), and obligations for high-risk systems (after 36 months). In the meantime, because of the potential impact of new technologies on European elections in June 2024, and given the timing of the entry into force of the new Regulations, the EU pact on artificial intelligence was launched in mid-November to voluntarily anticipate the requirements.
The risk scale of artificial intelligence
The EU Regulation provides a horizontal level of user protection, with a scale of risk to regulate artificial intelligence applications on four levels: minimal, limited, high, and unacceptable. Systems with limited risk will be subject to very light transparency requirements, such as disclosure that the content was AI-generated. For those with high risk, there will be a pre-market fundamental rights impact assessment, including a requirement to register with the appropriate EU database and requirements on the data and technical documentation to submit to demonstrate product compliance.
The Regulations place at the unacceptable level — and therefore prohibit — cognitive behavior manipulation systems, untargeted collection of facial images from the Internet or CCTV footage to create facial recognition databases, emotion recognition in the workplace and educational institutions, ‘social scoring’ by governments, biometric categorization to infer sensitive data (political, religious, philosophical beliefs, sexual orientation) or religious convictions, and some instances of predictive policing for individuals.
Exceptions, governance, and foundation models
Compared to the Commission’s proposal, an emergency procedure has been introduced that will allow law enforcement to use a high-risk artificial intelligence tool that has not passed the evaluation procedure, which will have to dialogue with the specific mechanism on the protection of fundamental rights. Also, there are exemptions for the use of real-time remote biometric identification systems in publicly accessible spaces, “subject to judicial authorization and for strictly defined lists of offenses.” ‘Post-remote’ use may only be used for the targeted search of a person convicted or suspected of committing a serious crime, while real-time use is “limited in time and location” for targeted searches of victims (kidnapping, trafficking, sexual exploitation), prevention of a “specific and current” terrorist threats, and to locate or identify a person suspected of committing specific crimes (terrorism, human trafficking, sexual exploitation, murder, kidnapping, rape, armed robbery, participation in a criminal organization, environmental crimes).
Among the new arrangements already in place is the ad-hoc AI office within the European Commission to supervise general-purpose artificial intelligence systems integrated into other high-risk systems, flanked by an advisory forum for stakeholders (representatives from industry, SMEs, start-ups, civil society, and academia). To account for the wide range of tasks that artificial intelligence systems can perform -generation of video, text, images, side-language conversation, computation, or computer code generation -and the rapid expansion of their capabilities, the
‘high-impact’ foundation models (a type of generative artificial intelligence trained on a broad spectrum of generalized, label-free data) will have to comply with several transparency requirements before being released to the market: from drafting technical documentation to complying with EU copyright law to disseminating detailed summaries of the content used for training.
Innovation and Sanctions
Image created by an artificial intelligence following the instructions “robot protecting online privacy.”
In terms of supporting innovation, sandboxes (test environments in computing) of artificial intelligence regulation will be able to create a controlled environment to develop, test, and validate innovative systems in real-world conditions. To alleviate the administrative burden for smaller companies and protect them from the pressures of dominant market players, the Regulation provides “limited and clearly specified” support actions and exemptions.
Finally, concerning sanctions, any natural or legal person can file a complaint with the relevant market supervisory authority regarding non-compliance with the EU Artificial Intelligence Act. In the event of a violation of the Regulation, the company will have to pay either a percentage of annual global turnover in the previous financial year or a predetermined amount (whichever is higher): 35 million euros or 7 percent for violations of prohibited applications, 15 million euros or 3 percent for breaches of the law’s obligations, 7.5 million euros or 1.5 percent for providing incorrect information. More proportionate ceilings will apply instead for small and medium-sized enterprises and start-ups.
English version by the Translation Service of Withub